Security Headers Hardening

This article is relevant for XMPie's server solutions (uStore, uProduce and XMPL).

Important: The servers on which the customer installs XMPie software should be dedicated exclusively to XMPie software, and no other applications should be installed. If the customer installs additional applications, XMPie will not be responsible for any impact on the functionality of its solutions.

Security Headers (HTTP)

HTTP headers are used by the client and web server to share information as part of the HTTP protocol. When a URL is entered in the address bar of the browser or a link is clicked, the browser sends an HTTP request containing client headers, while the HTTP response contains server headers. Some HTTP headers which are used against common vulnerabilities such as Cross-site Scripting, Session Hijacking, Frameable Response (Clickjacking) are called security headers. Missing security headers may increase the risk of exploitation of these vulnerabilities, if they exist in your application.

XMPie recommends that you have both a Frontend (proxy server) and Backend server solutions. This will ensure a secure environment.

In order to harden the security headers, perform the following configuration on the Frontend server*:

  1. Go to C:\inetpub\wwwroot, and back up this folder.

  2. Open C:\inetpub\wwwroot, and delete the following:

    • aspnet_client folder

    • iisstart.htm

    • iisstart.png

    • web.config

  3. Download the following Configuration files.

    Unzip the files and place them in C:\inetpub\wwwroot.

  1. Restart the server.

* If you do not have a Frontend (proxy) server in your configuration and you've exposed the Backend server to the internet, you'll need to apply the above configuration to your Backend server.

 

Created by: Mohammad Mansour on March, 2025