This section explains how to minimize the security threats to the Jaggery applications that are hosted within your WSO2 DAS pack. This is achieved via headers that can be embedded in the HTTP responses of these applications.
Table of Contents | ||||
---|---|---|---|---|
|
Available headers
The following is a list of headers that need to be enabled to enhance the security aspects of Jaggery Applications.
Header | Purpose |
---|---|
X-XSS-Protection: 1; mode=block | This enables reflected XSS protection in supported web browsers. |
X-Content-Type-Options: nosniff | This disables mime sniffing that can result in reflected or stored XSS in certain browsers. |
Cache-Control: no-store, no-cache, must-revalidate, private | This prevents sensitive information from being cached in web browsers, proxies and other intermediate network devices. |
In addition, the following are headers that need to be enabled based on the requirement of the application. These headers can be customized based on the URL pattern.
Header | Purpose |
---|---|
X-Frame-Options: DENY | This disables embedding Jaggery apps in iframes or frames. |
X-Frame-Options: SAMEORIGIN | This allows you to embed Jaggery apps in iframes or frames within the same origin. |
Info |
---|
The |
...