Custom HTTP Headers

The CEP allows adding custom HTTP headers by modifying the default web server (Nginx) configuration. You can also enable default security headers by configured the CEP_SECURITY_HTTP_HEADER parameter.

Default custom-headers.conf

add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options deny;
add_header Content-Security-Policy "frame-ancestors 'none';";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

docker-compose.yml

    volumes:
      - ./custom-headers.conf:/etc/nginx/conf.d/headers.include