Github user krishna-pandey commented on a diff in the pull request: https://github.com/apache/spark/pull/19419#discussion_r144880059 --- Diff: docs/security.md --- @@ -186,7 +186,54 @@ configure those ports. </tr> </table> +### HTTP Security Headers + +Apache Spark can be configured to include HTTP Headers which aids in preventing Cross +Site Scripting (XSS), Cross-Frame Scripting (XFS), MIME-Sniffing and also enforces HTTP +Strict Transport Security. + +<table class="table"> +<tr><th>Property Name</th><th>Default</th><th>Meaning</th></tr> +<tr> + <td><code>spark.ui.xXssProtection</code></td> + <td>None</td> + <td> + Value for HTTP X-XSS-Protection response header. You can choose appropriate value + from below: + <ul> + <li> 0 </li> (Disables XSS filtering) --- End diff -- @srowen Thanks for the excellent tip. It looks more readable now.
--- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org