Skip to content
Docs

Session Security

Beyond general access measures, Webfuse emphasizes and provides a comprehensive set of Space and Session security measures and options. TO name a few:

  • Enforce HTTPS requests.
  • Rewrite request and response headers for higher security (e.g., apply a custom Content-Security-Policy).
  • Limit which hosts or URLs can be reached from within a Session.
  • Utilise Webfuse’s infrastructure as a VPN with different proxy types.

HttpOnly Cookies

Section titled “HttpOnly Cookies”

A Session can optionally be configured so that authentication cookies (HttpOnly cookies) will be protected from theft. The platform will encrypt each HttpOnly cookie with a session-specific, strongly randomized key. That is, even in case the cookie is obtained by an adversary, it cannot be used outside of the Session or in a later Session.

Use Cases

Section titled “Use Cases”
🚀 Contain XSS Risks
🚀 Prevent Session Hijacking & Session Cookie Theft

Getting Started

Section titled “Getting Started”

Enable the Cookie Guard App in the Space Session editor