StackCP CDN Headers #
Using HTTP security headers is crucial for enhancing website and application security, protecting against common attacks like clickjacking and cross-site scripting (XSS).
HTTP security headers enable the client and server to exchange additional information via HTTP requests or responses, influencing the final behavior of these interactions. These headers specifically improve the security posture of websites and applications.
As a web hosting reseller, you have the flexibility to manage HTTP security headers for your clients, ensuring robust protection tailored to their needs.
How to Add HTTP Security Headers to Your Website #
Utilizing the CP CLOUD HOSTING Security Headers tool makes adding security headers straightforward:
- Navigate to Manage Hosting and select Options -> Manage for the site requiring security headers.
- Click on the Security Headers icon within the CDN section.
Here, you can configure several primary security headers. Each header serves a distinct purpose in bolstering your site’s defenses against vulnerabilities.
Using Security Header Profiles #
CP CLOUD HOSTING offers a powerful feature: Security Header Profiles. This feature allows you to save and apply predefined HTTP security header settings efficiently.
Creating a Profile #
Begin by configuring your preferred HTTP security headers to meet specific security requirements. Once optimized, save these settings as a named profile for easy reference and reapplication.
Loading a Profile #
To quickly apply a set of security headers to your package, select the desired profile from the list. This action instantly loads the associated security headers, ensuring consistent and reliable security configurations.
Key HTTP Security Headers and Their Uses #
Let’s explore some essential HTTP security headers and their applications:
X-Frame-Options #
The X-Frame-Options header prevents click-jacking attacks by controlling whether your website can be embedded in a frame or iframe.
- DENY: Prevents framing of your page entirely.
- SAMEORIGIN: Allows framing only by pages from the same origin.
For detailed information, refer to the X-Frame-Options documentation.
X-Content-Type-Options #
The X-Content-Type-Options header prevents MIME type sniffing, ensuring that browsers honor the declared content type.
- nosniff: Instructs browsers not to override declared MIME types.
Learn more about X-Content-Type-Options.
Referrer-Policy #
The Referrer-Policy header controls how much referrer information is included with requests.
- Various options like no-referrer, origin-when-cross-origin, and more provide granular control over referrer information.
Explore the Referrer-Policy documentation for detailed options and examples.
Strict-Transport-Security #
Strict-Transport-Security (HSTS) ensures that browsers communicate with your site only over HTTPS, enhancing security against protocol downgrade attacks.
- max-age: Sets the duration browsers should enforce HTTPS.
- includeSubDomains: Extends HSTS protection to subdomains.
For comprehensive details, visit the Strict-Transport-Security documentation.
X-XSS-Protection #
X-XSS-Protection defends against cross-site scripting (XSS) attacks in older browsers.
- Options like 0, 1, and 1; mode=block provide varying levels of XSS protection.
Consult the X-XSS-Protection documentation for more information.
Content-Security-Policy #
Content-Security-Policy allows you to specify approved sources of content, mitigating risks associated with XSS attacks.
- Configure directives to control which resources are allowed to load.
Learn about all directives and options in the Content-Security-Policy documentation.
Implementing these HTTP security headers ensures that your website or application remains secure, protecting user data and maintaining trust. CP CLOUD HOSTING provides the tools and support needed to safeguard your digital assets effectively.
