Introduction to the HTTP Headers module
Shield's HTTP Headers module protects visitors to your site from a wide range of attacks (including ClickJacking, Cross-Site Scripting, Cross-Site Injection) by implementing increased HTTP Security Response Headers.
This module is accessible from the sidebar navigation => Configuration section:
With HTTP Headers module you have the ability to set certain HTTP Security Response Headers.
HTTP Headers module is composed of the following parts:
Recommendation: Turn this module on and leave the settings at default for the most compatible configuration. You should rigorously test your site once this is activated as one size definitely does not fit all. You can test your site and see your Security Headers here: https://securityheaders.com
Scan your site both before and after you activate the HTTP Headers module to see the difference. Here is an example of the site tested:
For further reading on the HTTP Headers module, read the blog article here.