PowerVC uses the HSTS, X-XSS-Protection, and X-Content-Type-Options type HTTP security response headers.
- HSTS: A security policy that allows browsers to interact with a web server only by using
secure HTTPS connections, instead of HTTP. The HSTS mechanism acts as an enhanced security layer
when users access PowerVC by using a web browser. For the HSTS header feature to work with PowerVC, the below conditions must be satisfied.
- Ensure that the certificate is installed correctly on the browser without any errors.
- Access PowerVC with the host name rather than the IP address.
- X-XSS-Protection: Stops pages from loading when they detect reflected cross-site scripting attacks.
- X-Content-Type-Options: A marker used by the server to indicate that the MIME types advertised in the Content-Type headers must not be changed and be followed.