Security guides your team can ship this week

SecurityHeaders.com is a great tool for checking HTTP security headers, but it only tells part of the story. Discover what it misses and how to get a complete security picture.

Learn what a security.txt file is, why it matters for responsible disclosure, and how to create one for your website in under 10 minutes.

A complete guide to HTTP Strict Transport Security (HSTS). Learn what it does, how to enable it, and avoid the common pitfalls that break your site.

15 essential WordPress security hardening steps. From basic settings to advanced configuration, protect your WordPress site from the most common attacks.

Step-by-step guide to adding the 6 most important HTTP security headers. Works for Nginx, Apache, Cloudflare, Vercel, and Next.js.

Learn how the Permissions-Policy HTTP header works, which browser features to restrict, and how to configure it on Nginx, Apache, Cloudflare, and Next.js.

The Referrer-Policy header controls how much URL information your browser shares when users navigate away from your site. Learn which value to choose and how to set it up.

A developer's checklist for React security. Covers XSS prevention, dangerouslySetInnerHTML, dependency security, CSP, and more with code examples.

A practical security checklist for Next.js apps covering headers, CSP, API routes, authentication, dependency security, and more.