3 results found
-
Implement SRI attributes for injected JavaScript & Styles
The Optimizely PAAS CMS platform has multiple touchpoints where scripts are injected into the frontend UI. Examples include Optimizely Forms, Content Recommendations, Search & Navigation etc.
When these scripts are injected into the UI, they are not added with a Sub-resource Integrity attribute. An SRI check allows us to instruct the browser that it should not load a tampered version of a JS or CSS file and can protect users from man in the middle attacks. You can read more about SRI here: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
This is a commonly reported issue in penetration tests and clients are becoming increasingly more security…
3 votes -
Redirect page after expiration
It would be great if it is possible te set a redirection (just like in the no-found handler) when a page is expired and is replaced by another page in the website. This would make the process much more user-friendly.
3 votes -
Use more secure ciphers by default
When performing a security check for a DXP site on internet.nl the result is that "Your web server does not prefer 'Good' over 'Sufficient' over 'Phase out' ciphers" and "Your web server supports one or more ciphers that have a phase out status, because they are known to be fragile and are at risk of becoming insufficiently secure.".
I suggest that more secure ciphers should be used on all DXP sites by default. The more secure ciphers are referred to as "Modern", "Compatible", and "Legacy" in the cloudflare documentation. https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/recommendations/
4 votes
- Don't see your idea?