Security level in your website controls the HTTP security headers to be returned to the browser when a resource is requested.
The table below shows the values of HTTP security headers for different Security levels.
| HTTP Header | No | Basic | Standard | Full |
|---|---|---|---|---|
| Referrer-Policy | 𐄂 | no-referrer-when-downgrade | strict-origin | same-origin |
| X-Content-Type-Options | 𐄂 | nosniff | nosniff | nosniff |
| X-Frame-Options | 𐄂 | sameorigin | sameorigin | sameorigin |
| X-Xss-Protection | 𐄂 | 1; mode=block | 1; mode=block | 1; mode=block |
| Strict-Transport-Security | 𐄂 | 𐄂 | 𐄂 | max-age=31536000; preload |
| Feature-Policy | 𐄂 | layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none' | layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none' | layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none' |
| Content-Security-Policy | 𐄂 | default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ws: wss: http: https: | default-src 'self' data: 'unsafe-inline' wss: https: | default-src 'self' data: wss: https: |
You could use external service like securityheaders.com to scan your website.
We use cookies to offer you a better experience and analyze site traffic. By continuing to use this website, you consent to the use of our cookies.