Layer7 API Management

Implement security headers in general server response

  • 1.  Implement security headers in general server response

    Posted 07-23-2021 02:16 PM

    Hi all  we are trying to implement does headers in api gateway 9.3 we have tried to insert as a fragment policy but as result the communication with the otk service failed.
    Does anyone have any recommendation

    name= X-XSS-Protection value ="1; mode=block"

    ·      name= X-Content-Type-Options value= "nosniff"

    ·     name= Content-Security-Policy value= default-src 'self'

    ·   name= Strict-Transport-Security value= "max-age=31536000; includeSubDomains; preload" [1]

    ·       name= X-Frame-Options value= "SAMEORIGIN"