# Other Security Kits To configure the Security Kit module in your site, navigate to:\ **Administration** \ **Configuration** \ **System** \ ***Security Kit settings*** ![Security Kit](/files/-Mj-uyfNvCT9-irxYqNI) The configuration page allows you to configure settings to tighten your website's security regarding: * **Cross-site Scripting (XSS)** * **Content Security Policy (CSP)**: Content Security Policy is a policy framework that allows to specify trustworthy sources of content and to restrict its capabilities. You may read more about it at [Mozilla Wiki](https://wiki.mozilla.org/Security/CSP). * **X-XSS-Protection header**: `X-XSS-Protection` HTTP response header controls Microsoft Internet Explorer, Google Chrome and Apple Safari internal XSS filters. * **Cross-site Request Forgery (CSRF):** Configure levels and various techniques of protection from cross-site request forgery attacks. * **Clickjacking** * **X-Frame-Options header:** Configure the `X-Frame-Options` HTTP header. * **JavaScript-based protection:** Warning: With this enabled, the site will not work at all for users who have JavaScript disabled (e.g. users running the popular [NoScript](https://noscript.net/) browser extension, if they haven't whitelisted your site). * **SSL/TLS:** Configure various techniques to improve security of SSL/TLS * **Expect-CT:** Configure the `Expect-CT` header which allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements. See [Mozilla's developer documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT). * **Feature policy:** Allows configuration of the `Feature-Policy` header to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser. See [Google's developer documentation](https://developers.google.com/web/updates/2018/06/feature-policy). * **Miscellaneous:** Configure miscellaneous unsorted security enhancements such as: * `From-Origin` HTTP response header * `Referrer-Policy` HTTP response header All necessary documentation and examples of usage are on the settings page. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.varbase.vardot.com/10.1.x/developers/configuring-a-varbase-site/security-features/other-security-kits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.