Forum Discussion
Hi Preet_pk,
when HTTP_REQUEST { set status 0 switch [string tolower [HTTP::host]] { "red.lab.ae" { pool Red_Pool1 } "green.lab.ae" { set status 1 pool Green_Pool1 } } } when HTTP_RESPONSE { if { $status } { if { !([HTTP::header exists "Strict-Transport-Security"]) } { HTTP::header insert "Strict-Transport-Security" "max-age=16070400; includeSubDomains;" } if { !([HTTP::header exists "X-Content-Type-Options"]) } { HTTP::header insert "X-Content-Type-Options" "nosniff" } if { !([HTTP::header exists "X-Frame-Options"]) } { HTTP::header insert "X-Frame-Options" "SAMEORIGIN" } if { !([HTTP::header exists "X-XSS-Protection"]) } { HTTP::header insert "X-XSS-Protection" "1; mode=block" } } }
You may need to change the header values.
Before adding X-XSS-Protection header read this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection