Hi Gradus, 2018-05-09 9:18 GMT+02:00 Gradus Kooistra <[email protected]>:
> Dear Sir/Madam, > > We setup apache to set headers, like the X-Frame-Options. > But this doesn’t work for the 403 pages, only the > Strict-Transport-Security works. On non-error pages, the headers are > showing correctly in the browser/security scans > > The headers are set to the virtual hosts and later also to the global > apache configuration, without any luck. > > The problem is that some security scans show warnings to the customers and > the think the sites are unsafe. > > Is it possible to set the headers, so 403 pages are also delivering this > to the browsers? > > Have you tried the Header set always option? Ref: https://httpd.apache.org/docs/current/mod/mod_headers.html#header Hope that helps, Luca
