Diese Seite ist auch auf Deutsch verfügbar.
Skip to main content
Campit

Security Headers

Rating: 5.0

Average rating of 5 out of 5 stars

(1 reviews)
Downloads: <50

Description

Highlights

  • Enhanced security - add extra security on top of default Shopware
  • Quick and easy protection - technical knowledge required
  • Management of security headers

About the Extension

Improves security by adding extra security headers on top of the default Shopware ones. The headers will be configurable through the administration and will be applied to all responses of the storefront. The security score can be validated on securityheaders.com.

Security Headers

To improve the security of your application, you can use headers to apply HTTP response headers to all storefront routes in your application.

Content-Security-Policy

This header helps prevent cross-site scripting (XSS), clickjacking and other code injection attacks. Content Security Policy (CSP) can specify allowed origins for content including scripts, stylesheets, images, fonts, objects, media (audio, video), iframes, and more different CSP options. You can read about the many different CSP options here

Example: default-src 'self' 'unsafe-inline' *;  base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com  https://tagmanager.google.com;  img-src 'self' 'unsafe-inline' data: blob: *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com;

Content-Security-Policy-Report-Only

This header field allows web developers to experiment with policies by monitoring (but not enforcing) their effects. Read more about the Content Security Policy Report Only header. This policy will be put in report-only mode. This is great for testing a new policy or changing an existing CSP policy without breaking anything. Services like csper or report-uri are specifically built for handling these violation reports.

Example: default-src https:; report-uri /csp-violation-report-endpoint/

Permissions-Policy

This header lets you control which features and APIs can be used in the browser. It was previously named Feature-Policy. You can view the full list of permission options here.

Example: camera=(), microphone=(), geolocation=(), interest-cohort=()

Details

  • Available: English, German, Dutch, French
  • Latest update: 11 November 2024
  • Publication date: 1 December 2021
  • Version: 5.0.1
  • Category: SEO Optimization

Resources

Reviews (1)

Average rating
5.0

Average rating of 5 out of 5 stars

Based on 1 reviews
5.0 Functionality
5.0 Usability
5.0 Documentation
5.0 Support

100 %
0 %
0 %
0 %
0 %

Write a review

If you downloaded this extension you can write a review in the Shopware Account.

Write a review
Plugin funktioniert wie erwartet. Guter und schneller Support
5.0

Average rating of 5 out of 5 stars

by Niklas S.
14 February 2024 11:34
-
5.0 Functionality
5.0 Usability
5.0 Documentation
5.0 Support

About the Extension Partner

Partner Status

  • Shopware Extension Partner Shopware
    Extension Partner

Details

  • Ø-Rating: 5

    Average rating of 5 out of 5 stars

  • Partner since: 2021
  • Extensions: 23

Support

  • Based in: Belgium
  • Speaks: English, Dutch
  • Response time: Very quickly