mirrors/searxng
1
0
Fork 0
mirror of https://github.com/searxng/searxng.git synced 2024-11-11 12:41:17 +00:00
Code Issues Projects Releases Wiki Activity
searxng/docs/admin/settings/settings_server.rst
Markus Heiser ab8e5383fb [mod] remove X-XSS-Protection headers 
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00

1.7 KiB
Raw Blame History

server:

server:
    base_url: http://example.org/location  # change this!
    port: 8888
    bind_address: "127.0.0.1"
    secret_key: "ultrasecretkey"           # change this!
    limiter: false
    public_instance: false
    image_proxy: false
    default_http_headers:
      X-Content-Type-Options : nosniff
      X-Download-Options : noopen
      X-Robots-Tag : noindex, nofollow
      Referrer-Policy : no-referrer
base_url : $SEARXNG_URL

The base URL where SearXNG is deployed. Used to create correct inbound links.

port & bind_address: $SEARXNG_PORT & $SEARXNG_BIND_ADDRESS

Port number and bind address of the SearXNG web application if you run it directly using python searx/webapp.py. Doesn't apply to a SearXNG services running behind a proxy and using socket communications.

secret_key : $SEARXNG_SECRET

Used for cryptography purpose.

limiter :

Rate limit the number of request on the instance, block some bots. The limiter requires a settings redis database.

public_instance :

Setting that allows to enable features specifically for public instances (not needed for local usage). By set to true the following features are activated:

  • :pysearx.botdetection.link_token in the limiter
image_proxy :

Allow your instance of SearXNG of being able to proxy images. Uses memory space.

default_http_headers :

Set additional HTTP headers, see #755