Hello OpenLiteSpeed fans,
I'm bumping into a problem, and I cant' find a solution to fix this in general. I followed this guide:
https://docs.directadmin.com/webser....html#adding-security-headers-to-get-a-rating
And went from a B score to A
Scan results for myedgy.com
These are the scan results for myedgy.com which scored the grade A.
securityheaders.com
However, when you add a new domain name in your DirectAdmin page it creates a default index.html file. Not only here, but a fresh Wordpress install with it's default theme gives this error. See image attached.
How can this be fixed, or is this a bug?
In the console window I noticed the errors above (and attached as example)
I'm bumping into a problem, and I cant' find a solution to fix this in general. I followed this guide:
https://docs.directadmin.com/webser....html#adding-security-headers-to-get-a-rating
And went from a B score to A
Scan results for myedgy.com
These are the scan results for myedgy.com which scored the grade A.
However, when you add a new domain name in your DirectAdmin page it creates a default index.html file. Not only here, but a fresh Wordpress install with it's default theme gives this error. See image attached.
Code:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-X85rkyJ48Hv9qw+bBIqC8Jl3Z6AuTGMVpbZRi6xA7dQ='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:116 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:133 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-9TPcDIg9RBVFJ3Zb9FL2pJwRPpx12yxIDbvoaeBni88='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:146 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-6Mkmo+wu6GcHausApfKK3PnwdmJ1CzRYmMrgdnAWeQM='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:148 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-l6KGhon8EUOQviabBEA7KhML74a0w8djzvkwBNiIcAk='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:157 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-RXm6VwawsLiGWv09/6xY9DshNTjlN+SlPGRlFxGGMpw='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:166 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-4PGdVareVVHS2p4ckiYOZ7MFooToFcP/yjb42OCj7gU='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:169 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-xpMCxVXBmZCSsv841Tih8tu4kMxYoE9BTfwXPAWFYp0='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
domein.com/:181 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-OL5o00PgFoxwmMGPGpDG/qMXvVlBdbuLynlsOQ3mCVo='), or a nonce ('nonce-...') is required to enable inline execution.
domein.com/:212 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src https:". Either the 'unsafe-inline' keyword, a hash ('sha256-ym8dAG+Llnxp+SD3zwowesE/8R4ZTmJEo+VZWlbZ9uk='), or a nonce ('nonce-...') is required to enable inline execution.
In the console window I noticed the errors above (and attached as example)
Attachments
-
282.6 KB Views: 3