Disabling JIRA Security Headers with proxy

Hi all,

Our team is currently looking to embed a JIRA service desk support portal into a web page owned by our company. The issue here is that these web sites have different URL’s. This means that when we attempt to embed the page the security headers in JIRA prevent this. I found that we can disable them for the whole JIRA instance using https://confluence.atlassian.com/jirakb/security-headers-in-jira-939919914.html . This solution though, fails our companies security policy. I was wondering if there would be a way to disable these for certain outbound addresses using our proxy. IE, only remove the headers when traffic is going to a certain destination.

Any ideas? or have I taken the entirely wrong approach to this?

What webserver are you using? This seems reasonable to me.

I believe that we are currently using apache tomcat.

Pardon, Tomcat is the embedded web container that Jira runs within. For your proxy, what are you using? Perhaps Apache HTTPD or Nginix? HAProxy?

I checked and it appears that we are using Apache HTTPD. Sorry for any confusion and thanks for the help