Security Headers Server Configurations - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2023-12-06
Category
Administrator Guide

Key

Description

Default

http.same.site.cookie.attribute

Sets the SAMESITE cookie value to lax or strict

lax enables the cookie to be sent on some cross-site requests. strict, dooes not allow the cookie to be sent on a cross-site request.

Setting to strict can cause issues when configuring SSO.

lax

security.hsts.maxage

Sets the Max-Age attribute the number of required seconds that the cookie should expire.

31536000

security.hsts.preload

Users are not protected until after their first successful secure connection to a given domain (false). Can be set by changing to true.

false

content.security.policy.header.enabled

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page.

false