Created
November 22, 2017 06:03
-
-
Save troyfontaine/621af8194f01294fff36ede485c4d7cc to your computer and use it in GitHub Desktop.
HAProxy Security Headers (1.6+)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sampling of security headers | |
| http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
| http-response set-header X-Frame-Options SAMEORIGIN | |
| http-response set-header X-XSS-Protection "1; mode=block" | |
| http-response set-header Referrer-Policy no-referrer-when-downgrade |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Woops, I guess I didn't receive a notification on your comments @GitAlik, these go in the frontend-ideally after your bind but before your ACLs (at least, that's how I organize them).