| Header |
Purpose |
| Content-Security-Policy |
Restricts sources for scripts, styles, images, etc. |
| Strict-Transport-Security |
Forces HTTPS for the domain |
| X-Content-Type-Options: nosniff |
Prevents MIME-type sniffing |
| X-Frame-Options: DENY |
Prevents clickjacking via iframes |
| Referrer-Policy |
Controls how much referrer info is sent |
| Permissions-Policy |
Restricts access to browser features (camera, mic, etc.) |
| Cache-Control |
Prevents sensitive responses from being cached |
Do a security scan with securityheaders.com on a site built with this boilerplate.
Do a security scan with securityheaders.com on a site built with this boilerplate.