Security Headers Insertion

Problem this snippet solves: Centralize the security header management for one or more domains on the recommendation of SecurityHeaders.io. Be warned!! You can really do damage to your availabili...
Published Mar 14, 2016
Version 1.0
security
Nagesh08_254834's avatar
Nagesh08_254834
Icon for Nimbostratus rankNimbostratus
Oct 12, 2018

Hi Jason,

 

code is as same as above,

 

when RULE_INIT { set static::fqdn_pin1 "X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=" set static::fqdn_pin2 "MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec=" set static::max_age 15552000 } when HTTP_REQUEST { HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" } when HTTP_RESPONSE { HSTS HTTP::header insert Strict-Transport-Security "max-age=$static::max_age; includeSubDomains" HPKP HTTP::header insert Public-Key-Pins "pin-sha256=\"$static::fqdn_pin1\" max-age=$static::max_age; includeSubDomains" X-XSS-Protection HTTP::header insert X-XSS-Protection "1; mode=block" X-Frame-Options HTTP::header insert X-Frame-Options "DENY" X-Content-Type-Options HTTP::header insert X-Content-Type-Options "nosniff" CSP HTTP::header insert Content-Security-Policy "default-src ; CSP for IE HTTP::header insert X-Content-Security-Policy "default-src ; }

 

As i found the code here, i am seeking your help.

 

Thank you