Security Headers Server Configurations - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-05-22
End_of_Life
EoL
Category
Administrator Guide
Abstract

Server configurations for security headers.

Key

Description

Default

http.same.site.cookie.attribute

Sets the SAMESITE cookie value to lax or strict

lax enables the cookie to be sent on some cross-site requests. strict, dooes not allow the cookie to be sent on a cross-site request.

Setting to strict can cause issues when configuring SSO.

lax

security.hsts.maxage

Sets the Max-Age attribute the number of required seconds that the cookie should expire.

31536000

security.hsts.preload

Users are not protected until after their first successful secure connection to a given domain (false). Can be set by changing to true.

false

content.security.policy.header.enabled

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page.

false