Website security headers
Browse sites by which HTTP security headers they present — a quick signal of a site's security posture.
Strict-Transport-Security (HSTS)
Forces browsers to only connect over HTTPS, preventing protocol-downgrade attacks.
Content-Security-Policy (CSP)
Restricts which sources scripts, styles, and other resources can load from, mitigating XSS.
X-Frame-Options
Prevents the page from being embedded in an iframe on another site, blocking clickjacking.
X-Content-Type-Options
Stops browsers from MIME-sniffing a response away from its declared Content-Type.
Referrer-Policy
Controls how much referrer information is sent along with requests made from the page.
Permissions-Policy
Controls which browser features and APIs (camera, geolocation, etc.) the page may use.