Configuring Security Rules
Perform the following steps to add security headers to your PingFederate runtime configuration:
1. Edit the response-header-runtime-config.xml file located in the <pf_install>/pingfederate/server/default/data/config-store directory by adding the following:
<con:map name="X-XSS-Protection">
<con:item name="include-patterns">*</con:item>
<con:item name="value">1; mode=block</con:item>
</con:map>
<con:map name="X-Content-Type-Options">
<con:item name="include-patterns">*</con:item>
<con:item name="value">nosniff</con:item>
</con:map>
2. Save your changes.
3. Restart PingFederate.