Security / Quiz
The Security Headers Checklist
HSTS, X-Content-Type-Options, frame protection, CSP, and Referrer-Policy, the response headers that harden a site.
- Difficulty
- Easy
- Format
- Quiz
- Points
- 100
- Estimate
- 8 min
// MISSION BRIEF
Your Mission
A handful of response headers turn off whole classes of attack. This quiz covers HSTS, nosniff, clickjacking protection, CSP, and Referrer-Policy, what each does and how to check they are present in CI.
// FIRST CONTACT
Battle teaser
Strict-Transport-Security (HSTS) does what?
- AForces browsers to use HTTPS for the domain, preventing protocol-downgrade / SSL-strip attacks
- BEncrypts cookies at rest
- CCompresses responses
- DBlocks cross-origin requests
Answers, scoring, hints, and the full battle stay sealed.
// SKILL TAGS
securityheadershstscsp