Security guides your team can ship this week

A complete guide to HTTP Strict Transport Security (HSTS). Learn what it does, how to enable it, and avoid the common pitfalls that break your site.

15 essential WordPress security hardening steps. From basic settings to advanced configuration, protect your WordPress site from the most common attacks.

Step-by-step guide to adding the 6 most important HTTP security headers. Works for Nginx, Apache, Cloudflare, Vercel, and Next.js.

Learn how the Permissions-Policy HTTP header works, which browser features to restrict, and how to configure it on Nginx, Apache, Cloudflare, and Next.js.

The Referrer-Policy header controls how much URL information your browser shares when users navigate away from your site. Learn which value to choose and how to set it up.

Complete guide to DNS security. Prevent domain hijacking, DNS spoofing, and email fraud with DNSSEC, SPF, DKIM, and DMARC configuration.

A developer's checklist for React security. Covers XSS prevention, dangerouslySetInnerHTML, dependency security, CSP, and more with code examples.

A practical security checklist for Next.js apps covering headers, CSP, API routes, authentication, dependency security, and more.

The X-Content-Type-Options: nosniff header prevents MIME-type sniffing attacks. Learn what it does, why you need it, and how to add it in one minute.