From 14b1997659d7f7690c3bfac331fd6180521d34e6 Mon Sep 17 00:00:00 2001 From: hagen1778 Date: Mon, 30 Oct 2023 11:46:17 +0100 Subject: [PATCH] docs: rm mention of default values for security HTTP headers The headers, their corresponding flags are mentioned at https://docs.victoriametrics.com/#security Signed-off-by: hagen1778 (cherry picked from commit a64b37cf242472070791741f0c00080960ce7bb1) --- docs/Cluster-VictoriaMetrics.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/Cluster-VictoriaMetrics.md b/docs/Cluster-VictoriaMetrics.md index 227cbbecdb..1a968a3ab1 100644 --- a/docs/Cluster-VictoriaMetrics.md +++ b/docs/Cluster-VictoriaMetrics.md @@ -271,7 +271,6 @@ General security recommendations: - It is recommended using distinct auth tokens for distinct [tenants](#multitenancy) in order to reduce potential damage in case of compromised auth token for some tenants. - Prefer using lists of allowed [API endpoints](#url-format), while disallowing access to other endpoints when configuring auth proxy in front of `vminsert` and `vmselect`. This minimizes attack surface. -- All http-serving components also respond with reasonable default headers for HSTS, CSP and Frame-Options, configurable with flags. See also [security recommendation for single-node VictoriaMetrics](https://docs.victoriametrics.com/#security) and [the general security page at VictoriaMetrics website](https://victoriametrics.com/security/).