Add X-Frames-Options in Drupal 8 with the Security Kit Module

Date: December 4, 2019          1 Minute to Read The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla Read More >

Add HSTS in Drupal 8 with the Security Kit Module

Date: December 4, 2019          1 Minute to Read Adding HSTS (HTTP Strict Transport Security) in Drupal 8 forces web browsers to only load your website with a valid SSL certificate. This improves Drupal security against downgrade attacks and similar man-in-the-middle (MITM) attacks. HSTS is similar to a HTTP to HTTPS redirect but within the browser. Below Read More >

Add Content-Security-Policy (CSP) in Drupal 8

Date: December 3, 2019          2 Minutes to Read The Content-Security-Policy Drupal module helps you configure a Header set Content-Security-Policy header to specify what sources your website should load scripts from – (e.g. your own website, embedded YouTube video, and analytics trackers). This forces supporting web browsers to ignore other external requests to mitigate cross-site scripting (XSS) Read More >