You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "info@h-c-b.de" <in...@h-c-b.de> on 2018/05/10 13:48:34 UTC

[users@httpd] Security Headers, ISP, no root won't work

Hi!

I want to enable some security headers. I don't have access to my =
vhosts, and not to the apache config, so I used my .htaccess.

	<ifModule mod_headers.c>
		Header set X-Frame-Options SAMEORIGIN
		Header set X-XSS-Protection "1; mode=3Dblock"
		Header set X-Content-Type-Options "nosniff"
		Header always set Referrer-Policy "no-referrer"
		Header set Content-Security-Policy "default-src 'self' ; =
referrer no-referrer ;"
		Header unset X-Powered-By
	</IfModule>

According to my ISP there are the following directives:

	apache2.config:	AllowOverride none
	vhosts			AllowOverride All

None of the above security headers are working. Any tips?

Thank you!
hc