Security Intermediate

What is Security Headers?

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Essential security headers include Content-Security-Policy (control resource loading), X-Frame-Options (prevent clickjacking), X-Content-Type-Options: nosniff (prevent MIME sniffing), Strict-Transport-Security (force HTTPS), and Referrer-Policy (control referrer information).

Additional headers include Permissions-Policy (restrict browser features), X-XSS-Protection (legacy XSS filter), and Cross-Origin headers (CORP, COEP, COOP). Security headers are a crucial defense layer that requires no code changes — just server configuration.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

Webhook Signature Verification

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

A technique that controls the number of requests a client can make to a server within a specified time period.

View All Security Terms →