Chrome Browser Error: Attestation check for Topics on https://pagead2.googlesyndication.com/ failed

Asked 16/10, 2023 at 15:52 Answered 5/6 at 16:50

In the latest Chrome version (Version 118.0.5993.71 (Official Build) (64-bit)), for a software product I'm selling, I'm getting:

Attestation check for Topics on https://pagead2.googlesyndication.com/ failed.

on line 1 (the <DOCTYPE html> tag).

This appears in Dev Console. Google is providing no documentation that I can find on this on what to do. No links explain anything. Am I supposed to add some META tags in the HTML to explain my software product?

Pat answered 16/10, 2023 at 15:52 Comment(0)

From what I understand, if you set the header

Permissions-Policy: browsing-topics=()

in your responses it should disable the attestation check whilst disabling the topic api.

In an .htaccess file, one can add:

<IfModule mod_headers.c>
    Header set Permissions-Policy "browsing-topics=()"
</IfModule>

Lindbergh answered 16/10, 2023 at 22:2 Comment(4)

I am facing this issue on Shopify.. not sure how to do it there. – Edmanda 23/10, 2023 at 8:48

Awesome, thanks! For Nginx it works like this in your server{} block add_header Permissions-Policy "browsing-topics=()" always; – Bim 31/10, 2023 at 20:49

is this a meta tag that we should add? – Subtrahend 30/12, 2023 at 16:8

@Subtrahend you need to read about the difference between HTTP headers and meta tags. HTTP headers are sent before HTML is even transmitted. – Pat 18/1 at 18:2

The browser checks for the browsing-topics Permission-Policy and fails to find it because most websites have not implemented this experimental feature yet.

At the time of this writing (11. February 2024), the browsing-policy Permission-Policy is still an experimental feature.

Here's the MDN Web Docs documentation for this: Permission-Policy

The Permission-Policy for browsing-topics currently links to an empty document that is likely to be updated once this feature becomes stable: browsing-topics

Here's the up-to-date Can I use statistic on browser support for Permission-Policy. (Currently at 71.54%)

To scan and check what security headers your website supports (or is missing), use: securityheaders.com

To avoid the dev console error, set the Permission-Policy header like this (credit to noboomu):

Permissions-Policy: browsing-topics=()

For the .htaccess file (credit to noboomu).

<IfModule mod_headers.c>
    Header set Permissions-Policy "browsing-topics=()"
</IfModule>

For nginx (credit to ViaTech):

server {
    ...
    add_header Permissions-Policy "browsing-topics=()" always;
    ...
}

For nodejs (credit to ofir_aghai):

const express = require("express");
const app = express();

app.use((req, res, next) => {
    res.append('Permissions-Policy', 'browsing-topics=()');
    next();
});

Lanell answered 11/2 at 6:52 Comment(0)

Solution for nodejs + express:

const express = require("express");
const app = express();

app.use((req, res, next) => {
    res.append('Permissions-Policy', 'browsing-topics=()');
    next();
});

Yogini answered 21/12, 2023 at 13:30 Comment(0)

For anyone else finding this and using HAProxy, add this line in your frontend configuration block (to apply to all backends it uses) or just in any specific backend block to apply there only:

http-response set-header Permissions-Policy "browsing-topics=()"

Fleetwood answered 5/6 at 16:50 Comment(0)

Recommended topics

Hot tags