Headers

How to Configure Security Headers

Step-by-step guide to configuring HSTS, CSP, X-Frame-Options and other security headers.

Security headers protect your website from common attacks.

## HSTS
Strict-Transport-Security: max-age=31536000; includeSubDomains

## CSP
Content-Security-Policy: default-src 'self';

## X-Frame-Options
X-Frame-Options: DENY

## X-Content-Type-Options
X-Content-Type-Options: nosniff

## Referrer-Policy
Referrer-Policy: strict-origin-when-cross-origin

Was this article helpful?