title = "Secure Plugin"
description = "Secure plugin provides protection against web attacks"
name = "Secure"
parent = "plugins"
weight = 3
Secure plugin provides protection against cross-site scripting (XSS) attack,
content type sniffing, clickjacking, insecure connection and other code injection
1; mode=block (default)
Provides protection against cross-site scripting attack (XSS) by setting the X-XSS-Protection header
Provides protection against overriding Content-Type header by setting the X-Content-Type-Options header
Can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.provides protection against clickjacking. Possible values: SAMEORIGIN - The page can only be displayed in a frame on the same origin as the page itself. DENY - The page cannot be displayed in a frame, regardless of the site attempting to do so. ALLOW-FROM uri - The page can only be displayed in a frame on the specified origin.
Sets the Strict-Transport-Security header to indicate how long (in seconds) browsers should remember that this site is only to be accessed using HTTPS. This reduces your exposure to some SSL-stripping man-in-the-middle (MITM) attacks.
Won't include subdomains tag in the Strict Transport Security header, excluding all subdomains from security policy. It has no effect unless HSTSMaxAge is set to a non-zero value.
Sets the Content-Security-Policy header providing security against cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.