Search Security Header Level

Controls the level of the HTTP headers sent by the search script. The dowalk (admin) script always sets the default level of HTTP security headers.

Choose None to not send the HTTP security headers.

Choose Default to send the default level of security headers. These prevent the pages from being included as an IFRAME to prevent clickjacking, and content type sniffing. The actual headers sent are subject to change over time as security practices evolve. Current headers are:

X-Frame-Options: Deny
Content-Security-Policy: frame-options 'self'
X-Content-Type-Options: nosniff


Copyright © Thunderstone Software     Last updated: Apr 15 2024
Copyright © 2024 Thunderstone Software LLC. All rights reserved.