Lesson 3 of 5
Set the essential security headers
HSTS, CSP, Referrer-Policy.
6 min read
A minimal set of headers (HSTS, Content-Security-Policy, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) protects your users and improves your reputation. Most CDNs let you set them in one place.
NovaBlock's Free Tools include a Privacy Headers Check that grades your site instantly.
Key takeaways
- HSTS prevents downgrade attacks.
- CSP reduces XSS impact.
- Referrer-Policy stops URL leakage to ad networks.
