Security Kit

Security Kit helps Drupal admins sleep better at night, knowing their site is much safer and well protected against common, avoidable hacking attempts.

While some of the security loopholes it fixes are quite well-known and simple, Security Kit also prevents more complex hacking attacks as well.

Just install, head to the configuration panel and activate the needed Security Kit features (which are all, since they're all quite useful).

Installation:

Login the Drupal administration panel.
Go to Modules section.
Upload the module or copy&paste the module download URL.
Find and activate the module after installation in the modules list.

Features:

• Add SSL/TLS support
• Prevent cross-site scripting
• Protect against cross-site request forgery
• Clickjacking prevention
• From-Origin HTTP response header implementation

What is new in this release:

• Increase maxlength of the CSP fields so that more domains can be added
• Wrong HTTP_ORIGIN restriction for sub-folder base URL
• Wrong comment tag
• Undefined index: CONTENT_TYPE / CONTENT_LENGTH in _seckit_csp_report()
• CSP report Content-Type has changed.
• Provide hook_seckit_options_alter()
• Support multiple hosts in X-FRAME-OPTIONS Allow-From mode

What is new in version 6.x-1.7:

• CSP report-uri directive is relative
• Undefined index in _seckit_csp_report()

What is new in version 7.x-1.6:

• Fixed bug:
• Default all features to disabled.

Requirements:

• Drupal 7.x/6.x