Re: [users@httpd] X-Frame-Options and security

https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? It appears to

Re: [users@httpd] X-Frame-Options and security

On Fri, Sep 10, 2021 at 11:03 AM Dave Wreski wrote: > > > https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header > > What headers are returned by error pages and by redirects (e.g. 302 > redirect when requesting a directory without a trailing '/')? > What headers are returned by

Re: [users@httpd] X-Frame-Options and security

https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect when requesting a directory without a trailing '/')? What headers are returned by dynamic responses (proxied or CGI), if you have any? It appears to

Re: [users@httpd] X-Frame-Options and security

чт, 2 сент. 2021 г. в 18:18, Dave Wreski : > > > Header set X-XSS-Protection "1; mode=block" > Header set X-Frame-Options "SAMEORIGIN" https://httpd.apache.org/docs/2.4/en/mod/mod_headers.html#header What headers are returned by error pages and by redirects (e.g. 302 redirect

Re: [users@httpd] X-Frame-Options and security

On Thu, Sep 9, 2021 at 7:57 PM Dave Wreski wrote: > > Hi, revisiting a post from last week regarding X-Frame-Options and security > settings. I performed a security scan of https://linuxsecurity.com using > immuniweb (https://www.immuniweb.com/websec/linuxsecurity.com/QoioHb5H/) and > it

Re: [users@httpd] X-Frame-Options and security

Hi, revisiting a post from last week regarding X-Frame-Options and security settings. I performed a security scan of https://linuxsecurity.com using immuniweb (https://www.immuniweb.com/websec/linuxsecurity.com/QoioHb5H/ ) and it

Re: [users@httpd] X-Frame-Options and security

Hi, it looks like it doesn't occur with static files using lynx. I also checked with the homepage, and same result - X-Frame-Options only shows SAMEORIGIN and does not include GOFORIT. $ lynx -head -dump https://linuxsecurity.com/static-content/linuxsecurity_advisories.xml HTTP/1.1 200 OK

Re: [users@httpd] X-Frame-Options and security

On Wed, Sep 1, 2021 at 7:30 PM Dave Wreski wrote: > > Hi, > > I ran a security scan for X-Frame-Options > (https://gf.dev/x-frame-options-test) on our site > (https://linuxsecurity.com), and it returned SAMEORIGIN, which is good, but > it also returned GOFORIT. > > The only settings we have

[users@httpd] X-Frame-Options and security

Hi, I ran a security scan for X-Frame-Options (https://gf.dev/x-frame-options-test) on our site (https://linuxsecurity.com), and it returned SAMEORIGIN, which is good, but it also returned GOFORIT. The only settings we have are the following:     Header set X-XSS-Protection "1;