Speed issue / 404 code

[Bernd Guzek]

since I installed the pro-version, the site is slower and in webpagetest.org several elements with the error code 404 appear, as you can see on the screenshot. Unfortunately they don’t disappear when I uninstall the free and the pro-version.

What can I do? Of course I would continue to use the comfortable plugin, but there are easily 21 processes with the 404 …

Thanks for your suggestions.

Unfortunately, the screenshots don’t show. Here are the links:

http://www.candida.de/debug/debugging2.png
http://www.candida.de/debug/debugging1.png

• This topic was modified 8 months ago by Bernd Guzek.

[Mark]

Hi Bernd,

it looks like you have enabled Content Security Reporting in the Security Headers section of Really Simple SSL. This can indeed cause 404 errors when there are a lot of resources that need to be processed. Can you check if these errors also occur when Content Security Reporting is disabled?

Besides that, your site still uses some http:// links. This can be caused by caching. It’s possible the site still serves a cached page. Can you try to clear all caches the site uses to see if that resolves the issue?

Mark

[Bernd Guzek]

Hi Mark,

thanks for the quick response. Since I worked on a little bit while waiting for the reply, I removed this from the very bottom of my .htacess

# Begin Really_Simple_SSL_CSP_Report_Only
Header always set Content-Security-Policy-Report-Only: “default-src ‘self’; script-src ‘self’ ‘unsafe-inline’; script-src-elem ‘self’; style-src ‘self’ ‘unsafe-inline’; style-src-elem ‘self’ unsafe-inline; report-uri https://www.alkohol-ade.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1569059497 ”
# End Really_Simple_SSL_CSP_Report_Only

which probably stops the Content Security Reporting, I guess? After this, all 404 disappeared. So, the plugins are still deactivated for debugging reasons, but the .htaccess is like this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# –
# BEGIN Really_Simple_SSL_SECURITY_HEADERS
<IfModule mod_headers.c>
Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
Header always set Content-Security-Policy “upgrade-insecure-requests”
Header always set X-XSS-Protection “1; mode=block”
Header always set X-Content-Type-Options “nosniff”
Header always set Referrer-Policy: “no-referrer-when-downgrade”
Header always set Expect-CT “max-age=7776000, enforce”
Header always set X-Frame-Options “sameorigin”
</IfModule>

The cache (we use WP Rocket) ist cleared several times, so at this point I do have no idea where the http is coming from.

Thanks, Bernd

[Mark]

Hi Bernd,

the site currently shows a coming soon page, this prevents me from debugging the issue. Can you temporarily disable the coming soon page so I can have a look?

Mark

[Bernd Guzek]

True, it’s open now, thanks!

[Mark]

Thank you. Most images do seem to work now. Do you have an example of a page where images don’t work?

Mark

[Bernd Guzek]

The pictures weren’t the problem – all the 404 errors delayed the loading process, but I don’t know what’s in these files. If they were images – good, then they were loaded very slowly, which also corresponds to the subjective perception.

As I said, without the plugins and with the commented out line it’s gone now. But that is not the sense of the whole thing 😉

If it’s ok for you I’ll close the gate again.

• This reply was modified 8 months ago by Bernd Guzek.

[Bernd Guzek]

Hi, Mark,

to sum it up: The site currently runs better with the modifications to the .htacess than before with the plugins. Do I leave it like this now, or is there another way?

[Mark]

You can leave the plugin enabled, while leaving the Content Security Policy options disabled. Those options were causing the 404 errors on your site. The content security policy blocks resources which haven’t been whitelisted, causing a 404 error. If you enable the plugins and disable those options your site should run fine.

[Author]

Posts