Mercurial > repos > other > Puppet
diff modules/website/manifests/https.pp @ 106:ef0926ee389a puppet-3.6
Lock down Apache headers for security, based on https://securityheaders.io/
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sat, 14 May 2016 17:10:10 +0100 |
parents | e50dab7495d7 |
children | 9337c9ce648a |
line wrap: on
line diff
--- a/modules/website/manifests/https.pp Sat Apr 23 16:28:47 2016 +0100 +++ b/modules/website/manifests/https.pp Sat May 14 17:10:10 2016 +0100 @@ -29,7 +29,10 @@ $logpart = $shortname $shortdomain = domain_to_short_domain($name) - $custom_conf0 = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"' + $custom_conf0 = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" +Header always set X-Xss-Protection "1; mode=block" +Header always set X-Content-Type-Options "nosniff" +Header always set X-Frame-Options "SAMEORIGIN"' if $force_no_index { $custom_conf1 = "$custom_conf0