<SecurityHTTPHeaders>

SecurityHTTPHeaders

The SecurityHTTPHeaders element creates an HTTP Security Header in the Web App.

Element

Description

Possible values

SecurityHTTPHeaders

The HTTP Security Header is an HTTP Response Header. The HTTP Security Header is used to protect the Web App against unauthorized attacks.

The element contains the following elements:

strictTransportSecurity
XFrameOptions

strictTransportSecurity

The HTTP Strict Transport Security Response Header informs browsers that the website should only be accessed via HTTPS and that all future access attempts via HTTP should be automatically converted to HTTPS.

XFrameOptions

The X-Frame options in the HTTP Response Header can be used to determine whether a calling browser is allowed to embed the target page in a <frame>, <iframe>, <embed>, or <object>.

DENY: The target page is not allowed to be embedded.
SAMEORIGIN: The target page is allowed to be embedded.

strictTransportSecurity

Attribute	Description	Possible values
`enabled`	Sets the status of the HTTP Strict Transport Security Response Header.	`true`: The Strict Transport Security Response Header is enabled. `false`: Strict Transport Security Response Header is disabled.
`includeSubDomains`	Specifies whether the HTTP Strict Transport Security Response Header settings are also applied to the subdomains of the Web App.	`true`: The settings are also applied to the subdomains. `false`: The settings are not applied to the subdomains.
`maxAge`	The time in seconds for the browser to remember that the Web App may only be accessed via HTTPS.	Any integer
`preLoad`	Specifies whether the HTTP Strict Transport Security Response Header is preloaded.	`true`: The HTTP Strict Transport Security Response Header is preloaded. `false`: The HTTP Strict Transport Security Response Header is not preloaded.