How to fix the error ERR_SPDY_PROTOCOL_ERROR

Posted written by Paul Seal on January 31, 2018 Tips

This post shows you how to solve the error ERR_SPDY_PROTOCOL_ERROR

I was losing traffic to my website when I signed up to use Sucuri for their WAF and CDN services.

Users in Google Chrome, Opera, Edge, IE and some other browsers were not able to get to my website.

There error in Chrome was:

The web page at <a rel="noopener noreferrer" href="/" target="_blank">https://codeshare.co.uk/</a> might be temporarily down or it may have moved permanently to a new web address.
ERR_SPDY_PROTOCOL_ERROR

I googled the error and most of the time the solutions were to update Google Chrome. This was no good to me and it didn't work. Even if it did work, I can't get all of my users to update the browser.

What was strange, was that it was working in some browsers like Safari.

I asked Sucuri for help and also my hosting provider eUKHOST. Both of which were amazing. They both worked really hard over the weekend to try and find a solution.

Sucuri systematically troubleshooted it, trying to rule out all of the know possible reasons. They researched more and more at each stage as it got more difficult to solve once the easier fixes had been found not to work.

eUKHOST edited the registry and upgraded the SSL on my server at Sucuri's request. Sucuri even logged onto my Virtual Private Server for me to check that eUKHOST had done everything right on the server.

Sucuri even registered a new SSL certificate for me and put my site onto a special firewall cluster to try and solve this.

It was so frustrating not being able to track down what the issue was as the site worked fine when it ran directly from my VPS.

Late last night I had a brainwave. I wonder if it could have anything to do with the Content-Security-Policy header on my site.

I tested it out by removing this header from the web.config file and as if by magic, the site worked perfectly.

When I added the header back in, it stopped working again.

After looking at it for a while, I noticed some strange characters in the Content-Security-Policy header value.

&amp;#xA;             

I realised this was down to me putting this header value onto multiple lines in Visual Studio.

I removed these strange characters and made the header value be all on one line and the site worked perfectly again.

I'm so grateful to the people working at Sucuri.net and eUKHOST for the effort they put into resolving this error. They showed what great customer service is.