Hi,
we have moved from a i-mscp vserver to a plesk 18.0.24 administered vserver. We did not configure CSP (contect security policy) yet. However when we want to show an embedded iframe the users get an CSP error (here: Firefox) that this insert was blocked.
So far the provider could not tell us where to look for settings to deactivate any (default?) CSP settings. When I have our domain checked with the Mozilla site checker:
observatory.mozilla.org
I get the message that there is no CSP implemented and get a -25 score.
Web Application Firefall Mode = OFF
But why do we get an CSP error in the first place when loading a page with an iframe? With i-mscp all worked fine. Is this a plesk issue? Where to look?
thx for some thoughts,
Lino
we have moved from a i-mscp vserver to a plesk 18.0.24 administered vserver. We did not configure CSP (contect security policy) yet. However when we want to show an embedded iframe the users get an CSP error (here: Firefox) that this insert was blocked.
So far the provider could not tell us where to look for settings to deactivate any (default?) CSP settings. When I have our domain checked with the Mozilla site checker:
Mozilla Observatory
The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
![observatory.mozilla.org](https://observatory.mozilla.org/images/favicons/favicon-196x196.png)
Web Application Firefall Mode = OFF
But why do we get an CSP error in the first place when loading a page with an iframe? With i-mscp all worked fine. Is this a plesk issue? Where to look?
thx for some thoughts,
Lino
Last edited: