From 0be895febbddb8d3de2db6cfa150bc9d0057b427 Mon Sep 17 00:00:00 2001 From: Si Westcott Date: Wed, 14 Nov 2018 07:42:03 +0000 Subject: [PATCH] frame-deny should be set to true to enable the header --- docs/configuration/backends/kubernetes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/backends/kubernetes.md b/docs/configuration/backends/kubernetes.md index 24c24c4ac..810144233 100644 --- a/docs/configuration/backends/kubernetes.md +++ b/docs/configuration/backends/kubernetes.md @@ -319,7 +319,7 @@ The following security annotations are applicable on the Ingress object: | `ingress.kubernetes.io/custom-browser-xss-value: VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. | | `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `ingress.kubernetes.io/force-hsts: "false"` | Adds the STS header to non-SSL requests. | -| `ingress.kubernetes.io/frame-deny: "false"` | Adds the `X-Frame-Options` header with the value of `DENY`. | +| `ingress.kubernetes.io/frame-deny: "true"` | Adds the `X-Frame-Options` header with the value of `DENY`. | | `ingress.kubernetes.io/hsts-max-age: "315360000"` | Sets the max-age of the HSTS header. | | `ingress.kubernetes.io/hsts-include-subdomains: "true"` | Adds the IncludeSubdomains section of the STS header. | | `ingress.kubernetes.io/hsts-preload: "true"` | Adds the preload flag to the HSTS header. |