⚡ Security · Client-side · No data sent to server

Security Headers Generator

Generate the common HTTP security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy) for Apache or Nginx. Pick your settings and copy a block you can paste straight into your config.

Server

Strict-Transport-Security (HSTS)

Other headers

.htaccess 
 Copied 
 
 
 
  
Test before you trust HSTS. A long HSTS max-age locks browsers to HTTPS, so confirm your certificate and every subdomain work first. A Content-Security-Policy is powerful but site-specific; build one with our dedicated CSP tool. Headers are generated in your browser.
 
    
  
 
Related security tools
 
  Password Generator Generate strong, random passwords with custom rules.  Hash Generator Create MD5, SHA-1, SHA-256, and SHA-512 hashes from text.  Password Strength Checker Check how strong a password is and why.  CSP Builder Build a Content-Security-Policy header with a guided form.  CORS Header Validator Check CORS settings and spot common misconfigurations.  Bcrypt Generator & Verifier Generate and verify bcrypt password hashes.