What Are HTTP Security Headers?
HTTP security headers are directives sent by web servers that instruct browsers how to handle content. They provide an additional layer of security against common web vulnerabilities.
Essential Security Headers
- Strict-Transport-Security (HSTS): Forces HTTPS connections Forces HTTPS connections
- Content-Security-Policy (CSP): Prevents XSS and injection attacks Prevents XSS and injection attacks
- X-Frame-Options: Protects against clickjacking Protects against clickjacking
- X-Content-Type-Options: Prevents MIME sniffing Prevents MIME sniffing
- Referrer-Policy: Kontrolē atsauces informāciju Controls referrer information
- Permissions-Policy: Ierobežo pārlūkprogrammas funkcijas Restricts browser features
Kā saprast mūsu drošības rādītāju
Mēs vērtējam jūsu galvenes no A+ līdz F, pamatojoties uz kritisko drošības galveņu esamību un konfigurāciju. A+ vērtējums nozīmē, ka visas ieteicamās galvenes ir pareizi konfigurētas.