Set some headers as recommended by Pentesting

Add additional headers to improve security configuration of the service

common/playbooks/k8s.yaml

@@ -358,7 +358,12 @@
           --set controller.service.type=NodePort
           --set controller.service.externalIPs={{ '{' + hostvars[groups['ingress'][0]].ansible_default_ipv4.address + '}' }}
           --set controller.config.proxy-body-size=0
+          --set controller.config.hide-headers='x-jupyterhub-version'
           --set controller.allowSnippetAnnotations=false
+          --set controller.addHeaders.X-Content-Type-Options=nosniff
+          --set controller.addHeaders.Referrer-Policy=no-referrer
+          --set controller.addHeaders.Permissions-Policy="geolocation=()"
+          --set controller.addHeaders.Content-Security-Policy="frame-ancestors 'none'; report-uri /hub/security/csp-report; default-src 'self'"
           --version={{ version }}
       shell: |-
         helm status --namespace kube-system cluster-ingress