Question additional header settings

RichardFM · Jul 29, 2024

I made the following configuration in Plesk, to obtain the headers since I am using a platform called Securescorecard for the security of my system but it does not detect these changes that I made. What could be happening? I do not think it is a matter of restarting the server since doing this is very complex... it may be something else.

Kaspar@Plesk · Jul 30, 2024

I'd recommend adding those headers (using the correct directives) as Additional directives to either Apache or Ngnix. More information can be found here:

https://support.plesk.com/hc/en-us/articles/12377561912471-How-to-protect-a-website-from-clickjacking-in-Plesk-for-Linux

For Apache

Apache config:

Header set X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "frame-ancestors 'none';"
Header set Referrer-Policy no-referrer

For nginx

NGINX:

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Referrer-Policy no-referrer;

Question additional header settings

RichardFM

New Pleskian

Kaspar@Plesk

Community Manager up till 07/2024

Similar threads