Forum Discussion

Altocumulus

Mar 02, 2023

ASM: Need to add HTTP security headers for response and blocking pages

Hi there, We are needing to turn on security headers for ASM response and blocking pages. There is a KB (K25232031 ) that mentions it being enabled by default for version 16.0.0. We are running a ...

security

Juergen_Mang

MVP

Mar 03, 2023

K25232031 is interesting, thanks for the link.

About X-XSS-Protection: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
About X-Frame-Options: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Adding a simple Content-Security-Policy will be the better way. I do not tested it, but this shoud suffice:

Content-Security-Policy: default-src 'self'; frame-ancestors 'self'

P.S.: I always change the Response Code to 403

Forum Discussion

ASM: Need to add HTTP security headers for response and blocking pages

Recent Discussions

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Related Content

Response and blocking page

In search of a security incident response system for the masses

Introduction of Incident Response

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates