Show:
Questions
Responses
Print
HTTP Headers
OWASP Top 10
SANS/CWE Top 25
Core Security Concepts
Design Principles
100
This response header facilitates a web security policy mechanism which helps to protect websites against downgrade attacks and cookie hijacking.
What is HTTP Strict Transport Security (HSTS)
100
This OWASP Top 10 security risk, occurs when untrusted data is sent to an interpreter as part of a command or queury.
What is A1 - Injection
200
This header enables the Cross-site scripting (XSS) filter in your browser.
What is X-XSS-Protection
200
This security risk occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key.
What is Insecure Direct Object References
300
This header governs which referrer information, sent in the Referrer header, should be included with requests made.
What is Referrer-Policy
300
This risk concerns application functions related to authentication and session management.
What is broken authentication and session management?
400
This header prevents a wide range of attacks, including cross-site scripting and other cross-site injections.
What is Content-Security-Policy
500
This response header improves the protection of web applications against Clickjacking.
What is What is X-Frame-Options