SigningHub Installation Guide

Securing cookies

'X-XSS-Protection' header

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading, when they detect reflected cross-site scripting (XSS) attacks. This header is added by default in web.config.

‘X-FRAME-OPTIONS’ Response Header

To restrict frameable response vulnerability. X-FRAME-OPTIONS can be set to ‘DENY’ in web.config. However, it is not recommended when SigningHub has to be used within IFrame.

<add name="X-Frame-Options" value="DENY" />

Cacheable HTTPS Response

To prevent sensitive information to be stored in browsers local cache, set no-cache option by adding following header under web.config.

<add name="Cache-Control" value="no-cache" />

See also

• Securing SigningHub Admin
• Securing SigningHub Desktop Web
• Database Security