-
What Grafana version and what operating system are you using?
Grafana-8.1.2 & Ubuntu-18.04.6 LTS -
What are you trying to achieve?
Enable security headers fin Grafana -
How are you trying to achieve it?
Updated the grafana.ini file -
What happened?
The security headers aren’t reflecting in https://securityheaders.com/ -
What did you expect to happen?
-
Can you copy/paste the configuration(s) that you are having problems with?
Below is the configuration
#################################### Security ####################################
[security]
set cookie SameSite attribute. defaults to lax. can be set to “lax”, “strict” and “none”
;cookie_samesite = lax
content_security_policy = true
content_security_policy_template = “”“script-src ‘self’ ‘unsafe-eval’ ‘unsafe-inline’ ‘strict-dynamic’ $NONCE;object-src ‘none’;font-src ‘self’;img-src * data:;base-uri ‘self’;connect-src ‘self’ grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src ‘self’;media-src ‘none’;form-action ‘self’;”“”
Sets how long a browser should cache HSTS. Only applied if strict_transport_security is enabled.
strict_transport_security = true
strict_transport_security_max_age_seconds = 31536000
strict_transport_security_preload = true
strict_transport_security_subdomains = true
-
Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
No. -
Did you follow any online instructions? If so, what is the URL?
Reference- Configure security hardening | Grafana documentation