| services.grafana.settings.security.admin_user | Default admin username.
|
| services.grafana.settings.security.admin_email | The email of the default Grafana Admin, created on startup.
|
| services.grafana.settings.security.secret_key | Secret key used for signing
|
| services.grafana.settings.security.cookie_secure | Set to true if you host Grafana behind HTTPS.
|
| services.grafana.settings.security.admin_password | Default admin password
|
| services.grafana.settings.security.allow_embedding | When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses
which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>
|
| services.grafana.settings.security.disable_gravatar | Set to true to disable the use of Gravatar for user profile images.
|
| services.grafana.settings.security.cookie_samesite | Sets the SameSite cookie attribute and prevents the browser from sending this cookie along with cross-site requests
|
| services.grafana.settings.security.x_xss_protection | Set to true to enable the X-XSS-Protection header,
which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Note: this is the default in Grafana, it's turned off here
since it's recommended to not use this header anymore.
|
| services.grafana.settings.security.csrf_trusted_origins | List of additional allowed URLs to pass by the CSRF check
|
| services.grafana.settings.security.x_content_type_options | Set to false to disable the X-Content-Type-Options response header
|
| services.grafana.settings.security.csrf_additional_headers | List of allowed headers to be set by the user
|
| services.grafana.settings.security.content_security_policy | Set to true to add the Content-Security-Policy header to your requests
|
| services.grafana.settings.security.strict_transport_security | Set to true if you want to enable HTTP Strict-Transport-Security (HSTS) response header
|
| services.grafana.settings.security.data_source_proxy_whitelist | Define a whitelist of allowed IP addresses or domains, with ports,
to be used in data source URLs with the Grafana data source proxy
|
| services.grafana.settings.security.disable_initial_admin_creation | Disable creation of admin user on first start of Grafana.
|
| services.grafana.settings.security.strict_transport_security_preload | Set to true to enable HSTS preloading option
|
| services.grafana.settings.security.content_security_policy_report_only | Set to true to add the Content-Security-Policy-Report-Only header to your requests
|
| services.grafana.settings.security.disable_brute_force_login_protection | Set to true to disable brute force login protection.
|
| services.grafana.settings.security.strict_transport_security_subdomains | Set to true to enable HSTS includeSubDomains option
|
| services.grafana.settings.security.strict_transport_security_max_age_seconds | Sets how long a browser should cache HSTS in seconds
|