Skip to main content

Description

Some of the server's response headers are not properly set. They are needed because they make the pages it hosts less susceptible to attacks, such as click-jacking and XSS.

Recommendation#

For application servers, the required HTTP headers are the following:

For API servers, the required HTTP headers are the following:

Requirements#