Security Headers Server Configurations - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product: Cortex XSOAR
Version: 6.10
Creation date: 2022-10-13
Last date published: 2023-12-06
Category: Administrator Guide

Key	Description	Default
`http.same.site.cookie.attribute`	Sets the `SAMESITE` cookie value to `lax` or `strict` `lax` enables the cookie to be sent on some cross-site requests. `strict`, dooes not allow the cookie to be sent on a cross-site request. Setting to `strict` can cause issues when configuring SSO.	`lax`
`security.hsts.maxage`	Sets the `Max-Age` attribute the number of required seconds that the cookie should expire.	`31536000`
`security.hsts.preload`	Users are not protected until after their first successful secure connection to a given domain (false). Can be set by changing to `true`.	`false`
`content.security.policy.header.enabled`	The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page.	`false`