# Use only TLS protocols (v1.2+) and ciphers that are known to be secure
# TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
# TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
# TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
# TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
# TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
usesecuretls: false
# Enable the HTTP Strict Transport Security (HSTS) response header
# NOTE: Enabling this setting will tell the Arc client that it should only be accessed using HTTPS, instead of using HTTP.
# Arc will set the max-age to 2 years and including subdomains
# After changing it to true restarting Arc and establishing an initial connection, it will trigger and the header will be present on subsequent calls
# To remove the HSTS header, one would need to set this setting to false AND remove the domain from the HSTS Cache in the Browser
usehsts: false
# Enable the HTTP Content-Security-Policy response header
# This restricts access to connections to only known sources
# If you are using external scripts in plugins they will be blocked
usecontentsecuritypolicy: false
# Enable to add HTTP header X-Frame-Options: DENY
useiframedeny: false