Configuring security headers on WebSphere 9.0.5.13 involves the following steps:
Click on Add and enter the following properties and their values: a. com.ibm.ws.webcontainer.enableTransparentContentProtection=true b. com.ibm.ws.webcontainer.security.FilterXSS=true c. com.ibm.ws.webcontainer.security.FilterDisableJS=true d. com.ibm.ws.webcontainer.security.FilterScanUploadFiles=true e. com.ibm.ws.webcontainer.security.FilterEncoding=true
Note: These properties enable content protection, XSS filter, disable JS execution, scan uploaded files, and encoding.
Save the changes and restart the server.
Once the server is restarted, it will apply these security headers to all incoming requests. You can verify this by checking the headers using a browser extension or a command-line tool such as cURL.
Asked: 2021-10-29 11:00:00 +0000
Seen: 8 times
Last updated: Apr 28 '22