Enterprise Solution: Adding and Setting Up Security Headers

6 min read
Security headers are a set of instructions or rules configured to your website or web server, that fortify websites against cyber threats, protecting sensitive data and fostering site visitor trust.
With Wix Studio for enterprise, you can add and configure your organization's custom security headers for each site. You can also duplicate security header policies across sites to speed up securing your organization's online assets.  
Important:
Security headers work on an individual site level, not on an account level. This allows you to choose the relevant security headers for each of the organization's sites. 
In this article, learn more about:

Custom security header types

The following security headers are currently available with Wix Studio for enterprise:

Adding and configuring security headers

Add and configure the relevant custom security headers for your organization's sites to protect against cyberattacks. Add, and then configure each security header before saving and testing on your site. After a successful test, you can then activate your custom security headers. 
Important:
Only click Save at the top when you are finished configuring all the relevant headers, or you will have to start again from scratch.

To add security headers to a site:

  1. Go to Security Headers in your enterprise dashboard.
  2. Click + Add Headers at the top right.
  3. Click the relevant site. 
  4. Click Select
  5. Select the checkbox next to the security headers you want to add and configure. 
  6. Configure the relevant security headers according to your needs, following the instructions below:

Deactivating security headers

You can temporarily deactivate a security header on a site if your organization is making changes to the site and you need to test certain features. However, it's crucial to reactivate the security header afterward to maintain protection against cyber threats.

To deactivate a security header:

  1. Go to Security Headers in your enterprise dashboard.
  2. Click the More Actions icon  next to the security header you want to deactivate on a site. 
  3. Click Deactivate
  4. Click Deactivate again to confirm. 
A screenshot showing how to deactivate a security header in the Enterprise dashboard.

Deleting security headers

You can delete any security header policy on any of your sites at any time.
Important:
Deleting a policy is permanent and you cannot undo this action. You can deactivate a policy instead, if you prefer. 

To remove a security header from a site:

  1. Go to Security Headers in your enterprise dashboard.
  2. Click the More Actions icon  next to the security header you want to remove from a site. 
  3. Click Delete
  4. Click Delete Policy to confirm. 
A screenshot showing how to delete a security header policy.

Granting access to manage security headers

By default, only an account owner and co-owner can add, set up and manage security headers. You can, however, create a custom role for your account to grant security header access to your security manager, for example.

To grant access to manage security headers:

  1. Go to Team in your enterprise dashboard.
  2. Click More Actions at the top. 
  3. Click Manage Roles
  4. Click + Create New Role.
  5. Enter the Role Title and Description
  6. Scroll down, and click to expand Sites
  7. Select the Manage Folders checkbox. 
  8. Scroll down, and click to expand Enterprise Dashboard
  9. Select the Manage Security Headers checkbox. 
  10. Click Save
A screenshot showing an example of creating a Security Manager custom role in the Enterprise dashboard.

Did this help?

|