HTTP Security Headers
Response headers that instruct browsers to enable security features like content security policy, HSTS, and click-jacking protection.
What is HTTP Security Headers?
What is HTTP Security Headers?
HTTP security headers are directives sent by web servers that tell browsers to enforce security policies. Key headers include: Strict-Transport-Security (HSTS) forces HTTPS connections; Content-Security-Policy (CSP) prevents XSS by controlling which resources can load; X-Frame-Options prevents clickjacking; X-Content-Type-Options prevents MIME type sniffing; Referrer-Policy controls information shared in referrals; Permissions-Policy restricts browser features. Missing or misconfigured headers are among the most common findings in security scans.
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.