Navigation
To access the Header settings, click on the Security Settings link as shown below.
Header Section
Near the top of the page is the Add Header section, as shown below.
Add Preset Header
To add a preset header, click on the drop down menu, choose the required header, and click the
Alter a Preset
Headers can have a variety of options. If a preset header needs modification before adding, select it from the drop down menu and click the
Add a Custom Header
To add a completely custom header, choose Custom from the drop down menu. A text field will appear for entering the header. Once the header has been entered, click the
Preset Header Dictionary
| Header | Description |
|---|---|
| Content Security Policy | Content-Security-Policy: default-src 'self'Content Security Policy (CSP) is a security standard introduced to help prevent cross-site scripting (XSS) and other content injection attacks. It achieves this by restricting the sources of content loaded by the user agent to those only allowed by the site operator. |
| Enable Secure | Strict-Transport-Security: max-age=63072000; includeSubdomains; preloadThe HTTP Strict Transport Security (HSTS) header states that the website must only be accessed over the HTTPS protocol. |
| X Content Type | X-Content-Type-Options: nosniffThe X-Content-Type-Options header is used to protect against MIME sniffing vulnerabilities. These vulnerabilities can occur when a website allows users to upload content, however the user disguises a particular file type as something else. This can give them the opportunity to perform cross-site scripting and compromise the website. |
| XSS Protection | X-XSS-Protection HTTP: 1; mode=blockThe X-XSS-Protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. This is usually enabled by default, but using it will enforce it. |