/
OWASP Secure Headers in haproxy18
OWASP Secure Headers in haproxy18
- Shraddha Shejawal
Owned by Shraddha Shejawal
Last updated: 2022-04-26
All data that is used in the content that SSO produces and consumes is sanitized and encoded. We follow a number of security best-practices to build our applications, including for example OWASP (e.g. https://owasp.org/Top10/A03_2021-Injection/ ).
However if specific secure headers need to be implemented then we recommend implementing OWASP Secure headers at proxy or load balancer level.
Below are examples of security headers configuration in haproxy18, mentioned configuration should be added in haproxy.cfg file
http-response del-header Server
http-response del-header X-Powered-By
http-response set-header Strict-Transport-Security max-age=15768000;\ includeSubDomains;\ preload;
http-response set-header X-Content-Type-Options nosniff
, multiple selections available,
Related content
Miscellaneous
Miscellaneous
Read with this
CORS support - SSO
CORS support - SSO
More like this
How-to
How-to
Read with this
CORS support - SSO
CORS support - SSO
More like this
Signed and encrypted response - SSO
Signed and encrypted response - SSO
More like this
Signed and encrypted response - SSO
Signed and encrypted response - SSO
More like this