Security Headers Server Configurations - Server configurations for security headers. - Administrator Guide - 6.10 - Cortex XSOAR - Cortex

Security Headers Server Configurations - Server configurations for security headers. - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product

Cortex XSOAR

Version

6.10

Creation date

2022-10-13

Last date published

2025-04-02

End_of_Life

EoL

Category

Administrator Guide

Abstract

Server configurations for security headers.

Key	Description	Default
`http.same.site.cookie.attribute`	Sets the `SAMESITE` cookie value to `lax` or `strict` `lax` enables the cookie to be sent on some cross-site requests. `strict`, dooes not allow the cookie to be sent on a cross-site request. Setting to `strict` can cause issues when configuring SSO.	`lax`
`security.hsts.maxage`	Sets the `Max-Age` attribute the number of required seconds that the cookie should expire.	`31536000`
`security.hsts.preload`	Users are not protected until after their first successful secure connection to a given domain (false). Can be set by changing to `true`.	`false`
`content.security.policy.header.enabled`	The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page.	`false`