httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [users@httpd] Missing headers on 403 pages
Date Wed, 09 May 2018 14:27:15 GMT
Hi Gradus,

2018-05-09 9:18 GMT+02:00 Gradus Kooistra <gradus@gemeenteoplossingen.nl>:

> Dear Sir/Madam,
>
> We setup apache to set headers, like the X-Frame-Options.
> But this doesn’t work for the 403 pages, only the
> Strict-Transport-Security works. On non-error pages, the headers are
> showing correctly in the browser/security scans
>
> The headers are set to the virtual hosts and later also to the global
> apache configuration, without any luck.
>
> The problem is that some security scans show warnings to the customers and
> the think the sites are unsafe.
>
> Is it possible to set the headers, so 403 pages are also delivering this
> to the browsers?
>
>
Have you tried the Header set always option? Ref:
https://httpd.apache.org/docs/current/mod/mod_headers.html#header

Hope that helps,

Luca

Mime
View raw message