HttpArmor | The Ultimate HTTP Security Header Generator

Load Preset

Generated Configuration

Content-Security-Policy

default-src'i'

script-src'i'

style-src'i'

img-src'i'

object-src'i'

frame-ancestors'i'

base-uri'i'

Permissions-Policy

accelerometer'i'

ambient-light-sensor'i'

attribution-reporting'i'

autoplay'i'

bluetooth'i'

Browse-topics'i'

camera'i'

compute-pressure'i'

cross-origin-isolated'i'

display-capture'i'

encrypted-media'i'

fullscreen'i'

gamepad'i'

geolocation'i'

gyroscope'i'

hid'i'

identity-credentials-get'i'

idle-detection'i'

local-fonts'i'

magnetometer'i'

microphone'i'

midi'i'

otp-credentials'i'

payment'i'

picture-in-picture'i'

publickey-credentials-create'i'

publickey-credentials-get'i'

screen-wake-lock'i'

serial'i'

speaker-selection'i'

storage-access'i'

usb'i'

web-share'i'

window-management'i'

xr-spatial-tracking'i'

Cross-Origin Policies

Cross-Origin-Opener-Policy'i'

Cross-Origin-Embedder-Policy'i'

Cross-Origin-Resource-Policy'i'

Strict-Transport-Security

max-age (seconds)'i'

includeSubDomains'i'

General & Legacy Headers

X-Content-Type-Options'i'

X-Frame-Options'i'

Referrer-Policy'i'

Cache-Control'i'