Security Headers Blog
In-depth guides on HTTP security headers and best practices.
Critical
Content-Security-Policy
Controls which resources can be loaded, preventing XSS attacks.
Medium
Permissions-Policy
Controls access to browser features like camera and microphone.
Medium
Referrer-Policy
Controls referrer information sent with requests.
Critical
Strict-Transport-Security
Forces HTTPS connections, preventing protocol downgrade attacks.
High
X-Content-Type-Options
Prevents MIME type sniffing.
High
X-Frame-Options
Protects against clickjacking attacks.