Developer Tools
Security Headers Generator
Generate HTTP security headers for HSTS, CSP, X-Frame-Options, CORS and more — export for Nginx, Apache, Express, or Next.js
4
Security Headers
2
Info Headers
0
Warnings
Strict-Transport-Security (HSTS)
Forces HTTPS for all future visits
Content-Security-Policy
Restricts resource loading sources
X-Frame-Options
Prevents clickjacking attacks
X-Content-Type-Options: nosniff
Prevents MIME-type sniffing
Referrer-Policy
Controls referrer header in requests
Permissions-Policy
Controls browser features (camera, mic, location…)
X-XSS-Protection: 1; mode=block
Legacy XSS filter (deprecated in modern browsers)
CORS Headers
Control cross-origin resource sharing
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'"; add_header X-Frame-Options "DENY"; add_header X-Content-Type-Options "nosniff"; add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header X-XSS-Protection "1; mode=block";
Continue Exploring
Other Developer Tools you might like...
JSON Formatter
Format, validate, and minify JSON data with syntax highlighting
Try Now
Base64 Encoder/Decoder
Encode text to Base64 and decode Base64 strings
Try Now
URL Encoder/Decoder
Encode and decode URL components and query strings
Try Now
UUID Generator
Generate random UUID v4 identifiers
Try Now
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text
Try Now
Regex Tester
Test and debug regular expressions with match highlighting
Try Now
JWT Decoder
Decode and inspect JWT token header and payload
Try Now
HTML Formatter
Beautify and format HTML code with proper indentation
Try Now