Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideLegal TermsGitHubNuGetDev CommunitySubmit a ticketLog In
Legal TermsGitHubNuGetDev CommunitySubmit a ticket

Work with security headers

Describes the security headers settings in Optimizely Configured Commerce

Suggest Edits

If you want to increase the security of your Optimizely Configured Commerce site, you can use the Content-Security-Policy and Referrer-Policy headers.

📘

Note

You must have the role of ISC_System or ISC_Implementer to edit these options.

You can find these settings under AdministrationSettingsSite ConfigurationsSecurity Headers in the Admin Console.

  • Content-Security-Policy acts as an added layer of security to prevent cross-site scripting (XSS).
  • Referrer-Policy controls how much referrer information (sent with the referer header) should be included with requests. See Mozilla's article on the Referrer-Policy for information. The default value is Strict Origin When Cross Origin.

❗️

Warning

Incorrectly implementing this setting could break your website.

Updated 9 days ago