HTTP Headers Inspector

Content-Security-Policy

Controls which resources the browser is allowed to load. A strong CSP is the most effective defense against cross-site scripting (XSS) attacks.

Strict-Transport-Security

Forces browsers to use HTTPS for your domain for a specified period. Prevents protocol downgrade attacks and cookie hijacking.

X-Frame-Options

Prevents your page from being loaded inside a frame or iframe, which blocks clickjacking attacks.

X-Content-Type-Options

Prevents browsers from guessing the content type of a response, blocking MIME-type confusion attacks.

Referrer-Policy

Controls how much referrer information is included when navigating away from your site, protecting user privacy and preventing information leakage.

Permissions-Policy

Restricts which browser features and APIs the page can use, such as camera, microphone, and geolocation.