adocsys
New Pleskian
- Server operating system version
- Almalinux 9.2
- Plesk version and microupdate number
- 18.0.59
Hello,
Currently setting up a server to be PCI compliant and after multiple configuration adjustments, I only have one thing left to correct to have certification. I have set the HTTP Security Headers on all ports but I am not finding the port 80 configuration.
If I test the following, here are the results:
curl -sIL http://host.domain.ext:80
# Does not show any of the security headers, for example, x-content-type-options: nosniff
curl -sIL https://host.domain.ext:443
# Shows all my security headers, including x-content-type-options: nosniff
I have searched thru the files in /etc/sw-cp-server/ because it is Nginx that answers the call (I see header Server: nginx and netstat shows nginx process listening on port 80) but I am unable to find where I can add the directive.
The /etc/sw-cp-server/conf.d/plesk.conf file already contains the directives under the server tag and works fine for multiple ports but not port 80 sadly...
Has someone already done this or have a clue where the headers should be added?
Thanks a lot!
Currently setting up a server to be PCI compliant and after multiple configuration adjustments, I only have one thing left to correct to have certification. I have set the HTTP Security Headers on all ports but I am not finding the port 80 configuration.
If I test the following, here are the results:
curl -sIL http://host.domain.ext:80
# Does not show any of the security headers, for example, x-content-type-options: nosniff
curl -sIL https://host.domain.ext:443
# Shows all my security headers, including x-content-type-options: nosniff
I have searched thru the files in /etc/sw-cp-server/ because it is Nginx that answers the call (I see header Server: nginx and netstat shows nginx process listening on port 80) but I am unable to find where I can add the directive.
The /etc/sw-cp-server/conf.d/plesk.conf file already contains the directives under the server tag and works fine for multiple ports but not port 80 sadly...
Has someone already done this or have a clue where the headers should be added?
Thanks a lot!