diff options
author | Micah Anderson <micah@riseup.net> | 2016-10-24 11:31:41 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-10-24 11:31:41 -0400 |
commit | 4db1e7c4454ea05c524be4cc385ede1bab2e1be4 (patch) | |
tree | 0d01b73db0d4f4a6ed110bc4e135196376d304e4 | |
parent | 53ddc64b6aa98653b35b23c334df605ed26ea60b (diff) |
Set X-XSS-Protection HTTP response header to '1'.
This HTTP response header enables the Cross-site scripting (XSS) filter
built into some modern web browsers. This header is usually enabled by
default anyway, so the role of this header is to re-enable the filter
if it was disabled maliciously, or by accident.
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index 5e27a9e4..e68b9ebe 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -23,6 +23,7 @@ Listen 0.0.0.0:<%= @api_port %> <% end -%> Header always unset X-Powered-By Header always unset X-Runtime + Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-Options: nosniff </IfModule> |