use Content-Security-Policy instead of old X-Frame-Options

[ansible.git] / roles / apache / templates / ssl.conf

diff --git a/roles/apache/templates/ssl.conf b/roles/apache/templates/ssl.conf
index fd99e1f99e827983e861ae473377b6993cd2f182..5fa87c39c424e28bb2f9f17fce0a06687c1072b5 100644 (file)
--- a/roles/apache/templates/ssl.conf
+++ b/roles/apache/templates/ssl.conf
@@ -17,7 +17,7 @@
     Header unset Strict-Transport-Security
     Header set Strict-Transport-Security "max-age=864000"
     # Make sure we load everything via HTTPS
-    Header set Content-Security-Policy "upgrade-insecure-requests"
+    Header add Content-Security-Policy "upgrade-insecure-requests"
 
     #########################################################
     # SSL configuration below ###############################