I have deployed an nginx ingress controller in my eks cluster. I want to add more security to my nginx deployment i.e add content-security-policy header and the below
X-Frame-Options:
Content-Security-Policy:
X-Content-Type-Options:
X-XSS-Protection:
Is there any document i can follow to do it. please help.
I added in the configmap and turns out it didn't help as well.
Thanks
you can try this
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Frame-Options: Deny";
more_set_headers "X-Xss-Protection: 1; mode=block";
more_set_headers "X-Content-Type-Options: nosniff";
more_clear_headers "Cache-Control";
more_set_headers "Cache-Control: must-revalidate";
proxy_set_header l5d-dst-override
Here is the list of all nginx-configuration-annotations
This fixes my issue and verifies it using zaproxy