Categories

System Admin
Contacts
Activity Tracking
DXM
Redirects
Data
Fund Managers
Approval Groups

Links

Header Management

Web Page security policies are included in web page headers. These security policies work to enhance the security of a web page by preventing cross-site attacks by restricting resources like JS or CSS that is loaded by the browser. Attacks could include cross-site scripting, click-jacking or other code injections.

The administration of the header configuration is usually restricted to the Site Administrator and can be configured in the browser.

Header Management can be configured in DXM using Kurtosys’s DXM Domain Management module. The Header Management feature allows clients to manage their own security policy headers in the Kurtosys App. This means policies relevant to client-specific needs and compliance requirements can be easily applied and self-managed. 

Access to this feature can be limited to specific users using the Roles module. 

Roles – Header Management Permissions

  1. Click the System Administration cog.
  2. Click Roles in the SYSTEM ADMINISTRATION menu.
  1. Click to select the role to assign access to the Header Management functionality.
  2. Use the Role Permissions search field to find “Header”.
  3. Toggle Manage Custom Headers on, then click Save

Domain Management

A user with the applicable role will have access to this functionality.

  1. Click the DXM tab to begin.
  2. Click Domain Management.
  3. Click to select the site.
  1. Click to select the appropriate site instance, Development, Staging or Production.
  2. Click to select the appropriate domain.
  3. Click the Headers tab.
  1. The 3 Header options, x-frame-options, referrer-policy and content-security-policy (CSP) are all set to a default value.
  2. To use custom values, toggle one of the Custom options on.
  3. Hover over the i (information) icon to see allowed Header Values.
  1. View the permitted values, then enter a permitted Header Value into the Header Value field.
Note: CSP Header Values change constantly so there is no validation for this field; the latest standards should be used when adding custom values.
 
  1. Repeat these steps for each of the Header options that require custom values.
  2. Click Save.
  3. Type CONFIRM into the Confirmation field, then click Confirm.

If any values do not comply with the allowed values, an error will display, and changes will not be saved.

Update the Header Values to match the allowed values as per the i, then click Save again. Type CONFIRM, then click Confirm.

Note: Changes may take up to 5 minutes to apply because of caching policies.