summaryrefslogtreecommitdiff
path: root/data/templates/ocserv/ocserv_config.tmpl
diff options
context:
space:
mode:
authorfett0 <fernando.gmaidana@gmail.com>2023-12-04 19:41:15 +0000
committerfett0 <fernando.gmaidana@gmail.com>2023-12-04 19:41:15 +0000
commit605d183d01ff1ab16a8a02db6534ddaca69a4a52 (patch)
tree10a1e73895a13c911b330696f5a68f674a743baf /data/templates/ocserv/ocserv_config.tmpl
parent5d42ac22b2dd152327ed7c12d13faf01268dd363 (diff)
downloadvyos-1x-605d183d01ff1ab16a8a02db6534ddaca69a4a52.tar.gz
vyos-1x-605d183d01ff1ab16a8a02db6534ddaca69a4a52.zip
T5796:add/fixed OCSERV HTTP security headers
Diffstat (limited to 'data/templates/ocserv/ocserv_config.tmpl')
-rw-r--r--data/templates/ocserv/ocserv_config.tmpl16
1 files changed, 16 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl
index 8a394f0ac..ce03d9107 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.tmpl
@@ -84,3 +84,19 @@ route = {{ network_settings.push_route }}
route = {{ route }}
{% endfor %}
{% endif %}
+
+
+# HTTP security headers
+included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains
+included-http-headers = X-Frame-Options: deny
+included-http-headers = X-Content-Type-Options: nosniff
+included-http-headers = Content-Security-Policy: default-src ´none´
+included-http-headers = X-Permitted-Cross-Domain-Policies: none
+included-http-headers = Referrer-Policy: no-referrer
+included-http-headers = Clear-Site-Data: "cache","cookies","storage"
+included-http-headers = Cross-Origin-Embedder-Policy: require-corp
+included-http-headers = Cross-Origin-Opener-Policy: same-origin
+included-http-headers = Cross-Origin-Resource-Policy: same-origin
+included-http-headers = X-XSS-Protection: 0
+included-http-headers = Pragma: no-cache
+included-http-headers = Cache-control: no-store, no-cache