update headers

diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index d01db90aea9a101ad61ede12fd459583ba7474b9..6c0a42c182f936597ea8df568e5fe698f708bc2d 100644 (file)
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -54,6 +54,11 @@ infra::profile::apache::pp_vhosts:
         auth_digest_algorithm: MD5
         auth_user_file: '/etc/httpd/htdigest'
         auth_require: 'valid-user'
+    headers:
+      - 'always set X-XSS-Protection "1; mode=block"'
+      - 'always set X-Frame-Options "SAMEORIGIN"'
+      - 'always set X-Content-Type-Options "nosniff"'
+      - "set Content-Security-Policy: \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;"
     setenvif:
       - 'HTTPS on X-Forwarded-Proto=https'
       - 'HTTPS on HTTPS=on'