From a10753271d9c5c0f6e3717f537a46b7fbb26af41 Mon Sep 17 00:00:00 2001
From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Wed, 16 Aug 2017 12:32:00 +0200
Subject: [PATCH] update headers

---
 customer/spk-spar-checker/test.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index d01db90a..6c0a42c1 100644
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -54,6 +54,11 @@ infra::profile::apache::pp_vhosts:
         auth_digest_algorithm: MD5
         auth_user_file: '/etc/httpd/htdigest'
         auth_require: 'valid-user'
+    headers:
+      - 'always set X-XSS-Protection "1; mode=block"'
+      - 'always set X-Frame-Options "SAMEORIGIN"'
+      - 'always set X-Content-Type-Options "nosniff"'
+      - "set Content-Security-Policy: \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;"
     setenvif:
       - 'HTTPS on X-Forwarded-Proto=https'
       - 'HTTPS on HTTPS=on'
-- 
2.39.5