How to add headers to Plesk Web Interface pages?

Follow

Comments

5 comments

  • Avatar
    Alex Bosch

    X-XXS-Protection "1; mode=block" policy is already enabled and can't be overwritten using it.

    How can I do that?

    Thank you

    0
    Comment actions Permalink
  • Avatar
    Anton Kuznetsov

    Hello Alex,

    Is it already enabled for Plesk pages (Plesk GUI) or your actual websites?

    0
    Comment actions Permalink
  • Avatar
    Alex Bosch

    Hi, Anton;

    I was talking about Plesk GUI. Even without the line add_header X-XSS-Protection 1; mode=block; on the /etc/sw-cp-server/conf.d/plesk.conf, when you look to the Plesk interface on the console or using an external checker like securityheaders.com it appears the X-XXS-Protection header enabled. If I add the line 

    add_header X-XSS-Protection 0;

    it didn't overwrite the other one. How can I change it?

    Thank you

     

    0
    Comment actions Permalink
  • Avatar
    Anton Kuznetsov

    Hello Alex,

    Thank you for the clarification.

    XSS-Protection header is indeed hardcoded into Plesk's PHP engine. To remove or modify it, you can use the following panel.ini directives:

    [security]

    xssProtection.enabled = true // add or not header

    xssProtection.blockMode = true // add or not mode=block

    xssProtection.reportingUri = false // add report block with uri from this param

    0
    Comment actions Permalink
  • Avatar
    Alex Bosch

    Thank you so much, Anton!

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request