Skip to main content

Security Headers for Funnels and Websites

This article explains how to add and manage custom security headers for Funnels and Websites to improve browser-level security.

Updated over 2 months ago

Who This Is For / When to Use

Use this feature if you:

  • Manage Funnels or Websites in Kyrios

  • Need stronger protection against browser-based attacks

  • Must meet security or compliance requirements

  • Want control over HTTP response behavior

What Security Headers Do

Security headers are HTTP response instructions sent to a visitor’s browser when a page loads.

They help:

  • Prevent cross-site scripting (XSS)

  • Block clickjacking attempts

  • Enforce HTTPS connections

  • Control how content and scripts are loaded

Security headers apply automatically once saved.

Where Security Headers Apply

Custom security headers apply to:

  • Funnels

  • Websites

Headers are enforced on all pages within the selected Funnel or Website.

How to Add a Security Header

Step 1: Open Funnel or Website Security Settings

  1. Go to Sites.

  2. Select Funnels or Websites.

  3. Open the Funnel or Website.

  4. Click Settings.

  5. Select the Security tab.

Step 2: Add a New Security Header

  1. Click + Add security header.

  2. The Add custom header modal opens.

Step 3: Enter Header Name and Value

  1. Enter the Header name
    Example: Content-Security-Policy

  2. Enter the Value based on your requirements.

  3. Click Create to save.

The header is applied immediately.

Commonly Used Security Headers

You can add any valid HTTP response header, including:

  • Content-Security-Policy (CSP) – Controls allowed content sources

  • X-Frame-Options – Prevents iframe embedding

  • X-Content-Type-Options – Stops MIME-type sniffing

  • Strict-Transport-Security (HSTS) – Enforces HTTPS

  • Referrer-Policy – Controls referrer data

  • Permissions-Policy – Restricts browser features

Best Practices for Security Headers

  • Start with conservative rules and expand gradually

  • Test after each change to avoid breaking scripts or embeds

  • Avoid overly restrictive CSP rules on pages using third-party tools

  • Always use HTTPS before enabling HSTS

Testing Your Security Headers

After saving headers, verify them using a security scanner.

You should confirm:

  • Headers are present

  • No errors or warnings appear

  • Page functionality remains intact

Important Notes

  • Incorrect values can break page functionality

  • Kyrios does not validate header syntax

  • Headers apply globally to the Funnel or Website

  • Changes may take a short time to reflect due to caching

FAQ

What are custom security headers?

Custom security headers are HTTP response headers you define to control browser behavior and reduce security risks.

Why should I use security headers?

They protect against common attacks like XSS, clickjacking, and insecure connections.

Where do I add security headers?

In Sites → Funnels/Websites → Settings → Security.

What information is required?

You must provide:

  • Header name

  • Header value

Will security headers affect my site?

When configured correctly, they improve security without impact. Overly restrictive rules may block scripts or embeds.

How do I enforce HTTPS?

Use an SSL certificate and add the Strict-Transport-Security header.

Can I add multiple security headers?

Yes. You can add as many headers as needed.

Related Articles
Converting Funnel Steps and Website Pages in Kyrios
How to Connect a Domain to a Funnel or Website
Funnels on WordPress Websites
How to Create and Add a Chat Widget to Funnels and Websites
How to Use Kyrios Website Architect AI with the AI Funnel & Website Builder
Did this answer your question?