You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "info@h-c-b.de" <in...@h-c-b.de> on 2018/05/10 13:48:34 UTC
[users@httpd] Security Headers, ISP, no root won't work
Hi!
I want to enable some security headers. I don't have access to my =
vhosts, and not to the apache config, so I used my .htaccess.
<ifModule mod_headers.c>
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=3Dblock"
Header set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer"
Header set Content-Security-Policy "default-src 'self' ; =
referrer no-referrer ;"
Header unset X-Powered-By
</IfModule>
According to my ISP there are the following directives:
apache2.config: AllowOverride none
vhosts AllowOverride All
None of the above security headers are working. Any tips?
Thank you!
hc