OSDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Missing headers on 403 pages


Hi Gradus,

2018-05-09 9:18 GMT+02:00 Gradus Kooistra <gradus@xxxxxxxxxxxxxxxxxxxxxx>:
Dear Sir/Madam,

We setup apache to set headers, like the X-Frame-Options.
But this doesn’t work for the 403 pages, only the Strict-Transport-Security works. On non-error pages, the headers are showing correctly in the browser/security scans

The headers are set to the virtual hosts and later also to the global apache configuration, without any luck.

The problem is that some security scans show warnings to the customers and the think the sites are unsafe.

Is it possible to set the headers, so 403 pages are also delivering this to the browsers?


Have you tried the Header set always option? Ref: https://httpd.apache.org/docs/current/mod/mod_headers.html#header

Hope that helps,

Luca