0

I am trying to solve the below option on my website

Strict-Transport-Security
Content-Security-Policy 
X-Frame-Options 
X-Content-Type-Options 
Referrer-Policy 
Permissions-Policy

I found the below code on Google and added the same in /etc/apache2/apache2.conf file. Also added the same code in .htaccess and restarted the server

<IfModule mod_headers.c>
 Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Credentials true
  Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
  Header set Access-Control-Max-Age "1000"
  Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</IfModule>

but it's not working

I have scanned my website in this URL: https://securityheaders.com/,

Naren Verma
  • 2,205
  • 5
  • 38
  • 95
  • What specifically are you trying to "solve"? The only directive that is relevant to your question is the `Header` directive, so why are you adding the rest? Both `Require` and `Order`/`Allow` directives should not be used at the same time (the first is Apache 2.4 and the second Apache 2.2). Is `/var/www/html` the correct directory? Are you not using virtualhosts? "See "systemctl status apache2.service" and "journalctl -xe" for details." - And what does that report? – MrWhite Jul 12 '23 at 18:55
  • @MrWhite, I have to solve those issues, so I researched Google and found the header code to add to the config file. so I have added the same code in the question and getting an error... The path is correct /var/www/html – Naren Verma Jul 13 '23 at 02:29
  • @MrWhite, i am a beginner in AWS apache2, Both Require and Order/Allow directives should not be used at the same time // what code i have to use it? – Naren Verma Jul 13 '23 at 02:32

0 Answers0