• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question additional header settings

RichardFM

New Pleskian
I made the following configuration in Plesk, to obtain the headers since I am using a platform called Securescorecard for the security of my system but it does not detect these changes that I made. What could be happening? I do not think it is a matter of restarting the server since doing this is very complex... it may be something else.
1722265720567.png
 
I'd recommend adding those headers (using the correct directives) as Additional directives to either Apache or Ngnix. More information can be found here:

For Apache
Apache config:
Header set X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "frame-ancestors 'none';"
Header set Referrer-Policy no-referrer

For nginx
NGINX:
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Referrer-Policy no-referrer;
 
Back
Top