Add:
AutoCert:
CSRFField:
CSRFSecret:
Certs:
Exceptions:
Headers:
LogDir:
Logs:
Methods:
Remove:
Replace:
Routes:
SkipDetection:
URLLength:
UploadSizeMB:
UploadTypes:
WAF:
Headers
Add some custom headers with Headers
param:
Headers:
Content-Security-Policy: default-src 'self'
Feature-Policy: "autoplay none; camera none; display-capture none; document-domain none; encrypted-media none; fullscreen none; geolocation none; microphone none; midi none; notifications none; push none; sync-xhr none; magnetometer none; gyroscope none; speaker self; vibrate none; fullscreen self; payment none; "
Remove unwanted headers
Prefix header with “-” to remove header:
Headers:
-Server:
-X-Ruxy:
Default headers
For security reasons some sefault headers are set by default:
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Referrer-Policy: no-referrer
Strict-Transport-Security:
And some removed:
Server
X-Version
X-Powered-By
X-AspNet-Version
X-AspNetMvc-Version