чт, 2 сент. 2021 г. в 18:18, Dave Wreski <dwre...@guardiandigital.com.invalid>: > > <IfModule mod_headers.c> > Header set X-XSS-Protection "1; mode=block" > Header set X-Frame-Options "SAMEORIGIN"
https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? Maybe like this, adapting an example from the docs: Header onsuccess unset X-Frame-Options Header always set X-Frame-Options "SAMEORIGIN" > Header set X-Content-Type-Options "nosniff" > Header always set Strict-Transport-Security "max-age=63072000; > includeSubDomains" > Header set Feature-Policy "geolocation 'self'; vibrate 'none'" > Header set Content-Security-Policy "frame-ancestors 'self'" > </IfModule> > Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
