Below is the report from Qualys, please help me work it around.
X-XSS-Protection HTTP Header missing on port 8089.
GET / HTTP/1.1
Host: splidx-5.mysplunk.com:8089
Connection: Keep-Alive
Content-Security-Policy HTTP Header missing on port 8089.
Strict-Transport-Security HTTP Header missing on port 8089.
Please try the below in the "server.conf"
[httpServer]
replyHeader.X-XSS-Protection= 1; mode=block
replyHeader.Content-Security-Policy = script-src 'self'; object-src 'self'
[sslConfig]
sendStrictTransportSecurityHeader=true
OR the easier way, you can consider to block scanner from connecting to the port..
acceptFrom = "list of server name or ip addresses to include all SHs/Deployer,Indexers/CM, HF, LM, Deployment Srver,127.0.0.1,.. "
Implementing this parameter needs thorough testing to ensure it doesn't break Splunk Services and make sure to include 127.0.0.1 this is mandatary.
https://docs.splunk.com/Documentation/Splunk/7.1.2/Admin/Serverconf
for example, in server.conf,
*[httpServer]
acceptFrom = shd*.abc.com, idx*.abc.com, cm.abc.com,deployer.abc.com,LM.abc.com,127.0.0.1
*
Please try the below in the "server.conf"
[httpServer]
replyHeader.X-XSS-Protection= 1; mode=block
replyHeader.Content-Security-Policy = script-src 'self'; object-src 'self'
[sslConfig]
sendStrictTransportSecurityHeader=true
OR the easier way, you can consider to block scanner from connecting to the port..
acceptFrom = "list of server name or ip addresses to include all SHs/Deployer,Indexers/CM, HF, LM, Deployment Srver,127.0.0.1,.. "
Implementing this parameter needs thorough testing to ensure it doesn't break Splunk Services and make sure to include 127.0.0.1 this is mandatary.
https://docs.splunk.com/Documentation/Splunk/7.1.2/Admin/Serverconf
for example, in server.conf,
*[httpServer]
acceptFrom = shd*.abc.com, idx*.abc.com, cm.abc.com,deployer.abc.com,LM.abc.com,127.0.0.1
*
If it's from UF then you can add the below to server.conf - The downside of having this in UF is, you may not be able to run REST call against the UF from the browsers on your laptop, which is frequently asked by Splunk Support during some troubleshooting.
[httpServer]
acceptFrom = 127.0.0.1