If 3rd party software is installed it is quite likely that the autocomplete attribute for password fields is not set to off. Editing such settings directly in the sourceode is possible most of the time, but it’s not the nicest way and you also run into the problem that everything could be gone again after an update of the software.
A nice workaround is to use the substitute module to accomplish that.
[pastacode lang=”markup” manual=”%3CLocation%20%22%2F%22%3E%0A%20%20%20%20AddOutputFilterByType%20SUBSTITUTE%20text%2Fhtml%0A%20%20%20%20Substitute%20%22s%7C%3Cinput%20type%3Dpassword%7C%3Cinput%20type%3Dpassword%20autocomplete%3Doff%7Ci%22%0A%3C%2FLocation%3E” message=”disable autocomplete for password fields” highlight=”” provider=”manual”/]
[pastacode lang=”apacheconf” manual=”%0A%23Security%20Settings%20start%0A%23https%3A%2F%2Fsecurityheaders.io%2F%3Fq%3Dblog.fawcs.info%26hide%3Don%26followRedirects%3Don%0A%23HSTS-enabled%0AHeader%20always%20set%20Strict-Transport-Security%20%22max-age%3D31536000%3B%20includeSubDomains%3B%20pre%0A%23Content-Security-Policy%0AHeader%20always%20set%20Content-Security-Policy%20%22default-src%20https%3A%20data%3A%20’unsafe-inline’%20’%0A%23Public-Key-Pins%0A%0A%0A%23X-Frame-Options%0AHeader%20always%20set%20X-Frame-Options%20%22SAMEORIGIN%22%0A%23X-XSS-Protection%0AHeader%20always%20set%20X-Xss-Protection%20%221%3B%20mode%3Dblock%22%0A%23X-Content-Type-Options%0AHeader%20always%20set%20X-Content-Type-Options%20%22nosniff%22%0A%0ASSLProxyEngine%20on%0ASSLEngine%20on%0ASSLProtocol%20all%20-SSLv2%20-SSLv3%20-TLSv1%0ASSLHonorCipherOrder%20on%0ASSLCipherSuite%20%22EECDH%2BECDSA%2BAESGCM%20EECDH%2BaRSA%2BAESGCM%20EECDH%2BECDSA%2BSHA384%20EECDH%2BECDSA%2BS%20!3DES%20!MD5%20!EXP%20!PSK%20!SRP%20!DSS%22%0A%0A%23Custom%20Settings%0ATraceEnable%20off%0AServerSignature%20Off%0AServerTokens%20Prod%0A” message=”” highlight=”” provider=”manual”/]
/* just another personal tech blog */