Security Headers Guide

Complete reference for implementing essential HTTP security headers to protect your web application.

HSTS

Strict-Transport-Security

Forces browsers to use HTTPS connections, preventing protocol downgrade attacks.

Learn More →
CSP

Content-Security-Policy

Prevents XSS attacks by controlling which resources can be loaded and executed.

Learn More →
X-Frame-Options

X-Frame-Options

Prevents clickjacking attacks by controlling whether your site can be embedded in frames.

Learn More →
X-Content-Type-Options

X-Content-Type-Options

Prevents MIME type sniffing attacks by forcing browsers to respect declared content types.

Learn More →
Referrer-Policy

Referrer-Policy

Controls how much referrer information is sent with requests.

Learn More →
Permissions-Policy

Permissions-Policy

Controls which browser features and APIs can be used in your site.

Learn More →
COOP

Cross-Origin-Opener-Policy

Isolates your browsing context from cross-origin documents.

Learn More →
CORP

Cross-Origin-Resource-Policy

Prevents other sites from loading your resources.

Learn More →
COEP

Cross-Origin-Embedder-Policy

Requires resources to explicitly opt-in to being embedded.

Learn More →

Related Resources

TLS Security Topics

Learn about TLS certificates, protocols, and encryption

Learn more

Security Guides

Step-by-step guides for securing your web application

Learn more

Security Guide

Comprehensive guide for securing AI-built websites

Learn more

Blog

Security insights and best practices

Learn more