Short definition: Browser-enforced protections against common web vulnerabilities.
1 min read
What it is
Security headers such as CSP, HSTS, X-Frame-Options, and X-Content-Type-Options protect users from XSS, clickjacking, protocol downgrades, and MIME-type attacks.
Why it matters
Even secure applications remain vulnerable without proper browser-side controls. Headers reduce risk from malicious scripts and insecure connections.
How to reduce risk
- Apply a restrictive Content Security Policy
- Enable HSTS
- Use X-Frame-Options
- Disable MIME sniffing
- Test headers across browsers