- Apache 設定參考
- 調整 httpd.conf 將 LoadModule headers_module modules/mod_headers.so 啟用
- 加入以下腳本 example
<IfModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
Header set Frame-Options "SAMEORIGIN"
#Header set Content-Security-Policy "default-src 'self'"
##Allow Google Analytics, Google AJAX CDN and Same Origin ......
Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.lib.nthu.edu.tw;"
</IfModule>
P.S. Header set X-Frame-Options "ALLOW-FROM http://host1 ,http://host2"
