Security / Quiz

The Security Headers Checklist

HSTS, X-Content-Type-Options, frame protection, CSP, and Referrer-Policy, the response headers that harden a site.

Difficulty
Easy
Format
Quiz
Points
100
Estimate
8 min

// MISSION BRIEF

Your Mission

A handful of response headers turn off whole classes of attack. This quiz covers HSTS, nosniff, clickjacking protection, CSP, and Referrer-Policy, what each does and how to check they are present in CI.

// FIRST CONTACT

Battle teaser

Strict-Transport-Security (HSTS) does what?

  1. AForces browsers to use HTTPS for the domain, preventing protocol-downgrade / SSL-strip attacks
  2. BEncrypts cookies at rest
  3. CCompresses responses
  4. DBlocks cross-origin requests
Answers, scoring, hints, and the full battle stay sealed.

// SKILL TAGS

securityheadershstscsp