Security headers - SmartPlant Foundation - 2019 (10.0) - Installation

Infrastructure Planning and Deployment for SmartPlant Foundation

PPMProduct
SmartPlant Foundation
PPMCategory_custom
Installation & Upgrade
SPFVersion_custom
10

In order to prepare the application to be exposed externally, a number of configuration changes need to be made to the relevant IIS server. In this case, the web server should be configured to send the following headers by default:

Header

Value

X-Frame-Options

SAMEORIGIN

X-Content-Type-Options

nosniff

X-XSS-Protection

1; mode=block

Cache-Control

no-cache, no-store, must-revalidate

Pragma

no-cache

Content-Security-Policy

default-src https: data: 'unsafe-inline' 'unsafe-eval'

Strict-Transport-Security

max-age=31536000; includeSubdomains