skip to content W3C SVG

Recommended Values for Security relevant HTTP Headers

Muhammad Akbar
Jun 19, 2019
Buy Me a Coffee

The strict recommended values for security relevant HTTP Headers are provided below. Remember, one size doesn’t fit all.

X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Please take a moment to share this post: Twitter, LinkedIn. Buy Me a Coffee. Thank you!