• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question additional header settings

R

RichardFM

New Pleskian
I made the following configuration in Plesk, to obtain the headers since I am using a platform called Securescorecard for the security of my system but it does not detect these changes that I made. What could be happening? I do not think it is a matter of restarting the server since doing this is very complex... it may be something else.
1722265720567.png
 
I'd recommend adding those headers (using the correct directives) as Additional directives to either Apache or Ngnix. More information can be found here:

For Apache
Apache config: 
Header set X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "frame-ancestors 'none';"
Header set Referrer-Policy no-referrer

For nginx
NGINX: 
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Referrer-Policy no-referrer;
 
You must log in or register to reply here.

Similar threads

Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
3K
yfain
Y
K
Resolved Domain mail settings page not loaded with actual settings when switching between domains
Replies
3
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
ScottGoddard
Question Making site specific PHP Additional Configuration Directives survive subscription synchronization.
Replies
2
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
C
Resolved Login and systemctl problems
Replies
12
Views
3K
chrisgch
C
S
Issue Certificate verification failed
Replies
8
Views
5K
FloLa
F
Back
Top