1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:43 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

X-Content-Security-Policy and others

If I have these set in .htaccess, won't the response headers show them?

         

MickeyRoush

8:06 pm on Mar 20, 2012 (gmt 0)

10+ Year Member



I've been experimenting with these rules in my .htaccess. I have mod_headers installed.

Header set X-Frame-Options "deny"
Header set X-Content-Security-Policy "allow 'self';"
Header set X-XSS-Protection "1; mode=block"


Shouldn't I be able to see them in the response headers from a browser when viewing the site?

I don't get any errors, but I could have recalled seeing them before in the response headers when viewing the site. Should they be at the very beginning of the .htaccess file? I know placement of any directives could cause things to not work as planned, so I'm wondering if there's a conflict in the placement.

Thanks for any help.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:43 am May 21, 2026