Security guides your team can ship this week

Learn how the Permissions-Policy HTTP header works, which browser features to restrict, and how to configure it on Nginx, Apache, Cloudflare, and Next.js.

The Referrer-Policy header controls how much URL information your browser shares when users navigate away from your site. Learn which value to choose and how to set it up.

Step-by-step guide to adding the 6 most important HTTP security headers. Works for Nginx, Apache, Cloudflare, Vercel, and Next.js.

The X-Content-Type-Options: nosniff header prevents MIME-type sniffing attacks. Learn what it does, why you need it, and how to add it in one minute.

15 essential WordPress security hardening steps. From basic settings to advanced configuration, protect your WordPress site from the most common attacks.

A complete guide to HTTP Strict Transport Security (HSTS). Learn what it does, how to enable it, and avoid the common pitfalls that break your site.

A practical security checklist for Next.js apps covering headers, CSP, API routes, authentication, dependency security, and more.

A developer's checklist for React security. Covers XSS prevention, dangerouslySetInnerHTML, dependency security, CSP, and more with code examples.