If you want to increase the security of your Optimizely Configured Commerce site, you can enable HTTP security headers.
Note
You must have the role of ISC_System or ISC_Implementer to edit these options.
You can find these settings under Administration > Settings > Site Configurations > Security Headers in the Admin Console.
## Settings
Warning
Incorrectly implementing these settings could break your website.
**Content-Security-Policy** – Acts as an added layer of security to prevent cross-site scripting (XSS).