A plain English explanation of HTTP security headers.
Content-Security-Policy
Controls what resources can load on your page. Prevents XSS.
Strict-Transport-Security
Forces HTTPS connections. No more HTTP.
X-Frame-Options
Prevents your site from being embedded in iframes (clickjacking).
X-Content-Type-Options
Prevents MIME-type sniffing attacks.
Check Your Headers
Use my free scanner to see which headers your site is missing:
https://sec.92888888.xyz/websec-scanner/
Pro version with weekly monitoring: $29
https://sec.92888888.xyz/websec-scanner/store
Top comments (0)