Adding security headers to the virtual host

This procedure applies to IBM HTTP Servers only.

  1. Log on to the WebSphere Administrative Console.
  2. Click Server > Server Types > Web Servers.
  3. Select the Web Server.
  4. In Additional Properties, click Configuration File.
  5. Locate the virtual host.
  6. Specify the Security Headers: 
    Header set Content-Security-Policy "frame-ancestors 'self'"
Header set X-Frame-Options "SAMEORIGIN"
Header unset X-Powered-By
Header set X-Content-Type-Options "nosniff"
  7. Click OK.
  8. Click Apply.
  9. In the messages box, click Save.
  10. Restart the web server.