Shield's HTTP Headers module protects visitors to your site from a wide range of attacks (including ClickJacking, Cross-Site Scripting, Cross-Site Injection) by implementing increased HTTP Security Response Headers. 


With this module you have the ability to set certain HTTP Security Response Headers.


HTTP Headers module is composed of the following parts:

  1. Advanced Security Headers
  2. Content Security Policy Header

Recommendation: Turn this module on and leave the settings at default for the most compatible configuration. You should rigorously test your site once this is activated as one size definitely does not fit all. You can test your site and see your Security Headers here: securityheaders.io.


Scan your site both before and after you activate the HTTP Headers module to see the difference. Here is an example of the site tested: 


BEFORE

AFTER

For further reading on the HTTP Headers module, read the blog article here.