If you want to increase the security of your Optimizely Configured Commerce site, you can enable HTTP security headers.

📘

Note

You must have the role of ISC_System or ISC_Implementer to edit these options.

You can find these settings under Administration > Settings > Site Configurations > Security Headers in the Admin Console.

## Settings

❗️

Warning

Incorrectly implementing these settings could break your website.

• **Content-Security-Policy** – Acts as an added layer of security to prevent cross-site scripting (XSS).