Error parsing header X-XSS-Protection

mgargano · May 5, 2018, 1:03pm

I’m getting the following message in my consone…

Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 14. The default protections will be applied.

My HTTP headers are as follows:

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 05 May 2018 12:59:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Link: https://xx.com/wp-json/; rel=“https://api.w.org/”
Link: https://xx.com/; rel=shortlink
Link: </app/cache/minify/01f9f.css>; rel=preload; as=style
Last-Modified: Sat, 05 May 2018 12:24:31 GMT
ETag: “9f03e5e774820e0e0389d2e7044a17ac”
Content-Encoding: gzip
Vary: Accept-Encoding
Fastcgi-Cache: EXPIRED
Strict-Transport-Security: max-age=31536000; includeSubDomains;
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-UA-Compatible: IE=Edge
X-Sucuri-Cache: HIT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Sucuri-ID: 14002

Wondering if this is a sucuri issue as I’ve never encountered it before… or something trellis related

swalkinshaw · May 6, 2018, 4:47pm

Maybe try disabling plugins and see if it goes away?

Trellis only sets add_header X-XSS-Protection "1; mode=block" always; which doesn’t match with you error. Something might be appending to it.