Start a new topic

Missing Security Headers

1) Strict-Transport-Security:

HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. Recommended value:
"strict-transport-security: max-age=31536000; includeSubDomains".
2) Content-Security-Policy:
Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, can prevent the browser from loading malicious assets.
3) Referrer-Policy
Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.

Login to post a comment