rkingisl

It’s because when I run the security headers scan, on this site or on some others I’ve tried, they all say that my headers are complete but that I don’t have content security policy headers (see screenshot).

Okay, thank you. So, just out of curiosity, why would the website not detect it?

That’s a great solution. Thank you very much for your help!

Okay, thank you for your help. I think I’ll have to raise the issue with the caching plugin (or look into going with Cloudflare instead). Thank you again!

I see what you mean. Yes, I’m using W3 Total Cache. I’ve purged all the caches, but it’s still happening. I can create an exception in the caching plugin to not cache certain items, if that would help?

I’ve just enabled it.

As soon as I posted this I tried again and the sitemap is back. It only took an hour, but it seems to no longer be an issue. Please disregard and thank you anyways!

• This reply was modified 2 years, 11 months ago by rkingisl.

That worked! Thank you very much!

Wow, that was amazingly fast. That fixed it. Thanks again!

I see that I also get the following 2 errors in my dev console, both of which disappear after reloading the page:

Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://islyonportal.engagehosted.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Refused to load the script 'https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://islyonportal.engagehosted.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

I’m unable to translate the page without a manual refresh as well.

I tried Use meta, but that didn’t work. It ends up it was an issue with the page cache settings, not the browser cache. It works if I disable this setting in the page cache settings:

Cache SSL (HTTPS) requests
Cache SSL requests (uniquely) for improved performance.

Thanks again for help getting this sorted. I appreciate your time.

Yes, I’m using W3 Total Cache. I cleared the page cache multiple times, but that didn’t seem to fix it.

Thank you for your quick reply. Debug is already enabled, though I don’t see where the comments are printed at the beginning of the page. Is there something else I need to do?

Thanks again.