diff options
| author | fett0 <fernando.gmaidana@gmail.com> | 2023-12-04 19:41:15 +0000 |
|---|---|---|
| committer | fett0 <fernando.gmaidana@gmail.com> | 2023-12-04 19:41:15 +0000 |
| commit | 605d183d01ff1ab16a8a02db6534ddaca69a4a52 (patch) | |
| tree | 10a1e73895a13c911b330696f5a68f674a743baf /data | |
| parent | 5d42ac22b2dd152327ed7c12d13faf01268dd363 (diff) | |
| download | vyos-1x-605d183d01ff1ab16a8a02db6534ddaca69a4a52.tar.gz vyos-1x-605d183d01ff1ab16a8a02db6534ddaca69a4a52.zip | |
T5796:add/fixed OCSERV HTTP security headers
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index 8a394f0ac..ce03d9107 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -84,3 +84,19 @@ route = {{ network_settings.push_route }} route = {{ route }} {% endfor %} {% endif %} + + +# HTTP security headers +included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains +included-http-headers = X-Frame-Options: deny +included-http-headers = X-Content-Type-Options: nosniff +included-http-headers = Content-Security-Policy: default-src ´none´ +included-http-headers = X-Permitted-Cross-Domain-Policies: none +included-http-headers = Referrer-Policy: no-referrer +included-http-headers = Clear-Site-Data: "cache","cookies","storage" +included-http-headers = Cross-Origin-Embedder-Policy: require-corp +included-http-headers = Cross-Origin-Opener-Policy: same-origin +included-http-headers = Cross-Origin-Resource-Policy: same-origin +included-http-headers = X-XSS-Protection: 0 +included-http-headers = Pragma: no-cache +included-http-headers = Cache-control: no-store, no-cache |