Introduction
If you are building up your Joomla 4 website, one of the most effective ways to protect your site is using the HTTP Header plugin. With the help of the plugin, you can easily secure your data against cyber attacks by adding HTTP headers. Now, let’s find out how to secure the Joomla 4 site with HTTP Headers.
Secure the Joomla 4 site with HTTP Headers
Firstly, let’s log in to the administrator dashboard of your Joomla 4 site. After that, on the Toggle Menu, simply open System -> Plugins (in the Manage tab).
On the search bar, you just need to type System – HTTP Headers, then enter and click to edit the plugin.
Now, in the Plugin tab, you can freely configure the System – HTTP Headers.
- X-Frame-Options: In this section, you can decide whether your website can be embedded in other sites or web app by using iframes or not.
- Referrer-Policy: This section will allow you to remove the sensitive content from the referrer. It includes 9 options:
+ Disable
+ No-referrer: There is no referrer information sent.
+ No-referrer-when-downgrade: It will be a full URL unless accessing the HTTP page from the HTTPS one.
+ Same-origin: It is the only origin for the same site.
+ Origin: Only origin.
+ Strict-origin: When the security level is the same, it will be origin only.
+ Origin-when-cross-origin: It is the full URL for the same site, but just origin externally.
+ Strict-origin-when-cross-origin: It will be a full URL within the site. It will just origin if the protocol security level is the same, with no information from the HTTPS to the HTTP.
+ Unsafe-URL: It is the full URL.
- Cross-Origin-Opener-Policy: In order to prevent cross-scripting attacks, it allows to open external documents in a separate browsing group.
- Force HTTP Headers: It permits you to insert custom HTTP headers. Besides, you can use Feature-Policy to block unnecessary browser features.
Next, let’s move on to the second tab: Strict-Transport-Security (HSTS).
When you enable this section, you can configure the max-age value, subdomains, and preload. The HSTS will force the web browsers to just load your website via a secure connection. So, let’s enable it that works with SSL 301 redirects so that it will secure your site against HTTP downgrade attacks.
Finally, we will find out the Content-Security-Policy (CSP) tab. If you want to prevent web browsers from loading anything anything that is not in the header, let’s enable the CSP now.
After finishing the configuration to protect your site, don’t forget to save all your changes.
Wrap Up
In conclusion, we hope that the blog today will help you secure the Joomla 4 site with HTTP Headers effectively. If you have any question, don’t hesitate to write your comment on the comment box below. So, we can reply to you as soon as possible. Furthermore, in case you are looking for some attractive template to renew your site, let’s visit the collection of many responsive Joomla 4 Templates here.
- What are joomla tags and how are the used? - November 3, 2024
- Why and how to create hidden menu items in Joomla? - October 31, 2024
- How to publish smartslider 3 to joomla 4? - October 31, 2024
HI,
how do i set the plugin System – http headers,
for the site to pass the security scan that presents me with these vulnerabilities:
Absence of Anti-CSRF Token OWASP ZAP
Absence of Anti-CSRF Token OWASP ZAP active
Missing Anti-clickjacking header OWASP ZAP
Missing Anti-clickjacking header OWASP ZAP active
How I can do?
Thank
In this case, you can contact hosting provider for this security set up.