From b3974cb52a2eb5bf2201af6b5e82410024b643e9 Mon Sep 17 00:00:00 2001
From: r4sas <r4sas@i2pmail.org>
Date: Fri, 10 Apr 2020 02:34:47 +0000
Subject: [PATCH] [webconsole] security hardening headers (closes #1464)

Signed-off-by: r4sas <r4sas@i2pmail.org>
---
 daemon/HTTPServer.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/daemon/HTTPServer.cpp b/daemon/HTTPServer.cpp
index 5eac08a9..f93c3531 100644
--- a/daemon/HTTPServer.cpp
+++ b/daemon/HTTPServer.cpp
@@ -1141,6 +1141,8 @@ namespace http {
 	void HTTPConnection::SendReply (HTTPRes& reply, std::string& content)
 	{
 		reply.add_header("X-Frame-Options", "SAMEORIGIN");
+		reply.add_header("X-Content-Type-Options", "nosniff");
+		reply.add_header("X-XSS-Protection", "1; mode=block");
 		reply.add_header("Content-Type", "text/html");
 		reply.body = content;