Hi! I want to enable some security headers. I don't have access to my = vhosts, and not to the apache config, so I used my .htaccess.
<ifModule mod_headers.c>
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=3Dblock"
Header set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer"
Header set Content-Security-Policy "default-src 'self' ; =
referrer no-referrer ;"
Header unset X-Powered-By
</IfModule>
According to my ISP there are the following directives:
apache2.config: AllowOverride none
vhosts AllowOverride All
None of the above security headers are working. Any tips?
Thank you!
hc
smime.p7s
Description: S/MIME cryptographic signature
