Which of the following approaches would meet this requirement?

September 14, 2021 by Admin

A Security Engineer must add additional protection to a legacy web application by adding the following HTTP security headers:

-Content Security-Policy
-X-Frame-Options
-X-XSS-Protection

The Engineer does not have access to the source code of the legacy web application.
Which of the following approaches would meet this requirement?

  • Configure an Amazon Route 53 routing policy to send all web traffic that does not include the required headers to a black hole.
  • Implement an AWS [email protected] origin response function that inserts the required headers.
  • Migrate the legacy application to an Amazon S3 static website and front it with an Amazon CloudFront distribution.
  • Construct an AWS WAF rule to replace existing HTTP headers with the required security headers by using regular expressions.

Leave a Reply