- This topic has 6 replies, 3 voices, and was last updated 3 years, 10 months ago by David.
January 29, 2020 at 5:16 am #1148064Patrik
hope everyone are good!
Im a bit frustrated here, when running a scan test on my website i get this message (translated from swedish)
Subresource Integrity (SRI) not implemented, and external soruces where loaded over HTTP or protocolrelated URLS via src=”//…”
Following 3:rd party source where loaded without SRI:
When running inspect page in broswer and searching im getting this:
<link rel=”stylesheet” id=”SP_EAP-google-web-fonts-sp_eap_shortcode_options-css” href=”//fonts.googleapis.com/css?family=Open+Sans%3A600%7COpen+Sans%3A600%7COpen+Sans%3A400″ type=”text/css” media=”all”>
Status-Check on site:
- Certificate: valid and trusted
The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.
Connection: secure connection settings
The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_128_GCM.
Resources: all served securely
All resources on this page are served securely.
HTTP Strict Transport Security (HSTS)
Pass/No issue – max-age=63072000; includeSubDomains
Hoping you could help me with this,
PatrikJanuary 30, 2020 at 3:27 am #1149084Longinos
I´m not a Generatepress team member.
This can´t be solved cause google fonts returns personalized css related to the UA.
You can read about the issue here: https://github.com/google/fonts/issues/473.
A workaround is to put fonts locally and then generate the SRI, but you lose these customized css.January 30, 2020 at 7:06 am #1149433DavidStaffCustomer Support
Thanks Longinos for responding.
Out of interest which ‘Scan test’ were you performing?January 30, 2020 at 10:29 am #1149643Patrik
Many thanks Longinos,
Dont know why but im a bit “scared” or how to say it about my test displaying “3rd party” cookies.
Dont know why, seems bad?
David – Im performing this test on a swedish based website:
If you but website address you can run a test.
You will still get the “services” in english and the main result for each component in english
So you will be able to relate 🙂January 30, 2020 at 10:49 am #1149658Longinos
If you use 3rd party resources, maybe you have 3rd party cookies, Google Analitics for example, to say a popular 3rd. party service.January 30, 2020 at 12:03 pm #1149732Patrik
i really dont have that and only the fonts link.
After reading i cant find that fonts.googleapis.com is within regulations of GDPR (i live in europe)January 30, 2020 at 3:58 pm #1149839DavidStaffCustomer Support
The link for that font doesn’t look like a GP request as i don’t recognise the ID – did you identify what was requesting the font?
- You must be logged in to reply to this topic.