https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? It appears to mostly be caused by bots, and on 200 pages like the homepage: 172.70.34.154 - - [10/Sep/2021:10:55:39 -0400] "GET / HTTP/1.1" 200 80189 "-" "Slackbot 1.0 (+https://api.slack.com/robots)" X:"GOFORIT" 4/4115336 704/88978/80189 H:HTTP/1.1 U:/index.php Notice I've added the X-Frame-Options header to the LogFormat. Maybe like this, adapting an example from the docs: Header onsuccess unset X-Frame-Options Header always set X-Frame-Options "SAMEORIGIN" That fixed it, thanks. I'm now curious how it's apparently being set by default to include GOFORIT?Is the PHP script being called part of some large app or using some framework? That'd be my guess. The upstream distribution of httpd would never set anything like that by default.
Yes, the PHP script is part of Joomla. Great thought. I'll investigate there.
|