Skip to main content

Include HTTP security headers

Requirement#

The system must attach properly-configured HTTP security headers to its requests and responses.

Description#

HTTP security headers can be used to increase the overall security of an application. They are very effective at preventing the exploitation of several common vulnerabilities. For this reason, they should be configured as strictly as possible and included in all server requests and responses.

References#