HTTP Security Header Not Detected in SSL VPN web aplication
I have a problem with the SSL VPN application.
The application does not contain some security headers.
I opened the call with the support, but the attendant did not help with anything effective. Just said that there are some fixes in version 5.4.8.
So I asked him to send me the result in the "curl -I https: //IP_OF_FOTIOS_5.4.8: PORT_OF_SSL_VPN --insecure" command, as evidenced by this being corrected.
Note that the headers are not present in the response sent by the support. So no correction was applied for this.
As an example, I put the output of the command executed in google, showing how it should be a safe response.
I would like to know if anyone knows if this is configurable in FORTIOS, and how does it work?
I have FG 80C.
We performed Security Scan and Pentest, so this vulnerability was detected.
I do not believe that a piece of equipment that is designed to provide security has such a silly failure.
There must be something that Fortigate has thought for this failure.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.