Default page security headers
Hi,
When you open the server's hostname in the browser or a domain that is pointed to the server's IP but does not exist on the server the default cPanel page will be shown, the one at /cgi-sys/defaultwebpage.cgi.
What would be the best way to add the security headers to that default cPanel page? I am referring to the below:
X-Frame-Options
X-XSS-Protection
Strict-Transport-Security
Referrer-Policy
X-Content-Type-Options
Please help.
Thanks in advance.
-
Hi, When you open the server's hostname in the browser or a domain that is pointed to the server's IP but does not exist on the server the default cPanel page will be shown, the one at /cgi-sys/defaultwebpage.cgi. What would be the best way to add the security headers to that default cPanel page? I am referring to the below: X-Frame-Options X-XSS-Protection Strict-Transport-Security Referrer-Policy X-Content-Type-Options Please help. Thanks in advance.
Hello, You can manage this page's template by going to WHM>>Account Functions>>Web Template Editor0 -
Hi, I checked that and I can see that the template editor only offers the possibility to edit/add html code. The security headers however are something set via .htaccess like below: Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
I am not sure if the same is possible via the html page editor. Please let me know. Thanks in advance.0 -
This may be something that needs to be added as an include Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation 0 -
Hi, I have added a .htaccess file into /usr/local/cpanel/cgi-sys/ with the settings that I needed and it seems to have worked. Thanks for the help. 0
Please sign in to leave a comment.
Comments
4 comments