12.5.1. Add XSS protection headers on Apache

Warning

You are looking at documentation for an older release. Not what you want? See the current release documentation.

To manipulate the response headers, the Apache module mod_headers must be activated and the following lines added on your configuration : 

<VirtualHost *:80>
        ...
        # XSS Protection
        Header always append X-Frame-Options SAMEORIGIN
        Header always append X-XSS-Protection 1
        Header always append Content-Security-Policy "frame-ancestors 'self'"
        ...
        </VirtualHost>
Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus