Forum Discussion

visual2008_3086

Nimbostratus

Oct 17, 2017

HTTP header X-XSS-Protection, X-Content-Type-Options issue

I am trying to insert the HTTP header X-XSS-Protection, X-Content-Type-Options in order to mitigate a security vunerability. I have found an irule solution, but when I implemented the solution, a cod...

Cirrostratus

Oct 17, 2017

Hey

I've only corrected you syntax

when HTTP_RESPONSE {

if { ! [HTTP::header exists "X-Content-Type-Options"] } { 
    HTTP::header insert "X-Content-Type-Options" "'nosniff'" 
}

if { ! [HTTP::header exists "X-XSS-Protection"] } { 
    HTTP::header insert "X-XSS-Protection" "1; mode=block" 
    } 
}

Now you should be able to create it.

Please give me a feedback

Regards

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

HTTP header X-XSS-Protection, X-Content-Type-Options issue

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

x-content-type-options

Issues with X-XSS Protection HTTP Header

Inserting X-frame-Options, X-XSS-Protection, X-Content-Type-Options, Strict-Transport-Security

Security Headers Insertion

(HTTP) Redirection via Arbitrary Host Header

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS