Re: Missing headers on 403 pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Gradus,

2018-05-09 9:18 GMT+02:00 Gradus Kooistra <gradus@xxxxxxxxxxxxxxxxxxxxxx>:
Dear Sir/Madam,

We setup apache to set headers, like the X-Frame-Options.
But this doesn’t work for the 403 pages, only the Strict-Transport-Security works. On non-error pages, the headers are showing correctly in the browser/security scans

The headers are set to the virtual hosts and later also to the global apache configuration, without any luck.

The problem is that some security scans show warnings to the customers and the think the sites are unsafe.

Is it possible to set the headers, so 403 pages are also delivering this to the browsers?


Have you tried the Header set always option? Ref: https://httpd.apache.org/docs/current/mod/mod_headers.html#header

Hope that helps,

Luca 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux