Complete the code to add a header that prevents browsers from loading the page in a frame.
response.headers['[1]'] = 'DENY'
The X-Frame-Options header tells browsers not to allow the page to be displayed in a frame or iframe, protecting against clickjacking attacks.
Complete the code to add a header that forces browsers to use HTTPS for all requests.
response.headers['[1]'] = 'max-age=31536000; includeSubDomains'
The Strict-Transport-Security header tells browsers to only use HTTPS for the site and its subdomains for the specified time.
Fix the error in the header that stops browsers from sniffing content types.
response.headers['X-Content-Type-Options'] = '[1]'
The correct value for X-Content-Type-Options to prevent MIME sniffing is nosniff.
Fill both blanks to add a Content Security Policy that only allows scripts from the same origin and blocks inline scripts.
response.headers['[1]'] = "script-src 'self' [2]"
The Content-Security-Policy header controls allowed sources. Using 'none' blocks inline scripts, enhancing security.
Fill both blanks to add a Referrer Policy header that sends no referrer information on cross-origin requests.
response.headers['[1]'] = '[2]'
The Referrer-Policy header controls how much referrer info is sent. no-referrer means no referrer is sent at all.