Werk #13194: Add several security HTTP headers

Komponente Setup
Titel Add several security HTTP headers
Datum 11.10.2021
Checkmk-Editon Checkmk Raw (CRE)
Checkmk-Version 2.1.0i1
Level Kleine Änderung
Klasse Neues Feature
Kompatibilität Kompatibel - benötigt kein manuelles Eingreifen

This werk adds the following security headers:

  • X-Frame-Options: sameorigin Only websites hosted on the same domain are allowed to include CMK as an frame. The Content-Security-Policy already constrains this.
  • X-XSS-Protection: 1; mode=block Enables the browser buitin XSS protection.
  • X-Permitted-Cross-Domain-Policies: none We do not ship cross-domain policies so we disable them with this header.
  • Referrer-Policy: origin-when-cross-origin Only send the origin as Referer to other sites.

You can overwrite these settings in the Apache config if you need to.

Zur Liste aller Werks