Headers
How to Configure Security Headers
Step-by-step guide to configuring HSTS, CSP, X-Frame-Options and other security headers.
Security headers protect your website from common attacks.
## HSTS
Strict-Transport-Security: max-age=31536000; includeSubDomains
## CSP
Content-Security-Policy: default-src 'self';
## X-Frame-Options
X-Frame-Options: DENY
## X-Content-Type-Options
X-Content-Type-Options: nosniff
## Referrer-Policy
Referrer-Policy: strict-origin-when-cross-origin
## HSTS
Strict-Transport-Security: max-age=31536000; includeSubDomains
## CSP
Content-Security-Policy: default-src 'self';
## X-Frame-Options
X-Frame-Options: DENY
## X-Content-Type-Options
X-Content-Type-Options: nosniff
## Referrer-Policy
Referrer-Policy: strict-origin-when-cross-origin