WebSite X5Help Center

 
Nektarios K.
Nektarios K.
User

Security issues  en

Autor: Nektarios K.
Visitado 1547, Followers 1, Compartido 0  

Hi there,
I did a test on my website via webpagetest.org and show me some security issues.
The following security headers are missing from the website:
Strict Transport Security
An HSTS Policy informing the HTTP client how long to cache the HTTPS-only policy and whether this applies to subdomains.

X Content-Type Options
The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

X Frame Options
Clickjacking protection: deny - no rendering within a frame, same-origin - no rendering if origin mismatch, allow-from - allow from a specified location, allow all - non-standard, allow from any location

Content Security Policy
A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

X XSS Protection
A Cross-site scripting filter


How we can resolve these issues?

Regards,

Nek.

https://www.mieconsultancy.com/

http://www.gallerykonti.com/

https://www.harastudios.com/en/index.html

Publicado en
2 RESPUESTAS - 1 ÚTIL
Paul M.
Paul M.
Moderator

Hello Nektarios,

These are all headers which can be set on the server, and which once set will be sent along with each page request to the client.

Your webhost will be able to advise the best way to implement them in your particular situation.  For example, if on Linux hosting then they are sometimes added to an .htaccess file or Apache configuration.

An HSTS policy requires that you have a valid SSL certificate for your website(s), and that you will only ever serve pages securely.

These are server/hosting issues, as opposed to WebSite X5 issues.

Kind regards,

Paul

Search the WebSite X5 Help Center

Leer más
Publicado en de Paul M.
Adrian B.
Adrian B.
User

Or use cloudflare - its free and you also get CDN plus secure connection.

Leer más
Publicado en de Adrian B.