Hi All
I need help with the security header updates for Chronograf. Do we have a file to address this setting?
X-Frame-Options:
Apache: Header always append X-Frame-Options SAMEORIGIN
nginx: add_header X-Frame-Options SAMEORIGIN;
HAProxy: rspadd X-Frame-Options:\ SAMEORIGIN
IIS:
X-XSS-Protection:
Apache: Header always set X-XSS-Protection “1; mode=block”
PHP: header(“X-XSS-Protection: 1; mode=block”);
X-Content-Type-Options:
Apache: Header always set X-Content-Type-Options: nosniff
HTTP Strict-Transport-Security:
Apache: Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains”
Nginx: add_header Strict-Transport-Security max-age=31536000;
Thanks and Regards,
Deepthi