Security Intermediate

What is Security Headers?

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Essential security headers include Content-Security-Policy (control resource loading), X-Frame-Options (prevent clickjacking), X-Content-Type-Options: nosniff (prevent MIME sniffing), Strict-Transport-Security (force HTTPS), and Referrer-Policy (control referrer information).

Additional headers include Permissions-Policy (restrict browser features), X-XSS-Protection (legacy XSS filter), and Cross-Origin headers (CORP, COEP, COOP). Security headers are a crucial defense layer that requires no code changes — just server configuration.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

View All Security Terms →