Security Defenses
Last updated
Last updated
In the Headers tab, within the Security Defenses section, you'll find the following settings.
It is an HTTP response header that allows administrators to control whether a page can be rendered within a frame, iframe, or any other object. It can have three values:
It can take 3 values -
DENY
This header field instructs the browsers not to display the content in any frame
SAMEORIGIN
This header field specifies that the content should not be displayed in any frame from a page with a different origin.
ALLOW-FROM (followed by a serialized-origin)
This header field specifies that the content should not be displayed in any frame from a page with a top-level browsing context of a different origin than the specified one.
By default, ZTrust only sets up a same-origin policy for iframes.
This setting is employed to secure applications in multiple ways, reducing the risk of content injection vulnerabilities.
It's the default value designed to prevent pages from being included by non-origin iframes.
This specifies the default value which prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type
This configuration prevents pages from being indexed by search engines.
This header adjusts the Cross-site Scripting (XSS) filter within your browser. When using the default browser settings, the browser will halt page rendering upon detecting an XSS attack.
This header instructs the browser to consistently utilize HTTPS.
Upon encountering this header, the browser will exclusively access the site via HTTPS for the duration specified (up to 1 year), encompassing subdomains as well.
In the Security Defenses section, within the Brute Force Detection tab, you can enable the toggle.
Once enabled through the toggle button, you can configure various parameters to set up the Brute Force Detection feature.
If OFF, Brute Force Detection is not enabled.
When toggled ON, the user account gets permanently locked after reaching the maximum number of login attempts, until the Admin allows the user to log in again.
This can be customized based on the organization standards.
It means the maximum failed login attempts allowed before triggering a wait period.
This can also be customized to align with organizational standards.
It refers to the duration an user must wait before attempting to log in again after reaching the maximum failed login attempts.
You can adjust the dropdown to select the desired time unit, such as Minutes, Seconds, Hours, or Days, as required.
It can be modified as required.
This duration dictates the interval between consecutive failures; if shorter than the specified duration, it will lock the user.
This can be modified as required.
It represents the waiting period or the duration the user must wait after a rapid login failure.
You can choose from the dropdown the required duration unit that you want to specify out of Seconds, Minutes, Hours, and Days.
This feature can be adjusted to align with your organization's standards.
It denotes the maximum duration for which a user will be locked out.
You can adjust the dropdown to select the desired time unit, such as Minutes, Seconds, Hours, or Days, as required.
This can be adjusted as required.
It refers to the time after which the Failure count will be reset to Zero.
You can choose from the dropdown the required duration unit that you want to specify out of Seconds, Minutes, Hours, and Days.
After any changes are made, click on Save in order to get those changes incorporated.
All attributes can be customized to suit specific requirements.
For more information, go to
Click on for more information.
You can go to for more information.
Click on for more information.
Click on for more information.
Click on for more information.
