Security headers play a major role in keeping your website safe. They are designed to protect against a wide range of common web attacks, making it harder to exploit client-side vulnerabilities.

Why Do Security Headers Matter for Your Business? #

• Mitigation of Risks: Security headers are an extra layer of defense for your CRM data, making it more challenging for potential threats to compromise your online presence, reducing the potential for security breaches and data leaks.
• Compliance Assurance: Security headers help your business meet various regulatory requirements and industry standards, keeping you compliant with data protection laws.
• Enhanced Reputation: A secure website is a trustworthy website. By prioritizing security, you’ll likely build stronger relationships with existing clients and prospects.

Implementing Security Headers #

Access your Funnel/Website/Store tab in the Sites section. Here, you can create a new Site or edit an existing one.

Within your selected Site, find and click on the Security tab.

Press the “+Add security header” button to proceed.

You will be prompted to enter a name and a value for the header. Fill in these details accordingly and click Create.

And there you have it, now you can enhance your Site’s security. Adding security headers like Content Security Policy (CSP) or HTTP Strict Transport Security (HSTS) significantly reduces the risk of cross-site scripting attacks or ensures that browsers only connect to your website over HTTPS, respectively. This reassures your customers that their data is safe, increasing trust in your business and helping you get more sales.

Frequently Asked Questions #

What are security headers and why do they matter? #

Security headers are an extra layer of defense that protect against common web attacks, help you meet regulatory and compliance requirements, and build trust by keeping your site and customer data secure.

How do I add a security header to my Site? #

Open the Funnel/Website/Store tab in the Sites section, edit your Site, click the Security tab, press “+Add security header,” enter a name and value, then click Create.

I can’t find the Security tab. Where is it? #

Make sure you’re in the editing mode of a specific Site. The Security tab is not visible in the general settings or dashboard.

What happens if I enter the wrong value for a header? #

Incorrectly configured security headers can cause parts of your site to malfunction. If you notice issues, review the values you entered and adjust them as necessary.

Can I add any security header I want? #

The CRM supports a variety of security headers, but you should understand the purpose and configuration of each one before adding it, since misconfiguration can lead to unintended consequences.

Which security headers are commonly recommended? #

Headers like Content Security Policy (CSP), which reduces cross-site scripting risk, and HTTP Strict Transport Security (HSTS), which forces HTTPS connections, are common examples that strengthen site safety.