diff options
author | fett0 <fernando.gmaidana@gmail.com> | 2023-12-02 12:11:56 +0000 |
---|---|---|
committer | fett0 <fernando.gmaidana@gmail.com> | 2023-12-02 12:11:56 +0000 |
commit | db51546edd653d3637cb26d6957ce5222d44d395 (patch) | |
tree | 2207af57bef10458dde6526d7a2db2867dce8944 | |
parent | cc11f6756e3cf1ced17320b57d4f958fe8fb354c (diff) | |
download | vyos-1x-db51546edd653d3637cb26d6957ce5222d44d395.tar.gz vyos-1x-db51546edd653d3637cb26d6957ce5222d44d395.zip |
T5796:add/fixed OCSERV HTTP security headers
-rw-r--r-- | data/templates/ocserv/ocserv_config.j2 | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2 index 1401b8b26..80ba357bc 100644 --- a/data/templates/ocserv/ocserv_config.j2 +++ b/data/templates/ocserv/ocserv_config.j2 @@ -119,4 +119,20 @@ split-dns = {{ tmp }} {% for grp in authentication.group %} select-group = {{ grp }} {% endfor %} -{% endif %}
\ No newline at end of file +{% endif %} + + +# HTTP security headers +included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains +included-http-headers = X-Frame-Options: deny +included-http-headers = X-Content-Type-Options: nosniff +included-http-headers = Content-Security-Policy: default-src ´none´ +included-http-headers = X-Permitted-Cross-Domain-Policies: none +included-http-headers = Referrer-Policy: no-referrer +included-http-headers = Clear-Site-Data: "cache","cookies","storage" +included-http-headers = Cross-Origin-Embedder-Policy: require-corp +included-http-headers = Cross-Origin-Opener-Policy: same-origin +included-http-headers = Cross-Origin-Resource-Policy: same-origin +included-http-headers = X-XSS-Protection: 0 +included-http-headers = Pragma: no-cache +included-http-headers = Cache-control: no-store, no-cache |