Adding Security Headers

rossgillespie · October 30, 2018, 6:31pm

Hi - I want to add security headers to my Wix site. In particular
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, Feature-Policy

Is there a way to do this on the Wix designer/code?

roi-bendet · November 4, 2018, 8:50am

Hi,
Check out this article.
It might help you.
Good luck!
Roi.

omer-yaron · February 12, 2019, 10:13pm

Unfortunately, wix currently does not support site custom headers.
If there is something specific you wish to achieve let me know, maybe there is a workaround in the meantime.

eric3858 · August 28, 2019, 10:13am

I wanted to whitelist a domain through X-Frame options, since Wix is preventing my iFrame from being loaded. Is this possible? I’m trying to embed Shopify buy buttons / checkout flow.

Refused to display 'https://levy-electric.myshopify.com/25462276182/checkouts/29b956da25a5af0e92e4b8de37b678f5?key=461f22e8f422c8bc431890eab55050e1' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

matt42150 · September 10, 2019, 8:02pm

I too need the ability to access these headers… it’s been a year, any updates? Can we access them? This is definitely a security risk for many websites out there and needs to be fixed ASAP.

omer-yaron · September 10, 2019, 8:23pm

Hi Matt.
Could you please eleberate? What is your specific issue or concern?

eric3858 · September 10, 2019, 8:34pm

matt/omer, I did a bit of digging on this as well and ended up having to switch from Wix to Wordpress:

The issue wasn’t with the iFrame itself, as it loaded fine on Wordpress and other similar platforms I experimented with.
Wix doesn’t allow you to set CSP policy, which I agree is a severely limited security feature.
Since I was able to load several other iFrames on my site when I was building on Wix, I suspect they could be limiting certain iFrame domains. I hope this isn’t the case, but I could see them blocking the Shopify iFrames from rendering as was this case with me - in order to get people to stick with Wix E-commerce solutions instead of embedding Shopify.

Either way, several disappointing that it hasn’t been resolved but luckily there are other publishing platforms that should accomodate your needs.