summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2016-10-24 11:31:41 -0400
committerMicah Anderson <micah@riseup.net>2016-10-24 11:31:41 -0400
commit4db1e7c4454ea05c524be4cc385ede1bab2e1be4 (patch)
tree0d01b73db0d4f4a6ed110bc4e135196376d304e4 /puppet
parent53ddc64b6aa98653b35b23c334df605ed26ea60b (diff)
Set X-XSS-Protection HTTP response header to '1'.
This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter if it was disabled maliciously, or by accident.
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/api.conf.erb1
1 files changed, 1 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
index 5e27a9e4..e68b9ebe 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
@@ -23,6 +23,7 @@ Listen 0.0.0.0:<%= @api_port %>
<% end -%>
Header always unset X-Powered-By
Header always unset X-Runtime
+ Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options: nosniff
</IfModule>