Qualys Vulnerability

HTTP Security Header Not Detected

While scanning web server we may encounter the error “HTTP Security Header Not Detected”. This simply means that the security headers are not enabled.

In debian Apache we have to do following steps to fix this issue:

1. Enable Headers Module

a2enmod headers


2. Add headers in Apache Conf

vim /etc/apache2/apache2.conf

Add below lines in list of conf file:

Header always append X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff

3. Restart Apache

/etc/init.d/apache2 restart

Leave a Reply

Your email address will not be published.