What is Content-Security-Policy (CSP)?

CSP is an HTTP header that controls which resources (scripts, styles, images) a browser is allowed to load. It is the most powerful defense against Cross-Site Scripting (XSS) attacks by whitelisting trusted content sources.

HSTS (HTTP Strict Transport Security) tells browsers to always use HTTPS for a domain. Once set, browsers will refuse to connect over HTTP, preventing protocol downgrade attacks and cookie hijacking.

Why does my site get a low security grade?

Common reasons: missing Content-Security-Policy header, no HSTS header, missing X-Frame-Options (allows clickjacking), no X-Content-Type-Options (allows MIME sniffing), or missing Referrer-Policy header.

How do I add security headers to my website?

Add headers in your web server configuration: Apache (.htaccess), Nginx (server block), or your CDN/hosting dashboard. Most hosting providers and CDNs like Cloudflare, Vercel, and Netlify allow header configuration through their UI.

Проверка на HTTP Хедъри - Анализ на Уеб Сигурност

What Are HTTP Security Headers?

HTTP security headers are directives sent by web servers that instruct browsers how to handle content. They provide an additional layer of security against common web vulnerabilities.

Essential Security Headers

Strict-Transport-Security (HSTS): Forces HTTPS connections Forces HTTPS connections
Content-Security-Policy (CSP): Prevents XSS and injection attacks Prevents XSS and injection attacks
X-Frame-Options: Protects against clickjacking Protects against clickjacking
X-Content-Type-Options: Prevents MIME sniffing Prevents MIME sniffing
Referrer-Policy: Контролира информацията за препращане Controls referrer information
Permissions-Policy: Ограничава функциите на браузъра Restricts browser features

Разбиране на нашия резултат за сигурност

Ние оценяваме вашите хедъри от A+ до F въз основа на наличието и конфигурацията на критични хедъри за сигурност. Оценка A+ означава, че всички препоръчани хедъри са правилно конфигурирани.

📋 HTTP хедъри

What Are HTTP Security Headers?

Essential Security Headers

Разбиране на нашия резултат за сигурност

Key Facts

Frequently Asked Questions

📋 HTTP хедъри

What Are HTTP Security Headers?

Essential Security Headers

Разбиране на нашия резултат за сигурност

Key Facts

Frequently Asked Questions

Related Security Tools