0

I tried to unset these Headers in the apache.conf and restarted apache. But when I view the webpage it still appears on the Response Headers. (cleared the cache and deleted cookies) How do i remove them especially CSP? 

Header unset X-Frame-Options
Header unset X-XSS-Protection
Header unset X-Content-Type-Options
Header unset X-Permitted-Cross-Domain-Policies

Header unset X-Content-Security-Policy 

Header unset X-Webkit-CSP 

Header unset Cache-Control 
Header unset Pragma 

Header unset Expires
Shion Uzuki
  • 3
  • 1
  • 3

1 Answers1

1

For a start I'm not sure why you'd want to unset a lot of these! They are important headers for security and performance reasons. But anyway...

There are two reasons I can think of as to why these are not being unset:

  1. Later on in your configuration you are setting them again. Perhaps move them to the end of your apache.conf file?
  2. They are being set by a downstream application or script. In which case you may have to use the "Header always unset" syntax.

Still it's always best to not set these in the first place, rather than unset them. So, even if above solutions work, it might be better to find out where they are being set and solve your issue there.

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92
  • its because im encountering a Content Security Policy error in safari. I just want to remove them first to figure out whats wrong. Thanks!! – Shion Uzuki Oct 24 '15 at 06:47