Werk #13194: Add several security HTTP headers
Komponente | Setup |
Titel | Add several security HTTP headers |
Datum | 11.10.2021 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 2.0.0p23 2.1.0b1 |
Level | Kleine Änderung |
Klasse | Neues Feature |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
This werk adds the following security headers:
LI:X-Frame-Options: sameorigin Only websites hosted on the same domain are allowed to include CMK as an frame. The Content-Security-Policy already constrains this. LI:X-XSS-Protection: 1; mode=block Enables the browser buitin XSS protection. LI:X-Permitted-Cross-Domain-Policies: none We do not ship cross-domain policies so we disable them with this header. LI:Referrer-Policy: origin-when-cross-origin Only send the origin as Referer to other sites.
You can overwrite these settings in the Apache config if you need to.