Back to Glossary

Glossary Term

Security Headers

HTTP response headers that tell browsers how to handle content safely and reduce common web attacks.

1 min read

Share this definition

Post it to your feed or send it to teammates.

What it is

Security headers such as Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options define how browsers load resources, execute scripts, and interact with a website. They act as an additional defensive layer on top of application code.

Why it matters

Misconfigured or missing security headers are a common cause of vulnerabilities like cross-site scripting (XSS), clickjacking, and downgrade attacks. Properly implemented headers significantly reduce the attack surface without changing application logic.

How to reduce risk

  • Implement a strict Content Security Policy (CSP).
  • Enforce HTTPS using HTTP Strict Transport Security (HSTS).
  • Regularly scan public-facing assets for header misconfigurations.
  • Test changes using report-only modes before enforcement.