Manage workspace security headers

As an admin user, you can manage which security headers are sent to prevent attacks on your workspace as follows:

1. Go to the admin settings page.

2. Click the Workspace Settings tab.

3. Go to the Advanced section.

Manage third-party iFraming prevention

To prevent third-party domains from iFraming Databricks, you can enable and disable sending the X-Frame-Options: sameorigin response header. Third-party iFraming prevention is enabled by default.

In the Advanced section, click the Third-party iFraming prevention toggle.

Manage MIME type sniffing prevention

To instructs browsers not to perform MIME type sniffing, you can enable and disable sending the X-Content-Type-Options: nosniff response header. MIME type sniffing prevention is enabled by default.

In the Advanced section, click the MIME type sniffing prevention toggle.

Manage XSS attack page rendering prevention

To instruct browsers to prevent page rendering if an attack is detected, you can enable and disable sending the X-XSS-Protection: 1; mode=block response header. XSS attack page rendering prevention is enabled by default.

In the Advanced section, click the XSS attack page rendering prevention toggle.