mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-22 03:30:35 +00:00
15 lines
549 B
Go
15 lines
549 B
Go
package web
|
|
|
|
import "net/http"
|
|
|
|
func addSecurityHeaders(w http.ResponseWriter) {
|
|
// Deny displaying the web UI in any iframe.
|
|
w.Header().Add("X-Frame-Options", "DENY")
|
|
// Prevent xss in case a malicious HTML markup is served in any page.
|
|
w.Header().Add("X-Content-Type-Options", "nosniff")
|
|
// Prevent opening site in pop-up window to exploit cross-site leaks.
|
|
w.Header().Add("Cross-Origin-Opener-Policy", "same-origin-allow-popups")
|
|
// Prevent embedding from another resource.
|
|
w.Header().Add("Cross-Origin-Resource-Policy", "same-origin")
|
|
}
|