Skip to Content
0
Former Member
May 29, 2018 at 04:35 PM

Adding Response Headers in Hybris

2479 Views

I'm running Hybris 6.3 and trying to add the following HTTP response headers globally:

  • X-XSS-Protection: 1; mode=block

  • Strict-Transport-Security: max-age=31536000 ; includeSubDomains

  • X-Frame-Options: DENY

  • Content-Security-Policy: default-src 'self'

In the storefront project, I added the following to spring-security-config.xml:

 <security:headers>
       <security:frame-options policy="DENY" />
       <security:hsts include-subdomains="true" max-age-seconds="31536000" />
       <security:xss-protection block="true" />
       <security:content-security-policy policy-directives="default-src 'self'" />
 </security:headers>

When I look at the headers in Chrome, I only see that it added the X-Frame-Options header and not the others.

Has anyone seen this behavior before?