Configure Response Headers

This section contains options for enabling and disabling advanced security headers. The Content Security Policy (CSP) is a computer security standard used to prevent cross-site scripting (XSS), clickjacking, and other code injection attacks resulting from the execution of malicious content in a trusted web page context.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page as a frame, iframe, or object. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded in other sites.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.