Security Header

HTTP security headers are response headers that instruct browsers to enable security mechanisms and restrict dangerous behaviors. Key security headers include Content-Security-Policy (XSS protection), Strict-Transport-Security (enforce HTTPS), X-Content-Type-Options (prevent MIME sniffing), X-Frame-Options (clickjacking protection), and Permissions-Policy (restrict browser features).

Automated tools like securityheaders.com and observatory.mozilla.org grade header configuration.