Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Puzzled about X-Frame-Options and X-Content-Type-Options |
|
| Author |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
 Posted: Thu 14 Nov '19 23:22 Post subject: Puzzled about X-Frame-Options and X-Content-Type-Options |
 |
|
Hi,
I am a bit puzzled about the setting of these two header options:
In the "security.conf" file located in the "conf-available" directory the settings are commented out, i.e.
#Header set X-Content-Type-Options: "nosniff"
and
#Header set X-Frame-Options: "sameorigin"
When I am setting these two in my individual virtual hosts with
<IfModule mod_headers.c>
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
</IfModule>
the setup breaks, i.e an invalid header is send as
DENY, SAMEORIGIN
and
nosniff, nosniff
respectively.
I wonder why this duplication appears by the server appending the second value to my specificly specified value though it is not set anywere in the configuration (at least not that I know of) but in the respective virtual host.
Is there a way to prevent this from happening and to specify these two options in the virtual host that overrides whatever there may be set centrally for the server?
As always may thanks for your help and hints.
PS I am on an Ubuntu 18.04 LTS |
|
| Back to top |
|
20160413
Joined: 13 Apr 2016
Posts: 28
|
|
| Back to top |
|
|
|
|
|
|
