package header

// HTTP/HTTPS security headers.
const (
	StrictTransportSecurity = "Strict-Transport-Security"  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
	ContentSecurityPolicy   = "Content-Security-Policy"    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
	CrossOriginOpenerPolicy = "Cross-Origin-Opener-Policy" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
	ReferrerPolicy          = "Referrer-Policy"            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	ContentTypeOptions      = "X-Content-Type-Options"     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
	XSSProtection           = "X-XSS-Protection"           // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
	XFrameOptions           = "X-Frame-Options"            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
	XForwardedProto         = "X-Forwarded-Proto"          // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
	XForwardedFor           = "X-Forwarded-For"            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
	Forwarded               = "Forwarded"                  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Forwarded
	XClientIP               = "X-Client-IP"
	XRealIP                 = "X-Real-IP"
	XAppengineRemoteAddr    = "X-Appengine-Remote-Addr"
	CFConnectingIP          = "CF-Connecting-IP"
	FlyClientIP             = "Fly-Client-IP"
)

// Standard security policies.
const (
	PolicyDeny               = "DENY"
	PolicyNoSniff            = "nosniff"
	PolicyBlockXSS           = "1; mode=block"
	PolicySameOrigin         = "same-origin"
	PolicyFrameAncestorsNone = "frame-ancestors 'none';"
)

// Security header default policies.
var (
	DefaultContentSecurityPolicy = PolicyFrameAncestorsNone
	DefaultFrameOptions          = PolicyDeny
)