Set security headers

  • Updated

If you want to increase the security of your Optimizely Configured Commerce site, you can use the Content-Security-Policy header.

You must have the role of ISC_System or ISC_Implementer to edit this option.

You can find this setting under AdministrationSettingsSite ConfigurationsSecurity Headers in the Admin Console. Content-Security-Policy acts as an added layer of security to prevent cross-site scripting (XSS).

Talk to your partner or developer before implementing this setting as it could break your website.

Security Headers.png