Name | Description | |
---|---|---|
AddContentSecurityPolicy | Adds raw content security policy to the firewall. | |
AddContentSecurityPolicyButTrust | Overloaded. Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected | |
AddContentSecurityPolicyTrustOnlySelf | trust only own domain, no external images or scripts | |
AddContentTypeOptionsNoSniff | Add X-Content-Type-Options nosniff to all requests. Can be set to protect against MIME type confusion attacks. | |
AddDefaultSecurePolicy | Add default security headers configuration in each request of the firewall | |
AddDefaultSecurePolicyAndReport | Overloaded. Add default security headers configuration in each request of the firewall and reports violations to the firewall | |
AddFrameOptionsDeny | Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so | |
AddFrameOptionsSameOrigin | Overloaded. Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website. | |
AddStrictTransportSecurityMaxAge | Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided. | |
AddStrictTransportSecurityMaxAgeIncludeSubDomains | Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains. | |
AddStrictTransportSecurityNoCache | Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache | |
AddXssProtectionBlock | Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing. | |
AddXssProtectionBlockAndReport | Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing. | |
AddXssProtectionDisabled | Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent. | |
AddXssProtectionEnabled | Add X-XSS-Protection 1 to all requests. Enables the XSS Protections | |
AddXssProtectionReport | Overloaded. Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format. | |
DoNotTrack | For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user. | |
RemoveServerHeader | Removes the Server header from all responses | |
SimulateDifferentServer | Add headers to simulate a different server so that attackers are using a different method of attack | |
SimulateDifferentTechnologyStack | Add headers to simulates the different technology stack. |