Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Advanced Search
  • 1

Possible to add security headers?


aaronzap

Question

Site URL: https://securityheaders.com/

Hi,

Square Space Support has directed me to the forum. Just wondering if anyone has been successful in adding in security headers to a square space site. If you scan with the above url you will see the missing headers. Support recommended injecting html but that is a client side solution to a server side requirement.

After looking into this one in more detail it looks like none of those techniques will work as they are client-side rather than server-side. Chrome, for example, will ignore x-frame-options when it's in a meta tag and so we would expect that a bad actor or script would do the same thing. Here is a summary of the problem with fixes:

https://security.stackexchange.com/questions/167081/how-to-add-x-frame-options-header-to-a-simple-html-file

It seems the only way to set these headers as to affect security is to apply at the server level. On apache/wordpress we just use the functions file to hook in before page load and set the headers.

Does squarespace have a way to do something similar? is there anything that you recommend we try aside form the client side links provided? Happy to help troubleshoot or explain in more detail.

 

Link to comment
  • Answers 0
  • Created
  • Last Reply

Top Posters For This Question

Popular Days

Top Posters For This Question

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment


×
×
  • Create New...