varbase_core-8.x-8.18/modules/varbase_security/config/optional/seckit.settings.yml

seckit_xss:
  csp:
    checkbox: false
    report-only: false
    default-src: ''
    script-src: ''
    object-src: ''
    img-src: ''
    media-src: ''
    frame-src: ''
    child-src: ''
    font-src: ''
    connect-src: ''
    report-uri: report-csp-violation
    policy-uri: ''
    style-src: ''
  x_xss:
    seckit_x_xss_option_disable: Disabled
    seckit_x_xss_option_0: '0'
    seckit_x_xss_option_1: 1;
    seckit_x_xss_option_1_block: '1; mode=block'
    select: 0
  x_content_type:
    checkbox: true
seckit_csrf:
  origin: false
  origin_whitelist: ''
seckit_clickjacking:
  js_css_noscript: false
  noscript_message: 'Sorry, you need to enable JavaScript to visit this website.'
  x_frame: '1'
  x_frame_allow_from: ''
seckit_ssl:
  hsts: false
  hsts_subdomains: false
  hsts_max_age: 1000
  hsts_preload: false
seckit_various:
  from_origin: false
  from_origin_destination: same
  disable_autocomplete: true