html Errors
6 error patterns
html3 fixes
Mixed content - HTTP resource on HTTPS page
Mixed Content.*was loaded over HTTPS.*requested an insecure|blocked.*mixed.*content
- •Change all resource URLs to HTTPS or use protocol-relative //domain.com/path
- •Add Content-Security-Policy: upgrade-insecure-requests header to auto-upgrade HTTP to HTTPS
html3 fixes
Content Security Policy violation blocking resource
Content.Security.Policy.*blocked|Refused to.*violates.*Content Security Policy
- •Add the blocked resource's origin to the appropriate CSP directive (script-src, style-src, img-src, etc.)
- •Use nonce-based CSP for inline scripts: script-src 'nonce-{random}' and add nonce attribute to script tags
html3 fixes
X-Frame-Options blocking iframe embedding
X-Frame-Options.*DENY|Refused to display.*frame.*X-Frame-Options
- •Set X-Frame-Options: SAMEORIGIN to allow same-domain framing
- •Use Content-Security-Policy: frame-ancestors 'self' https://trusted.com for more control
html3 fixes
Referrer-Policy stripping referrer information
Referrer-Policy.*no-referrer|Referer header.*stripped|referrer.*not sent
- •Set Referrer-Policy: strict-origin-when-cross-origin for a balance of privacy and functionality
- •Use no-referrer-when-downgrade if you need the full URL sent to same-protocol destinations
html3 fixes
Permissions-Policy blocking browser feature
Permissions-Policy.*blocked|Feature-Policy.*denied
- •Add the required feature to Permissions-Policy header: Permissions-Policy: camera=self, microphone=self
- •For iframes, add allow attribute: <iframe allow='camera; microphone'>
html3 fixes
Subresource Integrity hash mismatch
Subresource Integrity.*hash.*mismatch|SRI.*failed
- •Regenerate the SRI hash: shasum -b -a 384 file.js | xxd -r -p | base64
- •The file content may have changed on the CDN — update the integrity attribute with the new hash