Hi - I want to add security headers to my Wix site. In particular
Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options, Referrer-Policy, Feature-Policy
Is there a way to do this on the Wix designer/code?
1 Like
Hi,
Check out this article.
It might help you.
Good luck!
Roi.
Unfortunately, wix currently does not support site custom headers.
If there is something specific you wish to achieve let me know, maybe there is a workaround in the meantime.
I wanted to whitelist a domain through X-Frame options, since Wix is preventing my iFrame from being loaded. Is this possible? I’m trying to embed Shopify buy buttons / checkout flow.
Refused to display 'https://levy-electric.myshopify.com/25462276182/checkouts/29b956da25a5af0e92e4b8de37b678f5?key=461f22e8f422c8bc431890eab55050e1' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".
I too need the ability to access these headers… it’s been a year, any updates? Can we access them? This is definitely a security risk for many websites out there and needs to be fixed ASAP.
Hi Matt.
Could you please eleberate? What is your specific issue or concern?
matt/omer, I did a bit of digging on this as well and ended up having to switch from Wix to Wordpress:
- The issue wasn’t with the iFrame itself, as it loaded fine on Wordpress and other similar platforms I experimented with.
- Wix doesn’t allow you to set CSP policy, which I agree is a severely limited security feature.
- Since I was able to load several other iFrames on my site when I was building on Wix, I suspect they could be limiting certain iFrame domains. I hope this isn’t the case, but I could see them blocking the Shopify iFrames from rendering as was this case with me - in order to get people to stick with Wix E-commerce solutions instead of embedding Shopify.
Either way, several disappointing that it hasn’t been resolved but luckily there are other publishing platforms that should accomodate your needs.