My Oracle Support Banner

[OCI-C LBaaS] How To Suppress Both "X-Frame-Options" and "Strict-Transport-Security" Headers in Oracle OCI-Classic Load Balancer (Doc ID 2435410.1)

Last updated on FEBRUARY 25, 2019

Applies to:

Oracle Compute Cloud Service - Version N/A to N/A
Information in this document applies to any platform.

Goal

With OCI-Classic Load Balancer as a Service (LBaaS), the string "HTTP Strict-Transport-Security" (HSTS) might be seen appended to an HTTP header.  The goal of this document is to explain how to set an LBaaS policy to disable this HSTS response header.

 

HTTP Strict-Transport-Security (HSTS) is an industry standard, created to prevent man-in-the-middle attacks. See the following 3rd party links for more information on HSTS.
https://https.cio.gov/hsts/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
https://tools.ietf.org/html/rfc6797

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.