HTTP Secure Headers list

According to OWASP Secure Headers Project this are the secure headers every web page should have:

  • HTTP Strict Transport Security (HSTS)
  • Public Key Pinning Extension for HTTP (HPKP)
  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Content-Security-Policy
  • X-Permitted-Cross-Domain-Policies
  • Referrer-Policy
  • Expect-CT
  • Feature-Policy

So I wanted to put them here in order to have a list to remember when doing checks