Forum Discussion

Altocumulus

Mar 02, 2023

ASM: Need to add HTTP security headers for response and blocking pages

Hi there, We are needing to turn on security headers for ASM response and blocking pages. There is a KB (K25232031 ) that mentions it being enabled by default for version 16.0.0. We are running a ...

security

Juergen_Mang

MVP

Mar 03, 2023

K25232031 is interesting, thanks for the link.

About X-XSS-Protection: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
About X-Frame-Options: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Adding a simple Content-Security-Policy will be the better way. I do not tested it, but this shoud suffice:

Content-Security-Policy: default-src 'self'; frame-ancestors 'self'

P.S.: I always change the Response Code to 403

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ASM: Need to add HTTP security headers for response and blocking pages

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

Response and blocking page

Introduction of Incident Response

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS