In the latest Chrome version (Version 118.0.5993.71 (Official Build) (64-bit)), for a software product I'm selling, I'm getting:
Attestation check for Topics on https://pagead2.googlesyndication.com/ failed.
on line 1 (the <DOCTYPE html> tag).
This appears in Dev Console. Google is providing no documentation that I can find on this on what to do. No links explain anything. Am I supposed to add some META tags in the HTML to explain my software product?
On
The browser checks for the browsing-topics Permission-Policy and fails to find it because most websites have not implemented this experimental feature yet.
At the time of this writing (11. February 2024), the browsing-policy Permission-Policy is still an experimental feature.
Here's the MDN Web Docs documentation for this: Permission-Policy
The Permission-Policy for browsing-topics currently links to an empty document that is likely to be updated once this feature becomes stable: browsing-topics
Here's the up-to-date Can I use statistic on browser support for Permission-Policy. (Currently at 71.54%)
To scan and check what security headers your website supports (or is missing), use: securityheaders.com
To avoid the dev console error, set the Permission-Policy header like this (credit to noboomu):
Permissions-Policy: browsing-topics=()
For the .htaccess file (credit to noboomu).
<IfModule mod_headers.c>
Header set Permissions-Policy "browsing-topics=()"
</IfModule>
For nginx (credit to ViaTech):
server {
...
add_header Permissions-Policy "browsing-topics=()" always;
...
}
For nodejs (credit to ofir_aghai):
const express = require("express");
const app = express();
app.use((req, res, next) => {
res.append('Permissions-Policy', 'browsing-topics=()');
next();
});
From what I understand, if you set the header
in your responses it should disable the attestation check whilst disabling the topic api.
In an .htaccess file, one can add: