Forum Discussion

Nimbostratus

Jun 20, 2018

Security Headers via Policy

Hi folks,

Can any one help me out with the following: I am trying to setup policies on the F5 for the following headers. I am however not sure if the policy have been setup correctly.

X-Content-Type-Options: nosniff

Content-Security-Policy: default-src

X-XSS-Protection: 1 code=block

X-Frame-Options: deny

Strict-Transport-Security: max-age=31536000 includeSubDomains

Stanislas_Piro2
Cumulonimbus
Jun 20, 2018
look at this code...

Pascal Keepers provided in comments his security headers configuration with policy.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Security Headers via Policy

Recent Discussions

Can i apply ddos profile on virtual server using port range

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

ASM Export JSON - size Limit ?

SNI Sites not taking correct certificate.

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Related Content

iRule to modify a content-security-policy header

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

Security Headers Insertion

Fileless Malware, Anti-Cheat Transparency, & NGINX OSS Security Policy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS