Header Configurations
Content-Security-Policy (CSP)
Defends against XSS and script injection attacks.
Ensure keywords ('self', 'none', 'unsafe-inline') are wrapped in single quotes.
Strict-Transport-Security (HSTS)
Forces all client connections over HTTPS.
X-Frame-Options (Clickjacking)
Restricts page framing by other websites.
X-Content-Type-Options (nosniff)
Blocks browsers from MIME sniffing response files.
Referrer-Policy (Privacy)
Controls how much referrer metadata is sent on link clicks.
Permissions-Policy
Controls browser features (camera, microphone, location).
Auditor & Exports
A
Good Protection
Overall security score: 85%
Coach Audit Findings
Generated Configuration Snippet