From f3fbcce8295adbb4d03c474bc93ade03e784b6bf Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Mon, 16 Oct 2017 22:11:35 +0000
Subject: [PATCH] Thse two headers should be fine, but let's test them in
 staging first

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/httpd/website/templates/securityheaders.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/httpd/website/templates/securityheaders.conf b/roles/httpd/website/templates/securityheaders.conf
index 6712d74881..dd5a1ded4d 100644
--- a/roles/httpd/website/templates/securityheaders.conf
+++ b/roles/httpd/website/templates/securityheaders.conf
@@ -1,4 +1,6 @@
+{% if env == "staging" %}
 Header always set X-Frame-Options "DENY"
 Header always set X-Xss-Protection "1; mode=block"
+{% endif %}
 Header always set X-Content-Type-Options "nosniff"
 Header always set Referrer-Policy "same-origin"