Home Forums Really Simple SSL pro Speed issue / 404 code

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #282217 Reply
    Bernd Guzek
    Participant

    since I installed the pro-version, the site is slower and in webpagetest.org several elements with the error code 404 appear, as you can see on the screenshot. Unfortunately they don’t disappear when I uninstall the free and the pro-version.

    What can I do? Of course I would continue to use the comfortable plugin, but there are easily 21 processes with the 404 …

    Thanks for your suggestions.

    Overview of all the 404-errors

    Example / details

    Unfortunately, the screenshots don’t show. Here are the links:

    http://www.candida.de/debug/debugging2.png
    http://www.candida.de/debug/debugging1.png

    • This topic was modified 3 months, 2 weeks ago by Bernd Guzek.
    #282255 Reply
    Mark
    Keymaster

    Hi Bernd,

    it looks like you have enabled Content Security Reporting in the Security Headers section of Really Simple SSL. This can indeed cause 404 errors when there are a lot of resources that need to be processed. Can you check if these errors also occur when Content Security Reporting is disabled?

    Besides that, your site still uses some http:// links. This can be caused by caching. It’s possible the site still serves a cached page. Can you try to clear all caches the site uses to see if that resolves the issue?

    Mark

    #282273 Reply
    Bernd Guzek
    Participant

    Hi Mark,

    thanks for the quick response. Since I worked on a little bit while waiting for the reply, I removed this from the very bottom of my .htacess

    # Begin Really_Simple_SSL_CSP_Report_Only
    Header always set Content-Security-Policy-Report-Only: “default-src ‘self’; script-src ‘self’ ‘unsafe-inline’; script-src-elem ‘self’; style-src ‘self’ ‘unsafe-inline’; style-src-elem ‘self’ unsafe-inline; report-uri https://www.alkohol-ade.com/wp-json/rsssl/v1/csp?rsssl_apitoken=1569059497
    # End Really_Simple_SSL_CSP_Report_Only

    which probably stops the Content Security Reporting, I guess? After this, all 404 disappeared. So, the plugins are still deactivated for debugging reasons, but the .htaccess is like this:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    </IfModule>
    # –
    # BEGIN Really_Simple_SSL_SECURITY_HEADERS
    <IfModule mod_headers.c>
    Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
    Header always set Content-Security-Policy “upgrade-insecure-requests”
    Header always set X-XSS-Protection “1; mode=block”
    Header always set X-Content-Type-Options “nosniff”
    Header always set Referrer-Policy: “no-referrer-when-downgrade”
    Header always set Expect-CT “max-age=7776000, enforce”
    Header always set X-Frame-Options “sameorigin”
    </IfModule>

    The cache (we use WP Rocket) ist cleared several times, so at this point I do have no idea where the http is coming from.

    Thanks, Bernd

    #282274 Reply
    Mark
    Keymaster

    Hi Bernd,

    the site currently shows a coming soon page, this prevents me from debugging the issue. Can you temporarily disable the coming soon page so I can have a look?

    Mark

    #282276 Reply
    Bernd Guzek
    Participant

    True, it’s open now, thanks!

    #282288 Reply
    Mark
    Keymaster

    Thank you. Most images do seem to work now. Do you have an example of a page where images don’t work?

    Mark

    #282293 Reply
    Bernd Guzek
    Participant

    The pictures weren’t the problem – all the 404 errors delayed the loading process, but I don’t know what’s in these files. If they were images – good, then they were loaded very slowly, which also corresponds to the subjective perception.

    As I said, without the plugins and with the commented out line it’s gone now. But that is not the sense of the whole thing 😉

    If it’s ok for you I’ll close the gate again.

    • This reply was modified 3 months, 2 weeks ago by Bernd Guzek.
    #282732 Reply
    Bernd Guzek
    Participant

    Hi, Mark,

    to sum it up: The site currently runs better with the modifications to the .htacess than before with the plugins. Do I leave it like this now, or is there another way?

    #282782 Reply
    Mark
    Keymaster

    You can leave the plugin enabled, while leaving the Content Security Policy options disabled. Those options were causing the 404 errors on your site. The content security policy blocks resources which haven’t been whitelisted, causing a 404 error. If you enable the plugins and disable those options your site should run fine.

Viewing 9 posts - 1 through 9 (of 9 total)
Reply To: Speed issue / 404 code
Your information: