# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
-Header set X-Frame-Options: "sameorigin"
+Header add Content-Security-Policy "frame-ancestors 'self'"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Header unset Strict-Transport-Security
Header set Strict-Transport-Security "max-age=864000"
# Make sure we load everything via HTTPS
- Header set Content-Security-Policy "upgrade-insecure-requests"
+ Header add Content-Security-Policy "upgrade-insecure-requests"
#########################################################
# SSL configuration below ###############################
projects / ansible.git / commitdiff