All responses in Web Console and Command Center include security headers:
-
X-Content-Type-Options
-
X-XSS-Protection
-
X-Frame-Options
-
Content-Security-Policy
-
Referrer-Policy
When HTTPS is configured, the responses in Web Console and Command Center include additional security headers:
-
Strict-Transport-Security
-
Public-Key-Pins (If you configured HTTP public key pinning.)
In addition to the security headers, Commvault software includes internal protection against Cross-site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks.