Learn · Security Headers

Security Headers

Security headers (like Strict-Transport-Security, X-Content-Type-Options, and Content-Security-Policy) are response headers a browser reads to decide how to treat a page. They're invisible to a normal site visit, which is exactly why they're easy to launch a site without and never notice missing.

Checking for them is quick; the harder part for agencies is doing it consistently across every client site rather than once during a security audit that never gets repeated.

Who this is for

  • Agencies running security or technical audits for clients
  • Freelancers who want to catch missing headers before a client's security scanner does
  • Developers verifying header configuration after a deploy