Use "always" condition for security headers

Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2019-07-01 18:41:59 +02:00 · 2019-07-01 18:41:59 +02:00 · bd9403d3da
parent 3f2932c75a
commit bd9403d3da
1 changed files with 7 additions and 7 deletions
--- a/.htaccess
+++ b/.htaccess
@ -11,13 +11,13 @@

  <IfModule mod_env.c>
    # Add security and privacy related headers
-    Header set Referrer-Policy "no-referrer"
-    Header set X-Content-Type-Options "nosniff"
-    Header set X-Download-Options "noopen"
-    Header set X-Frame-Options "SAMEORIGIN"
-    Header set X-Permitted-Cross-Domain-Policies "none"
-    Header set X-Robots-Tag "none"
-    Header set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "no-referrer"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Download-Options "noopen"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-Permitted-Cross-Domain-Policies "none"
+    Header always set X-Robots-Tag "none"
+    Header always set X-XSS-Protection "1; mode=block"
    SetEnv modHeadersAvailable true
  </IfModule>