From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Wed, 2 Nov 2016 13:16:58 +0000 (+0100)
Subject: pfizer - security header also on test
X-Git-Tag: v0.1.0~3872
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=1400b8f0bcb3d81731d87d728a95d3cbc6d69373;p=pixelpark%2Fhiera.git

pfizer - security header also on test
---

diff --git a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
index fba191c9..2e888526 100644
--- a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
@@ -610,6 +610,11 @@ site::profile::apache::pp_vhosts:
     docroot_owner: apache
     docroot_group: apache
     docroot_mode: '0770'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -639,6 +644,11 @@ site::profile::apache::pp_vhosts:
     docroot_mode: '0770'
     error_documents:
       - { error_code: 404 , document: "/error/" }
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -667,6 +677,11 @@ site::profile::apache::pp_vhosts:
     docroot_group: apache
     docroot_mode: '0770'
     fallbackresource: '/404.html'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -696,6 +711,11 @@ site::profile::apache::pp_vhosts:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -732,6 +752,11 @@ site::profile::apache::pp_vhosts:
     docroot_owner: apache
     docroot_group: apache
     docroot_mode: '0770'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -762,6 +787,11 @@ site::profile::apache::pp_vhosts:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -805,6 +835,11 @@ site::profile::apache::pp_vhosts:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -843,6 +878,11 @@ site::profile::apache::pp_vhosts:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -878,6 +918,11 @@ site::profile::apache::pp_vhosts:
     docroot_owner: apache
     docroot_group: apache
     docroot_mode: '0770'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -905,6 +950,11 @@ site::profile::apache::pp_vhosts:
     docroot_owner: apache
     docroot_group: apache
     docroot_mode: '0770'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -932,6 +982,11 @@ site::profile::apache::pp_vhosts:
     docroot_owner: apache
     docroot_group: apache
     docroot_mode: '0770'
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - directory_root:
         provider: directory
@@ -966,6 +1021,11 @@ site::profile::apache::pp_vhosts:
     passenger_app_env: development
     docroot_owner: apache
     docroot_group: apache
+    headers:
+      - 'always unset "X-Powered-By"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - docroot:
         provider: directory