MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Tips and Tricks => Topic started by: cmdman on 2015-04-21, 09:26:54

Title: how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers
Post by: cmdman on 2015-04-21, 09:26:54

hi mr

how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers for apache and nginx for Kloxop-MR panel..

Title: Re: how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers
Post by: MRatWork on 2015-04-21, 09:29:15

Try hiawatha-proxy.

Title: Re: how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers
Post by: cmdman on 2015-04-21, 09:38:00

why cont for apache and nginx i saw your mr forum header its implemented with apache  so help me on this for apache and nginx

Title: Re: how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers
Post by: cmdman on 2015-04-21, 09:56:21

ok i added this under ht access,

<IfModule mod_headers.c>
    Header unset ETag
    Header set X-Frame-Options: deny
    Header set X-XSS-Protection: "1; mode=block"
    Header set X-Content-Type-Options: nosniff
    Header set X-WebKit-CSP: "default-src 'self'"
    Header set X-Permitted-Cross-Domain-Policies: "master-only"
</IfModule>

now it shows
i tested the header
https://securityheaders.com/test-http-headers.php
 

Title: Re: how to Setting up emit NoSniff, X-Frame and X-XSS-Protection headers
Post by: MRatWork on 2015-04-21, 09:59:25

Quote from: cmdman on 2015-04-21, 09:38:00

why cont for apache and nginx i saw your mr forum header its implemented with apache  so help me on this for apache and nginx

No server for this forum using hiawatha-proxy. The problem is, in proxy, hiawatha show apache instead their name in 'server headers'.