Client & welcome: Add security headers to the apache config

OpenConext · Nov 7, 2023 · c9c7797 · c9c7797
1 parent d6167b2
commit c9c7797
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/client/docker/appconf.conf b/client/docker/appconf.conf
@@ -57,3 +57,7 @@ DocumentRoot /var/www/
 Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
 Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
 </FilesMatch>
+
+Header always set X-Frame-Options "DENY"
+Header always set Referrer-Policy "origin-when-cross-origin"
+Header always set X-Content-Type-Options "nosniff"
diff --git a/welcome/docker/appconf.conf b/welcome/docker/appconf.conf
@@ -51,3 +51,6 @@ Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
 Header set Expires "Sun, 8 Jun 1986 08:06:00 GMT"
 </FilesMatch>
 
+Header always set X-Frame-Options "DENY"
+Header always set Referrer-Policy "origin-when-cross-origin"
+Header always set X-Content-Type-Options "nosniff"