🔒

Security Headers

ActiveSecurityMUSTFREE

What it does

POTAL implements comprehensive HTTP security headers: Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security (HSTS), and Referrer-Policy. All responses include security headers by default.

How to use it

Verify headers

Check response headers on any API call — security headers are included automatically.

CORS configuration

Configure allowed origins for browser-based API calls in Dashboard > Settings > Security.

Embed securely

When embedding the JS widget, the CSP headers ensure the widget loads only from trusted sources.

Report vulnerabilities

Security issues can be reported via the security disclosure process at potal.app/security.

Related Features

🔒Data Encryption

AES-256 encryption at rest and TLS 1.3 in transit

🔒Access Control

Granular API key scopes with row-level security enforcement

🔒Vulnerability Scanning

Automated dependency scanning and security audits

🔒Penetration Testing

Regular security assessments with documented test results

📋GDPR Compliance

Full GDPR compliance with data export and deletion rights

Having issues?

🐛 Report a Bug ❓ Ask a Question 💡 Suggest Improvement