Difference between revisions of "F5 Big IP HSTS"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
https://support.f5.com/csp/article/K68657325 | https://support.f5.com/csp/article/K68657325 | ||
| + | ``` | ||
nmap -p 443 --script http-security-headers 10.x.x.y | nmap -p 443 --script http-security-headers 10.x.x.y | ||
| + | ``` | ||
| + | |||
| + | |||
| + | NGINX Example - | ||
| + | ``` | ||
| + | # Security headers | ||
| + | add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; | ||
| + | add_header X-Frame-Options DENY; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | add_header Content-Security-Policy "default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com;"; | ||
| + | add_header X-XSS-Protection "1; mode=block"; | ||
| + | add_header Referrer-Policy "origin"; | ||
| + | ``` | ||
| + | https://serverfault.com/questions/874936/adding-hsts-to-nginx-config | ||
Revision as of 20:33, 12 January 2022
https://support.f5.com/csp/article/K68657325
nmap -p 443 --script http-security-headers 10.x.x.y
NGINX Example -
# Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header Content-Security-Policy "default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com;"; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "origin";
https://serverfault.com/questions/874936/adding-hsts-to-nginx-config