Hi,
we use the OPNsense Bussiness Editon with the Web Application Firewall based on Apache. Our apps need some special headers to work (because of that the setting " Header Security" is set to off).
Is it possible to manual set some headers to increase security?
Strict-Transport-Security, X-Frame-Options, Content-Security-Policy, Referrer-Policy
Thank You!
Hello,
right now the request header settings are inside locations. (In Proxy Options)
Here certain predefined headers can be unset, and certain headers can be passed through.
There is currently no menu where you can define custom headers, or set values on headers, and add that to a location.
If you need that, please create an issue, so we can discuss it and pick it up if it makes sense to add:
https://github.com/opnsense/plugins/issues
okay thank you, that would be okay.
https://github.com/opnsense/plugins/issues/4955