Other Security Kits
Security Kit for XSS, CSRF, SSL/TLS, Expect-CT, and More
To configure the Security Kit module in your site, navigate to: Administration \ Configuration \ System \ Security Kit settings
The configuration page allows you to configure settings to tighten your website's security regarding:
- Cross-site Scripting (XSS)
- Content Security Policy (CSP): Content Security Policy is a policy framework that allows to specify trustworthy sources of content and to restrict its capabilities. You may read more about it at Mozilla Wiki.
- X-XSS-Protection header:
X-XSS-ProtectionHTTP response header controls Microsoft Internet Explorer, Google Chrome and Apple Safari internal XSS filters.
- Cross-site Request Forgery (CSRF): Configure levels and various techniques of protection from cross-site request forgery attacks.
- X-Frame-Options header: Configure the
- SSL/TLS: Configure various techniques to improve security of SSL/TLS
- Feature policy: Allows configuration of the
Feature-Policyheader to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser. See Google's developer documentation.
- Miscellaneous: Configure miscellaneous unsorted security enhancements such as:
From-OriginHTTP response header
Referrer-PolicyHTTP response header
All necessary documentation and examples of usage are on the settings page.