What Are HTTP Security Headers?
HTTP security headers are directives sent by web servers that instruct browsers how to handle content. They provide an additional layer of security against common web vulnerabilities.
Essential Security Headers
- Strict-Transport-Security (HSTS): Forces HTTPS connections Forces HTTPS connections
- Content-Security-Policy (CSP): Prevents XSS and injection attacks Prevents XSS and injection attacks
- X-Frame-Options: Protects against clickjacking Protects against clickjacking
- X-Content-Type-Options: Prevents MIME sniffing Prevents MIME sniffing
- Referrer-Policy: Controlla le informazioni di referrer Controls referrer information
- Permissions-Policy: Limita le funzionalità del browser Restricts browser features
Comprendere il nostro Punteggio di Sicurezza
Valutiamo le tue intestazioni da A+ a F in base alla presenza e alla configurazione di intestazioni di sicurezza critiche. Un voto A+ significa che tutte le intestazioni raccomandate sono configurate correttamente.