prysm-pulse/validator/web/headers.go
2021-10-15 12:40:23 +02:00

15 lines
549 B
Go

package web
import "net/http"
func addSecurityHeaders(w http.ResponseWriter) {
// Deny displaying the web UI in any iframe.
w.Header().Add("X-Frame-Options", "DENY")
// Prevent xss in case a malicious HTML markup is served in any page.
w.Header().Add("X-Content-Type-Options", "nosniff")
// Prevent opening site in pop-up window to exploit cross-site leaks.
w.Header().Add("Cross-Origin-Opener-Policy", "same-origin-allow-popups")
// Prevent embedding from another resource.
w.Header().Add("Cross-Origin-Resource-Policy", "same-origin")
}