Question
How to add headers to sw-engine delivered pages?
For instance:
X-XSS-Protection
X-Content-Type-Options
Strict-Transport-Security
Answer
-
Connect to the server via SSH;
-
Modify
/etc/sw-cp-server/conf.d/plesk.conf
using any text editor (for example vi) and add required values to the server section:server_names_hash_bucket_size 64;
server {
listen 8443 ssl;
listen 8880;
listen 127.0.0.1:8880 default_server;
include conf.d/*ipv6_ports.inc;ssl_certificate /usr/local/psa/admin/conf/httpsd.pem;
ssl_certificate_key /usr/local/psa/admin/conf/httpsd.pem;
# XSS Protection
add_header X-XSS-Protection 1;
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
include conf.d/*plesk.inc;
include conf.d/*wpb.inc;
}Note: The above values are just an example. Syntax of the headers may be obtained from the nginx manual.
-
Restart
sw-cp-server
process:# service sw-cp-server reload