Web and Account Protection

In addition to network and platform-level protection, Kanorio implements application-layer defenses for your published websites and backend accounts. Here's how these measures protect your visitors and you.

Preventing Malicious Code Injection

When visitors access your website, their browsers load resources like HTML, CSS, and JavaScript. Without restrictions, malicious third parties might attempt to inject malicious code into your web pages (e.g., to steal visitor-entered passwords or cookies) or redirect visitors to phishing sites.

Kanorio applies Content-Security-Policy (CSP) to your published website's responses, restricting the sources from which web pages can load resources. For example, it allows scripts only from trusted domains and disallows the execution of unauthorized inline code. This significantly reduces the risk of malicious code injection and visitor data theft.

Preventing Malicious Embedding

Clickjacking occurs when an attacker embeds your website within a transparent iframe overlaid on a fraudulent page. Visitors believe they are clicking buttons on your site, but they might actually be triggering hidden malicious actions (like authorizing fund transfers or installing malware).

Kanorio applies X-Frame-Options to restrict your website from being embedded by other domains or to disallow embedding altogether. This prevents your site from being framed on phishing or fraudulent pages, protecting visitors from being misled.

Preventing File Type Forgery

Browsers determine how to handle files based on their MIME type (e.g., text/html, application/javascript). If an attacker forges the MIME type, they might trick the browser into executing malicious content as a script.

Kanorio applies X-Content-Type-Options: nosniff, instructing browsers to strictly adhere to the declared MIME type from the server and not to "sniff" or guess the type. This reduces the risk of executing malicious content due to incorrect type interpretation.

Protecting Visitor Privacy

When visitors click links on your site to navigate to other websites, browsers may send a Referrer header by default, informing the target site of the visitor's origin. This can leak visitor browsing paths or sensitive parameters.

Kanorio applies Referrer-Policy to control the extent of referrer information leakage. For instance, same-site navigation can send the full path, while cross-site navigation might only send the origin domain, or no referrer information might be sent over insecure connections. This reduces the risk of visitor activity being tracked by third parties.

Limiting Sensitive Permissions

Modern browsers support web pages accessing devices like location, microphone, and camera. Without restrictions, malicious websites could attempt to access these permissions without explicit consent.

Kanorio applies Permissions-Policy, disabling sensitive permissions like location, microphone, and camera by default. If your website requires these features (e.g., location for online booking), you can proactively enable them in the module or settings. Websites that haven't enabled them won't unexpectedly prompt visitors for authorization.

Two-Factor Authentication (2FA)

Beyond web protection, account security is equally important. Kanorio offers Two-Factor Authentication (2FA), which you can enable in "Settings → Security." Once enabled, logging in will require not only your password or an email login link but also a 6-digit code from an authenticator app (like Google Authenticator).

Even if your password is leaked or your login link is intercepted, others cannot access your account because they won't have the verification code from your phone. This effectively protects your website management privileges and brand assets. See Two-Factor Authentication (2FA) for details.

Related Links

• Two-Factor Authentication (2FA)
• Network and Transport Security
• Platform Compliance and Privacy
• Network and Transport Security