I encountered three security-related issues when using elasticserrch version 7.6.1. Thank you for your help.
- How does elasticserrch configure http response headers, such as X-Content-Type-Options, X-XSS-Protection, Content-Security-Policy, Strict-Transport-Security, etc.
- How does elasticserrch solve this security scanning problem "The target host may have a slow HTTP denial of service attack detected"
- Are elasticserrch and http OPTIONS methods necessary? Where is he used? Can it be closed?