Enable X-Frame-Options in proxy SSL Apache

Miguel G

Well-Known Member
Jun 4, 2015
86
0
6
Spain
cPanel Access Level
Root Administrator
Twitter
Hi,

I am configuring Apache as a SSL Proxy (apart of answering non-SSL request on 82 port). I do this since I have Varnish running on 80 port for caching.

This has been working fine for more than 2 years. I can set RequestHeader as X-Forwarded-Proto or X-Forwarded-Port.

I have enabled X-Frame-Options in tweak options but still getting X-Frame-Options deny in the headers although I have added this entry in the SSL proxy for a website:

RequestHeader set X-Frame-Options "sameorigin"

What am I doing wrong?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello @Miguel G,

I have enabled X-Frame-Options in tweak options
The Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd option under the Security tab in WHM >> Tweak Settings is for cpsrvd only (e.g. accessing cPanel/WHM/Webmail) and is unrelated to the Apache service utilized for your websites.

If you're looking to change that setting for your websites, you'd need to follow the instructions on a thread like this:

SOLVED - htaccess Header Set doesn't set

Let me know if that helps.

Thank you.