It seems Meta, and only Meta, has blacklisted my site since I changed domain name from selliotp.com to the current one. So I can’t share it on Facebook or Instagram.
Other Information
I’ve sent Meta multiple appeals from the developer dashboard but no response.
I’ve gone a little down the rabbit hole of trying to make the site “more secure”. On all the virus/malware sites it checks out with no problem. securityheaders.com gave it an F for security. After messing with some cloudflare security settings it went up to a D. I’ve tried adding these lines to htdocs/.htaccess:
## Security Headers
Header set Content-Security-Policy "default-src 'self'; frame-src 'self' https://www.youtube.com; img-src 'self' https://i.ytimg.com; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com;"
Header set X-Frame-Options "SAMEORIGIN"
Header set Referrer-Policy "no-referrer-when-downgrade"
Header set Permissions-Policy "geolocation=(), microphone=()"
but then the .htaccess gets auto-deleted by IF, every time.
and anyway, this might not even help if Meta doesn’t reply to me.
What would you do in my shoes? Give up on this domain and buy another…? It works fine otherwise, but not being shareable on IG and FB is less than ideal.
I would be very surprised if the reason that Meta blocked your site was because you didn’t tick all the boxes for security best practices.
As to why your .htaccess file might get deleted automatically, I can think of two possible reasons:
You’re uploading the file to the wrong place. Please make sure to upload it to the htdocs folder of your website, or a subfolder of it, because you can’t upload files outside the htdocs folder.
Some of the rules in your .htaccess file are blocked. To confirm this, you could try creating a new .htaccess file and adding the lines one at the time, and see if you can narrow this down to a specific line that’s triggering the deletion.
Finally, as a workaround, you could also add these headers from Cloudflare. Cloudflare’s Transform Rules feature has the ability to add custom headers to the response, which includes these security headers: Create an HTTP response header modification rule in the dashboard
Yeah, you’re probably right. Meta hasn’t blocked any of my other urls, so I’m really just grasping at straws since they won’t give me a straight answer. I wonder if having my old url redirect to the new one via cloudflare has anything to do with it…
and thanks for the htaccess tips. I’ll keep them in mind.
Yeah, I’ve tried that link multiple times now. I’ve tried reporting it as a bug too (when trying to share on FB).
Maybe I’d get priority support if I paid for advertising and reported my inability to use the link in my ads. But that’s kind of messed up that I’d have to do that. xD
