[webconsole] security hardening headers (closes #1464)

Signed-off-by: r4sas <r4sas@i2pmail.org>
2020-04-10 02:34:47 +00:00
parent b7c206c44b
commit b3974cb52a
1 changed files with 2 additions and 0 deletions
--- a/daemon/HTTPServer.cpp
+++ b/daemon/HTTPServer.cpp
@@ -1141,6 +1141,8 @@ namespace http {
 	void HTTPConnection::SendReply (HTTPRes& reply, std::string& content)
 	{
 		reply.add_header("X-Frame-Options", "SAMEORIGIN");
+		reply.add_header("X-Content-Type-Options", "nosniff");
+		reply.add_header("X-XSS-Protection", "1; mode=block");
 		reply.add_header("Content-Type", "text/html");
 		reply.body = content;