🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security Intermediate

What is Security Headers?

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Essential security headers include Content-Security-Policy (control resource loading), X-Frame-Options (prevent clickjacking), X-Content-Type-Options: nosniff (prevent MIME sniffing), Strict-Transport-Security (force HTTPS), and Referrer-Policy (control referrer information).

Additional headers include Permissions-Policy (restrict browser features), X-XSS-Protection (legacy XSS filter), and Cross-Origin headers (CORP, COEP, COOP). Security headers are a crucial defense layer that requires no code changes — just server configuration.

Related Terms

Input Validation
The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.
Webhook Signature Verification
A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.
OAuth 2.0
An authorization framework that allows third-party applications to access user resources without sharing passwords.
SIEM (Security Information and Event Management)
A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.
Rate Limiting
A technique that controls the number of requests a client can make to a server within a specified time period.
Session Hijacking
An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.
 View All Security Terms →