Use "always" condition for security headers

Signed-off-by: J0WI <J0WI@users.noreply.github.com>
author: J0WI <J0WI@users.noreply.github.com> 2019-07-01 18:41:59 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-08-11 20:11:50 +0200
commit: bd9403d3da5150389508c11e6a7beacf61c192ff (patch)
tree: 44043479b21255bafd5d02f27455f0bf926deadb /.htaccess
parent: 3f2932c75a44feed4d10183fb7a286ed1b1e8ce4 (diff)
download: nextcloud-server-bd9403d3da5150389508c11e6a7beacf61c192ff.tar.gz
nextcloud-server-bd9403d3da5150389508c11e6a7beacf61c192ff.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/.htaccess b/.htaccess
index a81b6765267..43c8ea22065 100644
--- a/.htaccess
+++ b/.htaccess
@@ -11,13 +11,13 @@
 
   <IfModule mod_env.c>
     # Add security and privacy related headers
-    Header set Referrer-Policy "no-referrer"
-    Header set X-Content-Type-Options "nosniff"
-    Header set X-Download-Options "noopen"
-    Header set X-Frame-Options "SAMEORIGIN"
-    Header set X-Permitted-Cross-Domain-Policies "none"
-    Header set X-Robots-Tag "none"
-    Header set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "no-referrer"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Download-Options "noopen"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-Permitted-Cross-Domain-Policies "none"
+    Header always set X-Robots-Tag "none"
+    Header always set X-XSS-Protection "1; mode=block"
     SetEnv modHeadersAvailable true
   </IfModule>
author	J0WI <J0WI@users.noreply.github.com>	2019-07-01 18:41:59 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-08-11 20:11:50 +0200
commit	bd9403d3da5150389508c11e6a7beacf61c192ff (patch)
tree	44043479b21255bafd5d02f27455f0bf926deadb /.htaccess
parent	3f2932c75a44feed4d10183fb7a286ed1b1e8ce4 (diff)
download	nextcloud-server-bd9403d3da5150389508c11e6a7beacf61c192ff.tar.gz nextcloud-server-bd9403d3da5150389508c11e6a7beacf61c192ff.zip