Work with security headers
Describes the security headers settings in Optimizely Configured Commerce
If you want to increase the security of your Optimizely Configured Commerce site, you can use the Content-Security-Policy and Referrer-Policy headers.
Note
You must have the role of ISC_System or ISC_Implementer to edit these options.
You can find these settings under Administration > Settings > Site Configurations > Security Headers in the Admin Console.
- Content-Security-Policy acts as an added layer of security to prevent cross-site scripting (XSS). See Mozilla's article on Content Security Policy for information.
- Referrer-Policy controls how much referrer information (sent with the
referer
header) should be included with requests. See Mozilla's article on the Referrer-Policy for information. The default value is Strict Origin When Cross Origin.
Warning
Incorrectly implementing this setting could break your website.
Updated 14 days ago