/SXA.SecurityHeaders

Sitecore SXA Security Headers Module

Primary LanguageC#MIT LicenseMIT

SXA.SecurityHeaders

Sitecore SXA Security Headers Module

Build status

Features

Adds response headers to your SXA site that allow you to control the following:

  • Content Security Policy (CSP)
  • HTTP Strict Transport Security (HSTS)
  • X-Content-Type-Options
  • X-Frame-Options
  • X-XSS-Protection
  • Referrer Policy

Getting Started

  • Download the packages from the releases or the Sitecore Market Place (link to follow).
  • Install the package
  • Install the module on the Tenant & the Site, it will create a basic security setup for you in your site.
  • Navigate to <your-site>\Settings\Securirty Headers and modify the security policy for your needs.

For background and more details, you can read the blog post about the module.

Check Your Score:

To check your sites security headers score, use Mozilla Observatory and add your sites url in. You can also validate your Content Security Policty using the cspvalidator.org site.