uuid: 1e6f0bb1-965a-426a-a84f-224aaa47c8c0
langcode: en
status: true
dependencies:
  module:
    - http_response_headers
id: config_sync.module.http_response_headers
snapshotSet: config_sync
extensionType: module
extensionName: http_response_headers
items:
  -
    collection: ''
    name: http_response_headers.response_header.access_control_allow_origin
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: access_control_allow_origin
      label: Access-Control-Allow-Origin
      description: 'Access-Control-Allow-Origin is apart of the Cross Origin Resource Sharing (CORS) specification. This header is used to determine which sites are allowed to access the resource by defining either a single origin or all sites (denoted by a wildcard value).'
      name: Access-Control-Allow-Origin
      value: '*'
      _core:
        default_config_hash: jiYdwY3CosYS2LwI7rEJboBZ4h4lh4NaUGc31nkShPI
  -
    collection: ''
    name: http_response_headers.response_header.content_security_policy
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: content_security_policy
      label: Content-Security-Policy
      description: 'This HTTP header parameter allows you to define a whitelist of approved sources of content for your site. By restricting the assets that a browser can load for your site you will have extra level of protection from XSS attacks.'
      name: Content-Security-Policy
      value: ''
      _core:
        default_config_hash: vm-IJzaf6_rD43UbNf5XszM3uyG3n30GUMK7FQVQSqw
  -
    collection: ''
    name: http_response_headers.response_header.public_key_pins
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: public_key_pins
      label: Public-Key-Pins
      description: 'HTTP Public Key Pinning (HPKP) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to prevent Man in the Middle (MITM) attacks with forged certificates.'
      name: Public-Key-Pins
      value: ''
      _core:
        default_config_hash: QnihCO4_FUzmixcXqUFF2z8WsUZt-Llst3ovAoeXZ0E
  -
    collection: ''
    name: http_response_headers.response_header.referrer_policy
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: referrer_policy
      label: Referrer-Policy
      description: 'Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.'
      name: Referrer-Policy
      value: strict-origin-when-cross-origin
      _core:
        default_config_hash: JSZo_FSu2YFf7fXKgHhgJGvzRNHDcmakAcXGR4jCf-s
  -
    collection: ''
    name: http_response_headers.response_header.strict_transport_security
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: strict_transport_security
      label: Strict-Transport-Security
      description: 'This policy will enforce TLS on your site and all subdomains for a year.'
      name: Strict-Transport-Security
      value: 'max-age=31536000; includeSubDomains'
      _core:
        default_config_hash: EzF-BPkjidXdWfV5ZguA1GZG1XlRg3gh8_E7Oi9MdtM
  -
    collection: ''
    name: http_response_headers.response_header.x_content_type_options
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: x_content_type_options
      label: X-Content-Type-Options
      description: 'This header parameter prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.'
      name: X-Content-Type-Options
      value: nosniff
      _core:
        default_config_hash: qRI3wEmvqepaLI3hMH5U_tq_svkQ6s-7cgAmZKO-F4A
  -
    collection: ''
    name: http_response_headers.response_header.x_frame_options
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: x_frame_options
      label: X-Frame-Options
      description: "Clickjacking protection. Valid values include <em>DENY</em> meaning your site can't be framed, <em>SAMEORIGIN</em> which allows you to frame your own site or <em>ALLOW-FROM https://example.com/</em> which lets you specify sites that are permitted to frame"
      name: X-Frame-Options
      value: SAMEORIGIN
      _core:
        default_config_hash: aCpW04rpcXDf65J6xXwCkplv2TKA64ANULWPnidTXwE
  -
    collection: ''
    name: http_response_headers.response_header.x_generator
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: x_generator
      label: X-Generator
      description: 'Allows the declaration of the CMS type and version to be modified.'
      name: X-Generator
      value: ''
      _core:
        default_config_hash: rVXSHnFplX0srS0yj58pNNp_cHSe07Q-YnpBHUX4xUY
  -
    collection: ''
    name: http_response_headers.response_header.x_powered_by
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: x_powered_by
      label: X-Powered-By
      description: "The X-Powered-By header gives information on the technology that's supporting the Web Server. It is best not to provide this information."
      name: X-Powered-By
      value: ''
      _core:
        default_config_hash: qN2wWwIBQbvvZJ3v_gPS6_atvVWy-iU55c5Tdj_MqFQ
  -
    collection: ''
    name: http_response_headers.response_header.x_xss_protection
    data:
      langcode: en
      status: true
      dependencies: {  }
      id: x_xss_protection
      label: X-Xss-Protection
      description: "This response header can be used to configure a user-agent's built in reflective XSS protection. Currently, only Microsoft's Internet Explorer, Google Chrome and Safari (WebKit) support this header."
      name: X-Xss-Protection
      value: '1; mode=block'
      _core:
        default_config_hash: xjdq0o6GzQSm6T11WcRHJ3A_DGGSEYiLrmqhLM8hpWQ