fix(server): missing cache and xss headers (#3289)

Addresses documentation and a couple of headers which were missed.

1 files changed, 14 insertions, 3 deletions

diff --git a/internal/middlewares/const.go b/internal/middlewares/const.go
index 314d0afcd..b4ecf280a 100644
--- a/internal/middlewares/const.go
+++ b/internal/middlewares/const.go
@@ -31,9 +31,15 @@ var (
 	headerAccessControlRequestHeaders   = []byte(fasthttp.HeaderAccessControlRequestHeaders)
 	headerAccessControlRequestMethod    = []byte(fasthttp.HeaderAccessControlRequestMethod)
 
-	headerXContentTypeOptions = []byte(fasthttp.HeaderXContentTypeOptions)
-	headerReferrerPolicy      = []byte(fasthttp.HeaderReferrerPolicy)
-	headerPermissionsPolicy   = []byte("Permissions-Policy")
+	headerXContentTypeOptions   = []byte(fasthttp.HeaderXContentTypeOptions)
+	headerReferrerPolicy        = []byte(fasthttp.HeaderReferrerPolicy)
+	headerXFrameOptions         = []byte(fasthttp.HeaderXFrameOptions)
+	headerPragma                = []byte(fasthttp.HeaderPragma)
+	headerCacheControl          = []byte(fasthttp.HeaderCacheControl)
+	headerXXSSProtection        = []byte(fasthttp.HeaderXXSSProtection)
+	headerContentSecurityPolicy = []byte(fasthttp.HeaderContentSecurityPolicy)
+
+	headerPermissionsPolicy = []byte("Permissions-Policy")
 )
 
 var (
@@ -44,9 +50,14 @@ var (
 	headerValueVaryWildcard   = []byte("Accept-Encoding")
 	headerValueOriginWildcard = []byte("*")
 	headerValueZero           = []byte("0")
+	headerValueCSPNone        = []byte("default-src 'none';")
 
 	headerValueNoSniff                 = []byte("nosniff")
 	headerValueStrictOriginCrossOrigin = []byte("strict-origin-when-cross-origin")
+	headerValueSameOrigin              = []byte("SAMEORIGIN")
+	headerValueNoCache                 = []byte("no-cache")
+	headerValueNoStore                 = []byte("no-store")
+	headerValueXSSModeBlock            = []byte("1; mode=block")
 	headerValueCohort                  = []byte("interest-cohort=()")
 )