Security Headers Check your website’s security headers

The Content-Security-Policy (CSP) header helps prevent various types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks, by allowing you to specify trusted sources for content like scripts, styles, and images. It acts as a gatekeeper, only permitting content from approved domains and enhancing the security of your web application.

The X-Frame-Options header helps protect against clickjacking attacks by controlling whether your website can be displayed in an iframe. Setting this header to "DENY" prevents your site from being embedded in an iframe, while "SAMEORIGIN" allows embedding only on pages from the same domain.

The Referrer-Policy header controls how much information is sent in the Referer header when navigating from your site to another. It helps protect user privacy by limiting the amount of data shared with external sites, which can prevent leakage of sensitive information.

The X-Content-Type-Options header prevents browsers from interpreting files as a different MIME type than what is specified by the server. Setting this to "nosniff" stops browsers from attempting to guess the MIME type, which helps mitigate attacks like Cross-Site Scripting (XSS).

The Permissions-Policy header allows you to control access to certain browser features, such as geolocation, camera, and microphone. By specifying which features are allowed on your site, you can improve privacy and security by preventing unauthorized access to sensitive information.

The Strict-Transport-Security (HSTS) header enforces the use of HTTPS for your website, ensuring that all connections are secure. By setting this header, you tell browsers to automatically redirect HTTP requests to HTTPS, which protects users from certain types of network attacks like man-in-the-middle (MITM).