Security Headers

by Campit

Rating: 5.0

Downloads: <50

Improve security by adding extra security headers on top of the default Shopware ones. Through the administration, security can be managed and validated.

Annually €5.83* /month €83.88 * €69.99* /year 16.56% discount In comparison to the regular monthly price

Monthly €6.99* /month Cancelable monthly

Compatible with:

6.4.0.0 - 6.6.8.2

Includes:

Free trial month

The subscription starts with a free trial month during which it can be canceled at any time.

All updates

During the subscription all released updates are included for free

Support from the Extension Partner

In case you have any questions or problems with your extension you can always ask the Extension Partner for help during the subscription.

Description

Highlights

Enhanced security - add extra security on top of default Shopware
Quick and easy protection - technical knowledge required
Management of security headers

About the Extension

Improves security by adding extra security headers on top of the default Shopware ones. The headers will be configurable through the administration and will be applied to all responses of the storefront. The security score can be validated on securityheaders.com.

Security Headers

To improve the security of your application, you can use headers to apply HTTP response headers to all storefront routes in your application.

Content-Security-Policy

This header helps prevent cross-site scripting (XSS), clickjacking and other code injection attacks. Content Security Policy (CSP) can specify allowed origins for content including scripts, stylesheets, images, fonts, objects, media (audio, video), iframes, and more different CSP options. You can read about the many different CSP options here.

Example: default-src 'self' 'unsafe-inline' *; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://tagmanager.google.com; img-src 'self' 'unsafe-inline' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com;

Content-Security-Policy-Report-Only

This header field allows web developers to experiment with policies by monitoring (but not enforcing) their effects. Read more about the Content Security Policy Report Only header. This policy will be put in report-only mode. This is great for testing a new policy or changing an existing CSP policy without breaking anything. Services like csper or report-uri are specifically built for handling these violation reports.

Example: default-src https:; report-uri /csp-violation-report-endpoint/

Permissions-Policy

This header lets you control which features and APIs can be used in the browser. It was previously named Feature-Policy. You can view the full list of permission options here.

Example: camera=(), microphone=(), geolocation=(), interest-cohort=()

Details

Available: English, German, Dutch, French
Latest update: 11 November 2024
Publication date: 1 December 2021
Version: 5.0.1
Category: SEO Optimization

Resources

Reviews (1)

Average rating

5.0

Based on 1 reviews

5.0 Functionality

5.0 Usability

5.0 Documentation

5.0 Support

Leave a review!

If you downloaded this extension you can write a review in the Shopware Account.

Write a review

Sort by

Plugin funktioniert wie erwartet. Guter und schneller Support

5.0

by Niklas S.

14 February 2024 11:34

-

5.0 Functionality

5.0 Usability

5.0 Documentation

5.0 Support

About the Extension Partner

Campit

See all extensions

Partner Status

Shopware
Extension Partner

Details

Ø-Rating: 5

Average rating of 5 out of 5 stars
Partner since: 2021
Extensions: 23

Support

Based in: Belgium
Speaks: English, Dutch
Response time: Very quickly