Security Issue

  

Hi,

We have a requirement issue in our project where we need to cover the following security items:

- X-Frame-Options: SAMEORIGIN

- X-XSS-Protection: 1; mode-block

- X-Content-Type-Options: nosniff

How can we configure this in the platform so we can secure properly our applications?

Thanks in advance for the help.

Best Regards,

Miguel Pinto

Hi Miguel,

You can set those on a page-per-page basis of course, but if you need to set it for all pages, couldn't you configure your web server to add these headers?

Hi Kilian,

Thanks for your answer. We have our infrastructure in the cloud, so I guess it will be difficult to apply the headers on a specific web server. 

We came up with a solution, creating a Web Control with all the headers that we want to apply for our application, basically doing something like this:


Thanks.

Best Regards,

Miguel

If you use lifetime i think you can configure what you want there.