SXA.SecurityHeaders
Sitecore SXA Security Headers Module
Features
Adds response headers to your SXA site that allow you to control the following:
- Content Security Policy (CSP)
- HTTP Strict Transport Security (HSTS)
- X-Content-Type-Options
- X-Frame-Options
- X-XSS-Protection
- Referrer Policy
Getting Started
- Download the packages from the releases or the Sitecore Market Place (link to follow).
- Install the package
- Install the module on the Tenant & the Site, it will create a basic security setup for you in your site.
- Navigate to
<your-site>\Settings\Securirty Headers
and modify the security policy for your needs.
For background and more details, you can read the blog post about the module.
Check Your Score:
To check your sites security headers score, use Mozilla Observatory and add your sites url in. You can also validate your Content Security Policty using the cspvalidator.org site.