Request Headers
| Name | Value |
|---|---|
| HEADERS_ENABLED | If enabled security headers will be sent with requests making the application more secure. Default: true |
| HEADERS_X_FRAME_OPTIONS | This defines whether or not users are allowed to display the site in an iframe on another website. For more information please visit - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Frame-Options Default: "SAMEORIGIN" |
| HEADERS_X_CONTENT_TYPE_OPTIONS | This defines how the MIME types sent in request headers should be respected. For more information please visit - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options Default: "nosniff" |
| HEADERS_CSP | This defines what and where code is allowed to run. For more information please visit - https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP Default: none |