NetScaler Security – HTTP Headers

These steps should be carried out to raise the security level in HTTP Header security for a given web application controlled by NetScaler.

We will be utilizing NetScaler AppExpert and Rewrite engine to meet the objectives.
Note. Always implement in a test environment, to verify the impact of this change before moving configuration change to Production.

Configuration Guideline – Remove sensible header info from web server

In most scenarios there is no need for web servers to expose the application versions, platform etc.

These policies should be bound in Rewrite Response.

Configuration Guideline – Add secure HTTP headers

Security headers can be verified by using this web site:
SecurityHeaders.io

These policies should be bound in Rewrite Request.

Leave a Reply