docs: rm mention of default values for security HTTP headers

The headers, their corresponding flags are mentioned at
https://docs.victoriametrics.com/#security

Signed-off-by: hagen1778 <roman@victoriametrics.com>
(cherry picked from commit a64b37cf24)
This commit is contained in:
hagen1778 2023-10-30 11:46:17 +01:00
parent ed8fc04898
commit 14b1997659
No known key found for this signature in database
GPG Key ID: 3BF75F3741CA9640

View File

@ -271,7 +271,6 @@ General security recommendations:
- It is recommended using distinct auth tokens for distinct [tenants](#multitenancy) in order to reduce potential damage in case of compromised auth token for some tenants.
- Prefer using lists of allowed [API endpoints](#url-format), while disallowing access to other endpoints when configuring auth proxy in front of `vminsert` and `vmselect`.
This minimizes attack surface.
- All http-serving components also respond with reasonable default headers for HSTS, CSP and Frame-Options, configurable with flags.
See also [security recommendation for single-node VictoriaMetrics](https://docs.victoriametrics.com/#security)
and [the general security page at VictoriaMetrics website](https://victoriametrics.com/security/).