1. Using Configuration Assistant
  2. Manage Security Headers

Manage Security Headers

Implementing security headers helps to protect your customer portal from the types of attacks that it is most likely to experience.

  1. From the Configuration Assistant main page, click the site for which you want to manage security headers.
  2. Click the Interfaces tile.
  3. Find the interface whose security headers you want to manage.
  4. Click the Site Operations icon, represented by three vertical dots, and select Manage Security Headers from the drop-down list.
  5. Enable or disable these options:

    • X-Frame-Options

      Protects against clickjacking attacks by preventing other sites from embedding your content.

    • X-XSS-Protection

      Protects against cross-site-scripting attacks by preventing a web page from opening when it detects an attack.

    • X-Content-Type-Options

      Protects against MIME sniffing by telling the browser to follow only the MIME types indicated in the header.

  6. Click Submit.
  7. Click Yes to confirm, and then click OK.

What to do next

Click Request Status to monitor the status of the change.