[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Security Headers, ISP, no root won't work


I want to enable some security headers. I don't have access to my =
vhosts, and not to the apache config, so I used my .htaccess.

	<ifModule mod_headers.c>
		Header set X-Frame-Options SAMEORIGIN
		Header set X-XSS-Protection "1; mode=3Dblock"
		Header set X-Content-Type-Options "nosniff"
		Header always set Referrer-Policy "no-referrer"
		Header set Content-Security-Policy "default-src 'self' ; =
referrer no-referrer ;"
		Header unset X-Powered-By

According to my ISP there are the following directives:

	apache2.config:	AllowOverride none
	vhosts			AllowOverride All

None of the above security headers are working. Any tips?

Thank you!

Attachment: smime.p7s
Description: S/MIME cryptographic signature