On Fri, Sep 10, 2021 at 11:03 AM Dave Wreski <dwre...@guardiandigital.com.invalid> wrote: > > > https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header > > What headers are returned by error pages and by redirects (e.g. 302 > redirect when requesting a directory without a trailing '/')? > What headers are returned by dynamic responses (proxied or CGI), if > you have any? > > It appears to mostly be caused by bots, and on 200 pages like the homepage: > > 172.70.34.154 - - [10/Sep/2021:10:55:39 -0400] "GET / HTTP/1.1" 200 80189 "-" > "Slackbot 1.0 (+https://api.slack.com/robots)" X:"GOFORIT" 4/4115336 > 704/88978/80189 H:HTTP/1.1 U:/index.php > > Notice I've added the X-Frame-Options header to the LogFormat. > > Maybe like this, adapting an example from the docs: > > Header onsuccess unset X-Frame-Options > Header always set X-Frame-Options "SAMEORIGIN" > > That fixed it, thanks. > > I'm now curious how it's apparently being set by default to include GOFORIT?
Is the PHP script being called part of some large app or using some framework? That'd be my guess. The upstream distribution of httpd would never set anything like that by default. -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
