OneData 10.7 | Managing Master Data with webMethods OneData | Administering webMethods OneData | Configuring Security | Configuring Web Browser Security Header Properties
 
Configuring Web Browser Security Header Properties
You can enable or disable the available web browser security header properties in the http-resp-headers.properties file. Limit the use of the properties, property attributes, and attribute values to those mentioned here. If you introduce additional properties, attributes, or attribute values, OneData ignores them at runtime.
*To configure properties in the http-resp-headers.properties file
1. Navigate to the directory, Software AG_directory \profiles\ode\workspace\webapps\onedata\WEB-INF\config\security\headers.
2. Open the http-resp-headers.properties file.
3. Set the appropriate value for the following web browser security header properties:
*enable-Referrer-Policy. The default value is false. Change this property to true to ensure that the Referrer-Policy header value same-origin is added to the browse. A referrer is sent for same-site origin requests, but cross-origin requests will not contain referrer information.
*enable-Strict-Transport-Security. The default value is false with Strict-Transport-Security-value=max-age=3600; includeSubDomains. Change this property to true to enforce the use of HTTPS on the network domain and update the max-age attribute to the required value.
Important:
If you choose to enable this property, all applications hosted on the network domain will be forced to use only HTTPS.
*enable-X-FRAME-OPTIONS. This property controls the X-FRAME-OPTIONS header. The default value is true. This value adds the X-FRAME-OPTIONS header to the browser, preventing any clickjacking attack through the browser.
4. Save and close the file.
5. Restart the OneData server.