Skip to content

Commit 0abbbd9

Browse files
ansibleguyansibleguy
committed
update referer-policy and strict-transport-policy header-defaults
1 parent 7e5c81b commit 0abbbd9

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

defaults/main/1_main.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,10 +177,11 @@ defaults_backend:
177177

178178
# NOTE: if your application adds these response headers - they will not be overwritten
179179
defaults_security_headers:
180-
Strict-Transport-Security: 'max-age=16000000; includeSubDomains; preload;'
180+
Strict-Transport-Security: 'max-age=31536000; includeSubdomains; preload'
181181
X-Frame-Options: 'SAMEORIGIN' # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
182182
X-Content-Type-Options: 'nosniff' # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
183183
X-Permitted-Cross-Domain-Policies: 'none'
184+
Referrer-Policy: 'strict-origin-when-cross-origin' # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
184185

185186
defaults_frontend_route:
186187
domains: []

0 commit comments

Comments
 (0)