Security Headers

Security Headers

As of Unified Workspace 7.0 HTTP Headers can be added to UW responses.

We suggest adding the following Security Headers.

Header
Value
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' data:
Permissions-Policy
autoplay=(), encrypted-media=(), fullscreen=(self), payment=()
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Xss-Protection
1; mode=block
Strict-Transort-Security
max-age=31536000; includeSubDomains

The HTTP Headers are added to the Login Policy object:
  1. Open the webAdmin Dashboard
  2. Expand Tree Root
  3. Browse to the DefaultLoginPolicy
  4. Add the listed headers to the HTTP Header(s) field
    1. Click the +
    2. Enter the Header Name and Value
    3. Click OK
  5. Click the Save button

The webNetwork service needs to be restarted on each relay server for it to begin adding the headers.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • Security headers preventing virtual app from working

        Some sites have some headers that help prevent where data can be displayed.  They might look like this one from the adp.com site. X-Content-Security-Policy=default-src 'self' *.adp.com *.google.com ; frame-src * ; img-src * ; options inline-script ...

      • Security Information alert from browser

        Issue: When connecting to a site through a webApp, like Microsoft SharePoint server,  through stoneware, ie shows the message "Security Information alert : The page contains both secure and nonsecure items" How can we fix it? Solution: This comes ...

      • Enable - Disable httpOnly security flag

        By default in 6.4 Java Applets are now disabled due to best practices of secure cookie handling. After upgrading to 6.4 and running the system check you may see an alert such as  :  "Due to a security configuration, Java Applets are not supported." ...

      • Google Security Checkup warning about UW access

        Issue Google Security Checkup warns about the user's webStorage access to Google Drive as a possible security vulnerability. This is due to the developer being an Unverified developer.  Unfortunately, Google verifies each application site ...

      • webApp causes a Security Information alert

        Issue: We have a web app that works fine except we get the Security Information alert : The page contains both secure and nonsecure items.  If you click on No, a couple of graphics don’t show up but the rest of the page is fine.  What can we do ...