Mod_headers apparently not working


  • I’ve run sudo a2enmod in my workspace to enable mod_headers
  • In /etc/apache2/conf.enabled, there is a symlink to security.conf.
  • security.conf contains the line 'append X-FRAME-OPTIONS “SAMEORIGIN” ’ This line was originally commented out, but I’ve removed the ‘#’.
  • I’ve restarted Apache after the changes above

These changes should lead to the server providing a header line “X-Frame-Options: SAMEORIGIN”, but no such header line appears.

I’m not aware of any other changes required to enable this, and I need this for functionality in a CMS I’m using to develop a test site.

This therefore appears to be a bug.