Introduction

What?

Turn on additional protection for web applications.

Why?

Setting security headers in web applications and web server settings is an easy way to improve the resilience of your web application against many common attacks, including cross-site scripting (XSS), clickjacking attacks, and information disclosure.

How?

These headers can be applied globally or to a specific site in the Nginx/Apache virtual host file by adding the HTTP Security Headers to the server block.

• Check your HTTP security headers

• HTTP Strict Transport Security (HSTS)

• X-Frame-Options

• Content Security Policy (CSP)

• Permissions-Policy

• Referrer-Policy

• X-Content-Type-Options

• X-XSS-Protection

• Set-Cookie

• Content-Type