Cloudera Docs

Enable HTTP security headers

When Enable HTTP security headers is enabled, the following HTTP headers will be included in HTTP responses from servers:
  • X-XSS-Protection
  • X-DNS-Prefetch-Control
  • X-Frame-Options
  • X-Download-Options
  • X-Content-Type-Options

This property is enabled by default .

Disabling this property could leave your Cloudera AI deployment vulnerable to clickjacking, cross-site scripting (XSS), or any other injection attacks.