logo
Defence blues
Turn on additional protection for web applications
  • Red tradecraft
  • Privacy greenhouse
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Blue team @Purpleteaming
    • Blue team @SOC
    • Blue team for dev
    • Blue team @Home
    • Bulletproofing servers
      • The wake-up call
      • Hardening Linux server
      • Hardening webserver
        • Build a more secure foundation for web applications
        • TLS/SSL protocol security
        • Information disclosure issues
        • Turn on additional protection for web applications
          • Check your HTTP security headers
          • HTTP Strict Transport Security (HSTS)
          • X-Frame-Options
          • Content Security Policy (CSP)
          • Permissions-Policy
          • Referrer-Policy
          • X-Content-Type-Options
          • X-XSS-Protection
          • Set-Cookie
          • Content-Type
        • Turn on additional protection for web applications
          • Check your HTTP security headers
          • HTTP Strict Transport Security (HSTS)
          • X-Frame-Options
          • Content Security Policy (CSP)
          • Permissions-Policy
          • Referrer-Policy
          • X-Content-Type-Options
          • X-XSS-Protection
          • Set-Cookie
          • Content-Type
        • Locking down your web server’s cross-origin policies
      • Smarter mail servers
    • Golem Trust Computing Ltd.
    • Department of Silent Stability
    • The Home for Bewildered Beasts of Legend
    • Stormforge training grounds
    • Honeytech for humans

    Turn on additional protection for web applications¶

    These headers can be applied globally or to a specific site in the Nginx/Apache virtual host file by adding the HTTP Security Headers to the server block.

    Setting security headers

    • Check your HTTP security headers
    • HTTP Strict Transport Security (HSTS)
    • X-Frame-Options
    • Content Security Policy (CSP)
    • Permissions-Policy
    • Referrer-Policy
    • X-Content-Type-Options
    • X-XSS-Protection
    • Set-Cookie
    • Content-Type
    2026-04-01 20:54
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7