HTTP security headers are very important part of website security as it protect you against different types of attacks including, XSS, SQL injection, clickjacking, etc.
When you visit any website from your web browser, your browser requests it from the web server where the web site is hosted on. The web server then responds with HTTP Response Headers. These headers contains meta data, status error codes, cache rules and more. It also tell your browser how to behave when handling your website’s content. When you use the web and interacts with websites, your browser stores its information. These headers will help you to outline communication and improve web security. There are six most important security headers that you should be aware of and we recommend implementing if possible.
Be careful, these headers are applying globaly in server if you want to change to specific files please add headers inside a location (nginx) or filesMatch (apache) block. So if you add headers inside any location, files will apply only headers inside location block and global headers will not works for these types of files. Continue reading