Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
Impala 4.2.0
-
None
-
ghx-label-1
Description
Add
- Strict-Transport-Security: max-age=31536000; includeSubDomains when Impala serves HTTPS. Note that Impala's web server only serves HTTP or HTTPS, never both at once.
- X-Content-Type-Options: nosniff. Impala does not provide any way to upload files.
- Cache-control: no-store
to Impala's web UI to provide additional comfort for security folks.