logo
Blue team
Turn on additional protection for web applications
  • Red team
  • Green team
  • Purple team
  • Indigo team
  • Broomstick Brief
  • Ty Myrddin
Initializing search
      • Blue team @SOC
      • Blue team for dev
      • Blue team @Home
      • Bulletproofing servers
        • The wake-up call
        • Hardening Linux server
        • Hardening webserver
          • Build a more secure foundation for web applications
          • TLS/SSL protocol security
          • Information disclosure issues
          • Turn on additional protection for web applications
            • Check your HTTP security headers
            • HTTP Strict Transport Security (HSTS)
            • X-Frame-Options
            • Content Security Policy (CSP)
            • Permissions-Policy
            • Referrer-Policy
            • X-Content-Type-Options
            • X-XSS-Protection
            • Set-Cookie
            • Content-Type
          • Turn on additional protection for web applications
            • Check your HTTP security headers
            • HTTP Strict Transport Security (HSTS)
            • X-Frame-Options
            • Content Security Policy (CSP)
            • Permissions-Policy
            • Referrer-Policy
            • X-Content-Type-Options
            • X-XSS-Protection
            • Set-Cookie
            • Content-Type
          • Locking down your web server’s cross-origin policies
        • Smarter mail servers
      • Honeytech for humans

    Turn on additional protection for web applications¶

    These headers can be applied globally or to a specific site in the Nginx/Apache virtual host file by adding the HTTP Security Headers to the server block.

    Setting security headers

    • Check your HTTP security headers
    • HTTP Strict Transport Security (HSTS)
    • X-Frame-Options
    • Content Security Policy (CSP)
    • Permissions-Policy
    • Referrer-Policy
    • X-Content-Type-Options
    • X-XSS-Protection
    • Set-Cookie
    • Content-Type
    Last update: 2025-05-19 17:28
    Back to top
    Previous Disable directory listing
    Next Check your HTTP security headers
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7