OWASP Secure Headers in haproxy18

All data that is used in the content that SSO produces and consumes is sanitized and encoded. We follow a number of security best-practices to build our applications, including for example OWASP (e.g. https://owasp.org/Top10/A03_2021-Injection/ ).

However if specific secure headers need to be implemented then we recommend implementing OWASP Secure headers at proxy or load balancer level.

Below are examples of security headers configuration in haproxy18, mentioned configuration should be added in haproxy.cfg file

http-response del-header Server http-response del-header X-Powered-By http-response set-header Strict-Transport-Security max-age=15768000;\ includeSubDomains;\ preload; http-response set-header X-Content-Type-Options nosniff

Â