https://docs.n7.io/delivery/security/headers/Recent content in Headers on N7 DocsHugoenhttps://docs.n7.io/delivery/security/headers/accesskey/Mon, 01 Jan 0001 00:00:00 +0000https://docs.n7.io/delivery/security/headers/accesskey/<p>To enhance the security of your origin servers when using Nitrogen (N7), we have introduced the Origin Identity Secret (<code>X-Nv-Access-Key</code>) HTTP header. This feature allows your origin to verify that incoming requests have been processed and forwarded by the N7 network, preventing unauthorized direct access.</p> <p>This document explains how the <code>X-Nv-Access-Key</code> works, how to manage your secret keys, and how to configure your origin server for seamless key rotation.</p> <h2 id="overview">Overview<a class="heading-anchor" href="#overview" aria-label="Link to this section">#</a></h2> <p>When enabled, Nitrogen will add a unique <code>X-Nv-Access-Key</code> header to all requests forwarded to your origin server. The value of this header is a secret key that you can manage within the Nitrogen dashboard (<code>dash.n7.io</code>).</p>https://docs.n7.io/delivery/security/headers/cors/Mon, 01 Jan 0001 00:00:00 +0000https://docs.n7.io/delivery/security/headers/cors/<p>This page will show you the options to configure CORS (Cross-Origin Resource Sharing) response headers for your site. Refer this <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS" target="_blank" rel="noreferrer">MDN link</a> for more details. </br></br> It is a mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.</br> </br> <em>Note: For demo purpose, we will be using <code>www.nviztest.com</code> domain as an example.</em></br></p> <h2 id="prerequisite">Prerequisite<a class="heading-anchor" href="#prerequisite" aria-label="Link to this section">#</a></h2> <ol> <li>You must have a domain configured on Nitrogen.</li> </ol> <h2 id="steps">Steps<a class="heading-anchor" href="#steps" aria-label="Link to this section">#</a></h2> <ol> <li> <p>Click on <code>Security</code> menu, and open <code>CORS</code> tab.<br/></p>https://docs.n7.io/delivery/security/headers/csp/Mon, 01 Jan 0001 00:00:00 +0000https://docs.n7.io/delivery/security/headers/csp/<p>This page will show you the step to configure CSP (Content-Security-Policy) response header for your site. Refer this <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank" rel="noreferrer">MDN link</a> for more details. </br></br> It allows website administrators to control resources the user agent is allowed to load for a given page. This helps guard against cross-site scripting attacks (Cross-site_scripting).</br> </br> <em>Note: For demo purpose, we will be using <code>www.nviztest.com</code> domain as an example.</em></br></p> <h2 id="prerequisite">Prerequisite<a class="heading-anchor" href="#prerequisite" aria-label="Link to this section">#</a></h2> <ol> <li>You must have a domain configured on Nitrogen.</li> </ol> <h2 id="steps">Steps<a class="heading-anchor" href="#steps" aria-label="Link to this section">#</a></h2> <ol> <li> <p>Click on <code>Security</code> menu, and open <code>CSP</code> tab.<br/></p>https://docs.n7.io/delivery/security/headers/hsts/Mon, 01 Jan 0001 00:00:00 +0000https://docs.n7.io/delivery/security/headers/hsts/<p>This page will show you steps to configure HSTS (Strict-Transport-Security) response header for your site. Refer this <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security" target="_blank" rel="noreferrer">MDN link</a> for more details. </br></br> HSTS response header informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.</br></p> <p>When a browser knows that a domain has enabled HSTS, it does two things:</p> <ul> <li>Always uses an https:// connection, even when clicking on an http:// link or after typing a domain into the location bar without specifying a protocol.</li> <li>Removes the ability for users to click through warnings about invalid certificates. </br></li> </ul> <p><em>Note: For demo purpose, we will be using <code>www.nviztest.com</code> domain as an example.</em></br></p>https://docs.n7.io/delivery/security/headers/xss/Mon, 01 Jan 0001 00:00:00 +0000https://docs.n7.io/delivery/security/headers/xss/<p>This page will show you the options to configure XSS (Cross-Site-Scripting) response headers for your site. </br></br> Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. These attacks succeed if the Web app does not employ enough validation or encoding. Refer this <a href="https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting" target="_blank" rel="noreferrer">MDN link</a> for more details.</br> </br> <em>Note: For demo purpose, we will be using <code>www.nviztest.com</code> domain as an example.</em></br></p> <h2 id="prerequisite">Prerequisite<a class="heading-anchor" href="#prerequisite" aria-label="Link to this section">#</a></h2> <ol> <li>You must have a domain configured on Nitrogen.</li> </ol> <h2 id="steps">Steps<a class="heading-anchor" href="#steps" aria-label="Link to this section">#</a></h2> <ol> <li> <p>Click on <code>Security</code> menu, and open <code>XSS</code> tab.<br/></p>