The HTTP Security Policy allows to set security-related HTTP headers such as HSTS, CSP and XSS protections.
Configuration Options
Basic Configuration
HTTP Strict Transport Security
Enforces transport security when using HTTP to mitigate a number of common web vulnerabilities
Option
Description
Possible Values
Default
Enable HSTS
Enable this option if you want to use HTTP Strict Transport.
enabled
disabled
disabled
Maximum Age
Enter the delta seconds user agents should cache HSTS status for.
an integer
0
Include Subdomains
Enable if you want to include subdomains.
enabled
disabled
disabled
Enable HSTS Preload Flag
Enable this option to verify HSTS preload status. Popular browsers contain a hard-coded (pinned) list of domains and certificates, which they always connect securely with. Users must submit a request for their domain to be included in the scheme.
A mechanism to precisely define the types and sources of content that may be loaded, with violation reporting and the ability to restrict the availability and scope of many security-sensitive features.
Option
Description
Possible Values
Default
CSP Mode
Enable this option if you want to use the content security policy mode.