Hi,
we have moved from a i-mscp vserver to a plesk 18.0.24 administered vserver. We did not configure CSP (contect security policy) yet. However when we want to show an embedded iframe the users get an CSP error (here: Firefox) that this insert was blocked.
So far the provider could not tell us where to look for settings to deactivate any (default?) CSP settings. When I have our domain checked with the Mozilla site checker:
I get the message that there is no CSP implemented and get a -25 score.
Web Application Firefall Mode = OFF
But why do we get an CSP error in the first place when loading a page with an iframe? With i-mscp all worked fine. Is this a plesk issue? Where to look?
thx for some thoughts,
Lino
we have moved from a i-mscp vserver to a plesk 18.0.24 administered vserver. We did not configure CSP (contect security policy) yet. However when we want to show an embedded iframe the users get an CSP error (here: Firefox) that this insert was blocked.
So far the provider could not tell us where to look for settings to deactivate any (default?) CSP settings. When I have our domain checked with the Mozilla site checker:
HTTP Header Security Test - HTTP Observatory | MDN
Test your site’s HTTP headers, including CSP and HSTS, to find security problems and get actionable recommendations to make your website more secure. Test other websites to see how you compare.
observatory.mozilla.org
Web Application Firefall Mode = OFF
But why do we get an CSP error in the first place when loading a page with an iframe? With i-mscp all worked fine. Is this a plesk issue? Where to look?
thx for some thoughts,
Lino
Last edited: