Introduction to the HTTP Headers feature

Shield's HTTP Headers feature protects visitors to your site from a wide range of attacks (including ClickJacking, Cross-Site Scripting, Cross-Site Injection) by implementing increased HTTP Security Response Headers. 

It's accessible from within the main navigation menu > Security Zones section > HTTP Headers. (see the screenshot below)

With HTTP Headers feature you have the ability to set certain HTTP Security Response Headers.

HTTP Headers feature is composed of the following parts:

  1. Advanced Security Headers
  2. Content Security Policy Header

Recommendation: Leave the settings at default for the most compatible configuration. You should rigorously test your site once this is activated as one size definitely does not fit all. You can test your site and see your Security Headers here:

https://securityheaders.com

Scan your site both before and after you activate the HTTP Headers feature to see the difference. Here is an example of the site tested: 

BEFORE

AFTER

For further reading on the HTTP Headers feature, read the blog article here.