Hello To All,
@admin my thread in introduction can be deleted, I think it belong here
Sorry and thanks!
Newbie here. I would like to know where I can add security headers for all existing and new hosts. I think it would be nice to have them set globally, rather than configuring them individually for each domain.
So far I know the syntax is
extraHeaders <<<END_extraHeaders
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy "upgrade-insecure-requests;connect-src *"
Referrer-Policy strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection 1;mode=block
Permissions-Policy: geolocation=(self "")
END_extraHeaders
I tried to paste it to httpd_config.conf, ccl.conf and several other files
I also tried Copilot and ChatGPT. But no success.
Help is appreciated. Thank you.
Milan
@admin my thread in introduction can be deleted, I think it belong here
Newbie here. I would like to know where I can add security headers for all existing and new hosts. I think it would be nice to have them set globally, rather than configuring them individually for each domain.
So far I know the syntax is
extraHeaders <<<END_extraHeaders
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy "upgrade-insecure-requests;connect-src *"
Referrer-Policy strict-origin-when-cross-origin
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection 1;mode=block
Permissions-Policy: geolocation=(self "")
END_extraHeaders
I tried to paste it to httpd_config.conf, ccl.conf and several other files
Help is appreciated. Thank you.
Milan