Where to add Security Headers for all hosts?

#1
Hello To All,

@admin my thread in introduction can be deleted, I think it belong here :D Sorry and thanks!

Newbie here. I would like to know where I can add security headers for all existing and new hosts. I think it would be nice to have them set globally, rather than configuring them individually for each domain.

So far I know the syntax is

extraHeaders <<<END_extraHeaders
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy "upgrade-insecure-requests;connect-src *"
Referrer-Policy strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection 1;mode=block
Permissions-Policy: geolocation=(self "")
END_extraHeaders

I tried to paste it to httpd_config.conf, ccl.conf and several other files :) I also tried Copilot and ChatGPT. But no success.

Help is appreciated. Thank you.

Milan
 
Top