mavas84
commented
4 years ago Hello @mikeg-de
Thank you for taking the time to suggest this. The developers will look into this and we'll get back to you as soon as we investigate. Thanks!
Closed mikeg-de closed 3 months ago
mavas84
commented
4 years ago Hello @mikeg-de
Thank you for taking the time to suggest this. The developers will look into this and we'll get back to you as soon as we investigate. Thanks!
cssjoe
commented
3 months ago We now have a CSP section at wp-admin/admin.php?page=w3tc_browsercache#security so that domains such as "www.google-analytics.com` can be added to "default-src" and others. We also added "report-to".
Prefetching resources while having set up CSP via W3TotalCache results in errors as prefetch CSP headers can not be specified.
Refused to prefetch content from 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'prefetch-src' was not explicitly set, so 'default-src' is used as a fallback.This also relates to https://github.com/W3EDGE/w3-total-cache/issues/156 which I suggested / requested in https://wordpress.org/support/topic/nel-rerpot-to-response-headers/
Thanks in advance Mike