For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Greg_Donohoe_25's avatar
Greg_Donohoe_25
Icon for Nimbostratus rankNimbostratus
Oct 16, 2015

HTTP header insert

I am trying to insert the HTTP header "X-Frame-Options: SAMEORIGIN" in order to mitigate a security vunerability. Can anyone share the correct syntax for this please?  
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 16, 2015
when HTTP_REQUEST {
    if { !([HTTP::header exists "X-Frame-Options"])} { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" }
    if { !([HTTP::header exists "X-XSS-Protection"])} { HTTP::header insert "X-XSS-Protection" "1; mode=block" }
    if { !([HTTP::header exists "X-Content-Type-Options"])} { HTTP::header insert "X-Content-Type-Options" "'nosniff'" }
}