Security Headers Server Configurations - Administrator Guide - EoL - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-07-16
Category
Administrator Guide
End of Life > EoL
Abstract

Server configurations for security headers.

Key

Description

Default

http.same.site.cookie.attribute

Sets the SAMESITE cookie value to lax or strict

lax enables the cookie to be sent on some cross-site requests. strict, dooes not allow the cookie to be sent on a cross-site request.

Setting to strict can cause issues when configuring SSO.

lax

security.hsts.maxage

Sets the Max-Age attribute the number of required seconds that the cookie should expire.

31536000

security.hsts.preload

Users are not protected until after their first successful secure connection to a given domain (false). Can be set by changing to true.

false