Security must be done at every level, both at the user, browser and server level, but not least at the application level .HTTP response headers are an important tool to secure your web app or website against various types of attacks by signaling to the browser which features you do not want the browser to use while displaying your web page. HTTP response headers are additional information sent from your application to the user’s browser.
Security is always about a balance between ease of use and security level: You should restrict your browsers from functionality that poses potential security risk, but should not limit too much so that they do not display your website the way you want.
HTTP Strict Transport Security (HSTS)
Requires browsers or compatible agents to interact only with applications via HTTPS and never regular HTTP or lower versions of Transport Layer Security (TLS). Setting this HSTS header can help protect programs from downgrading protocols. In practice, this can be difficult to implement on some websites.
The X-Frame-Options header protects web applications from so-called “clickjacking” by refusing third parties to put your webpage in your “frame” (a sub-container that displays your webpage ‘inside’ another webpage).
The X-XSS-Protection header is designed to defend web applications against XSS attacks by configuring functionality that is already built into most browsers.
If your browser refuses to “sniff” the content type (MIME), the browser therefore forces you to adhere to the content type set by your web page.
Defends against, for example, XSS and “clickjacking” by explicitly defining what content should be able to load on the website, via a whitelist. Must be set depending on what content you actually have on the website, such as third-party scripts.
The reference policy’s HTTP response link controls how much domain information is sent in the referrer header, to limit the information shared with external pages you link to.
Limits the features and APIs that can be used in your web browser.
Not all security-related HTTP response headers are compatible with all browsers. As a leading web design company in India, we offer a useful summary of which browsers support which headers.
To need a support for your website, fill the form: https://www.blazedream.com