• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question additional header settings

R

RichardFM

New Pleskian
I made the following configuration in Plesk, to obtain the headers since I am using a platform called Securescorecard for the security of my system but it does not detect these changes that I made. What could be happening? I do not think it is a matter of restarting the server since doing this is very complex... it may be something else.
1722265720567.png
 
I'd recommend adding those headers (using the correct directives) as Additional directives to either Apache or Ngnix. More information can be found here:

For Apache
Apache config: 
Header set X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "frame-ancestors 'none';"
Header set Referrer-Policy no-referrer

For nginx
NGINX: 
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Referrer-Policy no-referrer;
 
You must log in or register to reply here.

Similar threads

Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
399
yfain
Y
M
Question NameServer settings for domains and Webspaces?
Replies
4
Views
556
MimiWeb
M
S
Question Issue with Multilingual SvelteKit Website on Plesk: Nginx Proxy to Apache Configuration
Replies
0
Views
1K
st3v3y
S
Lrnt
Question Proxy/Secured HTTP & WS requests to avoid CORS
Replies
1
Views
782
Lrnt
Lrnt
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Back
Top