Kronos

Kronos is a WASM filter for Envoy intended to add header security inspired by HelmetJS when serving content to the browser with response headers. Ideally the WASM filter should sit on the pod that is serving traffic to a browser.

Installation via CLI

To deploy via gloo and wasme:
wasme deploy gloo webassemblyhub.io/haggs/kronos:latest --id=kronos
via istio and wasme:
wasme deploy istio webassemblyhub.io/haggs/kronos:latest --id=kronos

Alternatively you can apply the FilterDeployment resource (see example FilterDeployment)

Example

See an example with detailed instructions in the example directory.

Features

Currently Kronos supports the following headers:

X-XSS_Protection: 1 X-XSS-Protection
X-Frame-Options: SAMEORIGIN X-Frame-Options
X-Content-Type-Options: nosniff X-Content-Type-Options
X-Download-Options: noopen
Strict-Transport-Security: max-age=5184000. Strict Transport Security

Reference

WASM Hub Link:
https://webassemblyhub.io/repositories/174/kronos

For more information on security headers see OWASP Secure Headers Project

To test your website for remediation I recommend the Key CDN HTTP Header Checker Tool or comprehensively grade your website with: https://securityheaders.com/

blhagadorn/kronos

Kronos

Installation via CLI

Example

Features

Reference