Why Security Headers Matter
Security headers protect against XSS, clickjacking, and data injection. They're free to implement and dramatically improve your security posture.
Essential Security Headers
Content-Security-Policy - Prevents XSS attacks
X-Frame-Options - Blocks clickjacking
X-Content-Type-Options - Prevents MIME sniffing
Strict-Transport-Security - Forces HTTPS
Referrer-Policy - Controls referrer info
Permissions-Policy - Limits browser features
Implementation Examples
Nginx:
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; add_header Strict-Transport-Security "max-age=31536000";
Apache (.htaccess):
Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Content-Type-Options "nosniff"
Cloudflare: Use Transform Rules or Workers to add headers.
Check your headers with our free scanner.