From c016c55340d1567327ee9a9ea12d97f0f2e7221b Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Wed, 30 Nov 2016 11:42:50 -0500 Subject: [PATCH] Add HTTP/1.0 cache suppression There is not a single client that will ever talk to this service that would not support HTTP/1.1. However, do this to satisfy a scanner. --- confluent_server/confluent/httpapi.py | 1 + 1 file changed, 1 insertion(+) diff --git a/confluent_server/confluent/httpapi.py b/confluent_server/confluent/httpapi.py index e4ccdd22..445d6be2 100644 --- a/confluent_server/confluent/httpapi.py +++ b/confluent_server/confluent/httpapi.py @@ -387,6 +387,7 @@ def resourcehandler_backend(env, start_response): """ mimetype, extension = _pick_mimetype(env) headers = [('Content-Type', mimetype), ('Cache-Control', 'no-store'), + ('Pragma', 'no-cache'), ('X-Content-Type-Options', 'nosniff'), ('Content-Security-Policy', "default-src 'self'"), ('X-XSS-Protection', '1'), ('X-Frame-Options', 'deny'),