Add HTTP Headers settings to the recommendations section

2020-07-23 11:12:35 -04:00 · 2020-07-23 11:12:35 -04:00 · e2c2e77415
parent 23d0433596
commit e2c2e77415
1 changed files with 3 additions and 0 deletions
--- a/website/pages/docs/internals/security.mdx
+++ b/website/pages/docs/internals/security.mdx
@ -212,6 +212,9 @@ environment.
 * **[TLS Settings](/docs/configuration/tls)** -
    TLS settings, such as the available [cipher suites](/docs/configuration/tls#tls_cipher_suites), should be tuned to fit the needs of your environment.

+* **[HTTP Headers](/docs/configuration#http_api_response_headers)** -
+    Additional security [headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers), such as [`X-XSS-Protection`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection), can be [configured](/docs/configuration#http_api_response_headers) for HTTP API responses. 
+
 ### Threat Model

 The following are parts of the Nomad threat model: