Security headers

PowerVC uses the HSTS, X-XSS-Protection, and X-Content-Type-Options type HTTP security response headers.

  • HSTS: A security policy that allows browsers to interact with a web server only by using secure HTTPS connections, instead of HTTP. The HSTS mechanism acts as an enhanced security layer when users access PowerVC by using a web browser.
    For the HSTS header feature to work with PowerVC, the below conditions must be satisfied.
    • Ensure that the certificate is installed correctly on the browser without any errors.
    • Access PowerVC with the host name rather than the IP address.
  • X-XSS-Protection: Stops pages from loading when they detect reflected cross-site scripting attacks.
  • X-Content-Type-Options: A marker used by the server to indicate that the MIME types advertised in the Content-Type headers must not be changed and be followed.