cyberneticlibrary
← library

Implement security headers correctly

security-headersskillsetup L11,011
trezor/trezor-suite
What it does

Configure HTTP security headers for web application protection

Best for

Preventing XSS, clickjacking, MIME-sniffing in browser security-first deployment

Inputs
  • · Site domain, CSP policy, HSTS max-age preference
Outputs
  • · Header directives (CSP, HSTS, X-Frame-Options, etc.)
Requires
  • · HTTP server config (nginx, Apache) or header middleware
Preconditions

Web server or framework supports custom header injection

Failure modes
  • · Overly restrictive CSP breaking assets
  • · HSTS preload max-age too short
Trust signals
  • · CSP header syntax
  • · HSTS preload + OWASP references