Security Headers Insertion
Problem this snippet solves: Centralize the security header management for one or more domains on the recommendation of SecurityHeaders.io.
Be warned!! You can really do damage to your availabili...
Published Mar 14, 2016
Version 1.0JRahm
Admin
Joined January 20, 2005
JRahm
Admin
Joined January 20, 2005
DJDX21_252164
Mar 18, 2016Cirrus
If the headers are already present in case of HSTS or Content security policy one can override with the new header by removing the old header
Like this:
~~~
when HTTP_RESPONSE {
set strictTransportSecurityHeader {"Strict-Transport-Security"}
if { [HTTP::header exists $strictTransportSecurityHeader] } {
HTTP::header remove $strictTransportSecurityHeader
}
HTTP::header insert Strict-Transport-Security "max-age=31536000; includeSubDomains"
}
~~~