← Back to packages
security-headers
ruleEnforce security headers, CSP, and HTTPS best practices in web applications
planmode install security-headers Content
- Always set Content-Security-Policy headers - Enable Strict-Transport-Security (HSTS) - Set X-Content-Type-Options: nosniff - Set X-Frame-Options: DENY - Configure referrer-policy: strict-origin-when-cross-origin - Never expose server version headers