NovaBlockNovaBlock
Privacy for Builders
Lesson 3 of 5

Set the essential security headers

HSTS, CSP, Referrer-Policy.

6 min read

A minimal set of headers (HSTS, Content-Security-Policy, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) protects your users and improves your reputation. Most CDNs let you set them in one place.

NovaBlock's Free Tools include a Privacy Headers Check that grades your site instantly.

Key takeaways

  • HSTS prevents downgrade attacks.
  • CSP reduces XSS impact.
  • Referrer-Policy stops URL leakage to ad networks.