Introduction to the HTTP Headers module

Shield's HTTP Headers module protects visitors to your site from a wide range of attacks (including ClickJacking, Cross-Site Scripting, Cross-Site Injection) by implementing increased HTTP Security Response Headers. 

This module is accessible from within the main navigation menu > Config > HTTP Headers:

With HTTP Headers module you have the ability to set certain HTTP Security Response Headers.

HTTP Headers module is composed of the following parts:

1. Advanced Security Headers
2. Content Security Policy Header

Recommendation: Turn this module on and leave the settings at default for the most compatible configuration. You should rigorously test your site once this is activated as one size definitely does not fit all. You can test your site and see your Security Headers here: https://securityheaders.com

Scan your site both before and after you activate the HTTP Headers module to see the difference. Here is an example of the site tested: 

BEFORE

AFTER

For further reading on the HTTP Headers module, read the blog article here.