From 605d183d01ff1ab16a8a02db6534ddaca69a4a52 Mon Sep 17 00:00:00 2001 From: fett0 Date: Mon, 4 Dec 2023 19:41:15 +0000 Subject: T5796:add/fixed OCSERV HTTP security headers --- data/templates/ocserv/ocserv_config.tmpl | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index 8a394f0ac..ce03d9107 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -84,3 +84,19 @@ route = {{ network_settings.push_route }} route = {{ route }} {% endfor %} {% endif %} + + +# HTTP security headers +included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains +included-http-headers = X-Frame-Options: deny +included-http-headers = X-Content-Type-Options: nosniff +included-http-headers = Content-Security-Policy: default-src ´none´ +included-http-headers = X-Permitted-Cross-Domain-Policies: none +included-http-headers = Referrer-Policy: no-referrer +included-http-headers = Clear-Site-Data: "cache","cookies","storage" +included-http-headers = Cross-Origin-Embedder-Policy: require-corp +included-http-headers = Cross-Origin-Opener-Policy: same-origin +included-http-headers = Cross-Origin-Resource-Policy: same-origin +included-http-headers = X-XSS-Protection: 0 +included-http-headers = Pragma: no-cache +included-http-headers = Cache-control: no-store, no-cache -- cgit v1.2.3