diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-11 21:20:42 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-01-12 10:37:16 +0100 |
| commit | 4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6 (patch) | |
| tree | 425251b10adc5a1d8791ce658f10a0058bf16a4d /.htaccess | |
| parent | 3317dd0a8e2ca265172d53a16f9241f3351aa3b8 (diff) | |
| download | nextcloud-server-4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6.tar.gz nextcloud-server-4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6.zip | |
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/.htaccess b/.htaccess index d86ed7162d8..1b516789563 100644 --- a/.htaccess +++ b/.htaccess @@ -12,6 +12,8 @@ Header set X-XSS-Protection "1; mode=block" Header set X-Robots-Tag "none" Header set X-Frame-Options "SAMEORIGIN" + Header set X-Download-Options "noopen" + Header set X-Permitted-Cross-Domain-Policies "none" SetEnv modHeadersAvailable true </IfModule> |