Security Headers Generator
A+
Configure Headers
Content-Security-Policy
default-src
script-src
style-src
img-src
font-src
connect-src
frame-ancestors
object-src
base-uri
Strict-Transport-Security
max-age (seconds)
includeSubDomains
preload
X-Frame-Options
Value
DENY
SAMEORIGIN
X-Content-Type-Options
Referrer-Policy
Policy
strict-origin-when-cross-origin
no-referrer
no-referrer-when-downgrade
same-origin
origin
strict-origin
origin-when-cross-origin
Permissions-Policy
Generated Config
nginx
Apache
Vercel
Copy Configuration