From e2c2e77415ef0cdcc923a56b3bce82c92b5063b1 Mon Sep 17 00:00:00 2001
From: Kent 'picat' Gruber <kent@hashicorp.com>
Date: Thu, 23 Jul 2020 11:12:35 -0400
Subject: [PATCH] Add HTTP Headers settings to the recommendations section

---
 website/pages/docs/internals/security.mdx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/pages/docs/internals/security.mdx b/website/pages/docs/internals/security.mdx
index a24dc58a7..f70f546f7 100644
--- a/website/pages/docs/internals/security.mdx
+++ b/website/pages/docs/internals/security.mdx
@@ -212,6 +212,9 @@ environment.
 * **[TLS Settings](/docs/configuration/tls)** -
     TLS settings, such as the available [cipher suites](/docs/configuration/tls#tls_cipher_suites), should be tuned to fit the needs of your environment.
 
+* **[HTTP Headers](/docs/configuration#http_api_response_headers)** -
+    Additional security [headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers), such as [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be [configured](/docs/configuration#http_api_response_headers) for HTTP API responses. 
+
 ### Threat Model
 
 The following are parts of the Nomad threat model: