I'm running a webpage that is protected with KEMP ESP FBA login page. When scanning the site with securityheaders.com it obviously scans the ESP FBA login page, as securityheaders.com is unable to authenticate. I'm now being flagged with D rating because the FBA page is missing security headers and unfortunately I'm unable to find any option in KEMP LoadMaster to apply them :(
I tried adding header rules to the VS, but these kick in after you successfully login, so don't help with the rating.
The only header that can be added in the interface is Strict-Transport-Security, but even that one is flagged by securityheaders.com as not having the proper max-age value :(
Isn't there really any option to add these headers to the ESP FBA page?
Cheers, Marcin
Andrew Spagnuolo
Hi Marcin,
Could you tell me where exactly you are attempting to add these security rules?
Have you followed our article on the topic? https://support.kemptechnologies.com/hc/en-us/articles/9328173537805-Add-Security-Headers
You would want to make sure you are adding these as "Response Rules"
Best Regards,