Forum Discussion
visual2008_3086
Oct 17, 2017Nimbostratus
HTTP header X-XSS-Protection, X-Content-Type-Options issue
I am trying to insert the HTTP header X-XSS-Protection, X-Content-Type-Options in order to mitigate a security vunerability. I have found an irule solution, but when I implemented the solution, a cod...
Lee_Sutcliffe
Oct 17, 2017Nacreous
You had an incorrect quotation mark at the end of your header type in the IF statement. This was preventing the close braces from working correctly.
I've corrected the code:
when HTTP_RESPONSE {
if {!([HTTP::header exists "X-Content-Type-Options" ])} {
HTTP::header insert "X-Content-Type-Options" "'nosniff'"
}
if {!([ HTTP::header exists "X-XSS-Protection"])} {
HTTP::header insert "X-XSS-Protection" "1; mode=block"
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects