Security Intermediate

What is Security Headers?

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Essential security headers include Content-Security-Policy (control resource loading), X-Frame-Options (prevent clickjacking), X-Content-Type-Options: nosniff (prevent MIME sniffing), Strict-Transport-Security (force HTTPS), and Referrer-Policy (control referrer information).

Additional headers include Permissions-Policy (restrict browser features), X-XSS-Protection (legacy XSS filter), and Cross-Origin headers (CORP, COEP, COOP). Security headers are a crucial defense layer that requires no code changes — just server configuration.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

View All Security Terms →