Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/GuitarRich/SXA.SecurityHeaders
Sitecore SXA Security Headers Module
https://github.com/GuitarRich/SXA.SecurityHeaders
Last synced: about 1 month ago
JSON representation
Sitecore SXA Security Headers Module
- Host: GitHub
- URL: https://github.com/GuitarRich/SXA.SecurityHeaders
- Owner: GuitarRich
- License: mit
- Created: 2018-03-22T00:39:46.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2023-05-23T07:43:51.000Z (over 1 year ago)
- Last Synced: 2024-04-14T20:24:49.607Z (8 months ago)
- Language: C#
- Size: 949 KB
- Stars: 8
- Watchers: 5
- Forks: 7
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- Awesome-Sitecore - SXA Securty Headers - Shows how to implement response security headers on an example of SXA, but they are truly Helix-generic. (SXA (Sitecore Experience Accelerator))
README
# SXA.SecurityHeaders
Sitecore SXA Security Headers Module[![Build status](https://ci.appveyor.com/api/projects/status/3o4of8tlkd83g2j7?svg=true)](https://ci.appveyor.com/project/GuitarRich/sxa-securityheaders)
Features
---
Adds response headers to your SXA site that allow you to control the following:- Content Security Policy (CSP)
- HTTP Strict Transport Security (HSTS)
- X-Content-Type-Options
- X-Frame-Options
- X-XSS-Protection
- Referrer PolicyGetting Started
---- Download the packages from the releases or the Sitecore Market Place (link to follow).
- Install the package
- Install the module on the Tenant & the Site, it will create a basic security setup for you in your site.
- Navigate to `\Settings\Securirty Headers` and modify the security policy for your needs.For background and more details, you can read the [blog post](https://www.sitecorenutsbolts.net/2018/07/27/Sitecore-SXA-Using-HTTP-Headers-to-Secure-Your-Site/) about the module.
Check Your Score:
---To check your sites security headers score, use [Mozilla Observatory](https://observatory.mozilla.org/) and add your sites url in. You can also validate your Content Security Policty using the [cspvalidator.org](https://www.cspvalidator.org/#url=https://www.cspvalidator.org/) site.