Join the Customer Advisory Board

WebSphere & Liberty CAB

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

MISCONFIGURED SECURITY HEADERS

1. MISCONFIGURED SECURITY HEADERS

Like
Adeoye Omoboya

IBM Champion
Posted 2 days ago

Reply
Dear Team

How do we configure missing HTTP Header on TWAS 9.0.5.x

The headers should be set as follows
- Set the X-XSS header as follows: X-XSS-Protection: 1;mode=block
This enables the filter and instructs the browser to block the entire page if an XSS attack is detected. This is more secure than just 1.

MISCONFIGURED SECURITY HEADERS
The web application does not have the security headers set correctly:
- Cross Site Scripting Protection (X-XSS): This protects against Cross-Site Scripting attacks sniffing.
X-XSS-Protection: 1; This enables the browser's XSS filter but does not block the page if an attack is detected.

Thanks

------------------------------
Adeoye Omoboya
------------------------------

Join the Customer Advisory Board

WebSphere & Liberty CAB

MISCONFIGURED SECURITY HEADERS

1. MISCONFIGURED SECURITY HEADERS

Additional
Resources

Office

Quick Links

Join the Customer Advisory Board

WebSphere & Liberty CAB

MISCONFIGURED SECURITY HEADERS

1. MISCONFIGURED SECURITY HEADERS

Related Content

Traditional WAS on Java 11

WAS CAB: Operational Modernization and Application Re-platforming with Transformation Advisor.

WAS CAB: WebSphere Automation update and demo - reach out to engage in Feedback

Are you using tWAS/Liberty or Cloud Pak for Apps on AWS?

WebSphere, Liberty and Java roadmap update

Additional Resources

Office

Quick Links

Additional
Resources