[Advanced] Security

This section allows to configure security related settings.

HTTP Security Headers

• Content security policy (CSP) enabled: if enabled, CSP has significant impact on the way browsers render pages (e.g., inline JavaScript disabled by default and must be explicitly allowed in policy). CSP prevents a wide range of attacks, including cross-site scripting and other cross-site injections. Note that a Content Security Policy (CSP) requires careful tuning and precise definition of the policy.

• Content security policy (CSP) value: the CSP security HTTP header value.

• Expect valid signed certificate timestamp (Expect-CT) enable: the expect-CT header is used by a server to indicate that browsers should evaluate connections to the host emitting the header for certificate transparancy compliance.

• Expect valid signed certificate timestamp (Expect-CT) value: the expect-CT header value.

Hint

Do not forget to click on Save to save the changes. When everything in the config tool is configured, the Genius Server needs to be restarted.