{ "id": "headers", "order": 999, "name": "Headers", "description": "Manage HTTP headers sent to clients.", "version": "0.1", "settings": { "CUSTOM_HEADER": { "context": "multisite", "default": "", "help": "Custom header to add (HeaderName: HeaderValue).", "id": "custom-header", "label": "Custom header (HeaderName: HeaderValue)", "regex": "^.*$", "type": "text", "multiple": "custom-headers" }, "REMOVE_HEADERS": { "context": "multisite", "default": "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version", "help": "Headers to remove (Header1 Header2 Header3 ...)", "id": "remove-headers", "label": "Remove headers", "regex": "^.*$", "type": "text" }, "STRICT_TRANSPORT_SECURITY": { "context": "multisite", "default": "max-age=31536000", "help": "Value for the Strict-Transport-Security header.", "id": "strict-transport-security", "label": "Strict-Transport-Security", "regex": "^.*$", "type": "text" }, "COOKIE_FLAGS": { "context": "multisite", "default": "* HttpOnly SameSite=Lax", "help": "Cookie flags automatically added to all cookies (value accepted for nginx_cookie_flag_module).", "id": "cookie-flags", "label": "Cookie flags", "regex": "^.*$", "type": "text" }, "COOKIE_AUTO_SECURE_FLAG": { "context": "multisite", "default": "yes", "help": "Automatically add the Secure flag to all cookies.", "id": "cookie-auto-secure-flag", "label": "Cookie auto Secure flag", "regex": "^(yes|no)$", "type": "check" }, "CONTENT_SECURITY_POLICY": { "context": "multisite", "default": "object-src 'none'; form-action 'self'; frame-ancestors 'self';", "help": "Value for the Content-Security-Policy header.", "id": "content-security-policy", "label": "Content-Security-Policy", "regex": "^.*$", "type": "text" }, "REFERRER_POLICY": { "context": "multisite", "default": "strict-origin-when-cross-origin", "help": "Value for the Referrer-Policy header.", "id": "referrer-policy", "label": "Referrer-Policy", "regex": "^.*$", "type": "text" }, "PERMISSIONS_POLICY": { "context": "multisite", "default": "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()", "help": "Value for the Permissions-Policy header.", "id": "permissions-policy", "label": "Permissions-Policy", "regex": "^.*$", "type": "text" }, "FEATURE_POLICY": { "context": "multisite", "default": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';", "help": "Value for the Feature-Policy header.", "id": "feature-policy", "label": "Feature-Policy", "regex": "^.*$", "type": "text" }, "X_FRAME_OPTIONS": { "context": "multisite", "default": "SAMEORIGIN", "help": "Value for the X-Frame-Options header.", "id": "x-frame-options", "label": "X-Frame-Options", "regex": "^.*$", "type": "text" }, "X_CONTENT_TYPE_OPTIONS": { "context": "multisite", "default": "nosniff", "help": "Value for the X-Content-Type-Options header.", "id": "x-content-type-options", "label": "X-Content-Type-Options", "regex": "^.*$", "type": "text" }, "X_XSS_PROTECTION": { "context": "multisite", "default": "1; mode=block", "help": "Value for the X-XSS-Protection header.", "id": "x-xss-protection", "label": "X-XSS-Protection", "regex": "^.*$", "type": "text" } } }