Security Headers

A collection of HTTP response headers that harden web application security by instructing browsers how to behave when handling content. Key headers include Content-Security-Policy (XSS mitigation), Strict-Transport-Security (force HTTPS), X-Content-Type-Options (prevent MIME sniffing), X-Frame-Options (clickjacking prevention), and Referrer-Policy (limit referrer leakage). Tools like securityheaders.com and Mozilla Observatory grade a site's header configuration and highlight missing protections.