Implementing security headers helps to protect your customer portal from the types of
attacks that it is most likely to experience.
-
From the Configuration Assistant main page, click the site for which you
want to manage security headers.
-
Click the Interfaces tile.
-
Find the interface whose security headers you want to manage.
-
Click the Site Operations icon, represented by three vertical dots, and select Manage
Security Headers from the drop-down list.
-
Enable or disable these options:
X-Frame-Options
Protects against clickjacking attacks by preventing other sites from embedding your content.
X-XSS-Protection
Protects against cross-site-scripting attacks by preventing a web page from opening when it
detects an attack.
X-Content-Type-Options
Protects against MIME sniffing by telling the browser to follow only the MIME types indicated in the header.
-
Click Submit.
-
Click Yes to confirm, and then click OK.
What to do next
Click Request Status to monitor the status of the
change.