AEM Security Headers
Added Security in AEM via Headers:- In design a robust architecture AEM Architects, Developers, Infrastructure Engineers regularly come across a challenge for adding the additional security in AEM. In this article, we will understand the key security headers which can be used in webserver and give an additional layer of security for your Publish server and content. I have used Apache webserver for all the examples. This article covers - 1 - X-XSS protection 2 - HTTP Strick Transport Security 3 - X-Frame Option 4 - Content Security 1- X-XSS Protection:- X-XSS-Protection header can prevent some level of XSS (cross-site-scripting ) attacks. Configure the x-xss-protection header to 1 in your apache httpd.conf file or Vhost file if you have for all domains as applicable. <IfModule mod_headers.c> <FilesMatch "\.(htm|html)$"> ...