Collector Response Headers

Follow
Avatar
O A

Collectors today respond with the following headers:

  • HTTP/1.1 200 OK
  • Date: Thu, 17 Dec 2015 19:53:07 GMT
  • Strict-Transport-Security: max-age=15552000
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: SAMEORIGIN
  • X-XSS-Protection: 1; mode=block
  • Content-Length: 0
  • Connection: keep-alive

First and most importantly, the following header must be added to allow ajax calls to the collector:

  • Access-Control-Allow-Origin: *

Second, the following headers are completely redundant since there is never any content in the response:

  • Strict-Transport-Security: max-age=15552000
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: SAMEORIGIN
  • X-XSS-Protection: 1; mode=block

Removing them will reduce outgoing bandwidth load from SL collectors servers. These headers are related to content in any case, and there is none.

 

2

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post