Docs: Update old default values for configuration options (#61826)

2025-02-25 18:55:37 -06:00 · 2023-02-23 17:57:20 +00:00 · 2023-02-23 17:57:20 +00:00 · 0481c12bd5
commit 0481c12bd5
parent 22f51602ba
1 changed files with 3 additions and 3 deletions
--- a/docs/sources/setup-grafana/configure-grafana/_index.md
+++ b/docs/sources/setup-grafana/configure-grafana/_index.md
@ -621,15 +621,15 @@ Set to `true` to enable HSTS `preloading` option. Only applied if strict_transpo

 ### strict_transport_security_subdomains

-Set to `true` if to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled. The default value is `false`.
+Set to `true` to enable the HSTS includeSubDomains option. Only applied if strict_transport_security is enabled. The default value is `false`.

 ### x_content_type_options

-Set to `true` to enable the X-Content-Type-Options response header. The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. The default value is `false`.
+Set to `false` to disable the X-Content-Type-Options response header. The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. The default value is `true`.

 ### x_xss_protection

-Set to `false` to disable the X-XSS-Protection header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks. The default value is `false` until the next minor release, `6.3`.
+Set to `false` to disable the X-XSS-Protection header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks. The default value is `true`.

 ### content_security_policy