Fill in the security header names.

To harden HTTP responses: prevent MIME-type sniffing with X-Content-Type-Options: nosniff; block framing with X-Frame-Options: DENY; enforce HTTPS with Strict-Transport-Security; and limit allowed sources with Content-Security-Policy.

These headers together defend against MIME-sniffing, clickjacking, protocol downgrade, and XSS via inline scripts.

References

OWASP Secure Headers Project

Practice this in the app →