Security Headers
Description
Highlights
About the Extension
Improves security by adding extra security headers on top of the default Shopware ones. The headers will be configurable through the administration and will be applied to all responses of the storefront. The security score can be validated on securityheaders.com.
Security Headers
To improve the security of your application, you can use headers to apply HTTP response headers to all storefront routes in your application.
Content-Security-Policy
This header helps prevent cross-site scripting (XSS), clickjacking and other code injection attacks. Content Security Policy (CSP) can specify allowed origins for content including scripts, stylesheets, images, fonts, objects, media (audio, video), iframes, and more different CSP options. You can read about the many different CSP options here.
Example: default-src 'self' 'unsafe-inline' *; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://tagmanager.google.com; img-src 'self' 'unsafe-inline' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com;
Content-Security-Policy-Report-Only
This header field allows web developers to experiment with policies by monitoring (but not enforcing) their effects. Read more about the Content Security Policy Report Only header. This policy will be put in report-only mode. This is great for testing a new policy or changing an existing CSP policy without breaking anything. Services like csper or report-uri are specifically built for handling these violation reports.
Example: default-src https:; report-uri /csp-violation-report-endpoint/
Permissions-Policy
This header lets you control which features and APIs can be used in the browser. It was previously named Feature-Policy. You can view the full list of permission options here.
Example: camera=(), microphone=(), geolocation=(), interest-cohort=()
Details
- Available: English, German, Dutch, French
- Latest update: 3 December 2024
- Publication date: 1 December 2021
- Version: 5.0.1
- Category: SEO Optimization
Resources
Reviews (1)
Plugin funktioniert wie erwartet. Guter und schneller Support
About the Extension Partner
Campit
Partner Status
-
Shopware
Extension Partner
Details
- Ø-Rating: 5
- Partner since: 2021
- Extensions: 24
Support
- Based in: Belgium
- Speaks: English, Dutch
- Response time: Very quickly