> For the complete documentation index, see [llms.txt](https://docs.varbase.vardot.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.varbase.vardot.com/9.0.x/developers/configuring-a-varbase-site/security-features/other-security-kits.md). # Other Security Kits To configure the Security Kit module in your site, navigate to:\ **Administration** \ **Configuration** \ **System** \ ***Security Kit settings*** ![Security Kit](/files/-Mj-uyfNvCT9-irxYqNI) The configuration page allows you to configure settings to tighten your website's security regarding: * **Cross-site Scripting (XSS)** * **Content Security Policy (CSP)**: Content Security Policy is a policy framework that allows to specify trustworthy sources of content and to restrict its capabilities. You may read more about it at [Mozilla Wiki](https://wiki.mozilla.org/Security/CSP). * **X-XSS-Protection header**: `X-XSS-Protection` HTTP response header controls Microsoft Internet Explorer, Google Chrome and Apple Safari internal XSS filters. * **Cross-site Request Forgery (CSRF):** Configure levels and various techniques of protection from cross-site request forgery attacks. * **Clickjacking** * **X-Frame-Options header:** Configure the `X-Frame-Options` HTTP header. * **JavaScript-based protection:** Warning: With this enabled, the site will not work at all for users who have JavaScript disabled (e.g. users running the popular [NoScript](https://noscript.net/) browser extension, if they haven't whitelisted your site). * **SSL/TLS:** Configure various techniques to improve security of SSL/TLS * **Expect-CT:** Configure the `Expect-CT` header which allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements. See [Mozilla's developer documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT). * **Feature policy:** Allows configuration of the `Feature-Policy` header to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser. See [Google's developer documentation](https://developers.google.com/web/updates/2018/06/feature-policy). * **Miscellaneous:** Configure miscellaneous unsorted security enhancements such as: * `From-Origin` HTTP response header * `Referrer-Policy` HTTP response header All necessary documentation and examples of usage are on the settings page. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.varbase.vardot.com/9.0.x/developers/configuring-a-varbase-site/security-features/other-security-kits.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.