~/tools/headers

Security headers checklist

A working reference for hardening a web response: the headers that matter, sensible starting values, and why each one earns its place.

0 / 8 checked

This checklist covers response headers. It is not a substitute for testing against a live origin — after deploying, verify with an external scanner such as securityheaders.com or Mozilla Observatory.

Priorities are a rough guide: essential headers belong on nearly every site, recommended ones on most, and situational ones depend on whether you embed or are embedded by other origins. This site's own headers are documented on the architecture page.

← ~/tools