You must have encountered the following image when using screaming frog.
Many websites do not have these parameters when crawling by screaming frog.
One of the most important issues for search engines is security.
2. HTTP Strict Transport Security
HTTP StrictTransport Security response header forces a user to use the
HTTPS connection for all of the assets of the web page.
Header values
– max-age
– includeSubDomains
– Preload
Strict-Transport-Security: max-age=31536000; includeSubDomains
Example:
Mohammad Hossein Rouhani
4. X-Frame Options
The X-frame-options security-related response header prevents a third
party to render the content of the website within the iframe for another
website.
Header values
– Sameorigin
– Allow-from
– Deny
X-Frame Options: DENY
Example:
Mohammad Hossein Rouhani
6. X-XSS-Protection
It is used to prevent XSS (Cross-site Scripting) attacks. Cross-site
Scripting is injecting harmful JavaScript codes into the JS Files of the
website to gather the information related to the website users.
Header values
– “1”: “1”
– “0”: “0”
– “1;mode=block”
X-XSS-Protection: 1; mode=block
Example:
Mohammad Hossein Rouhani
8. X-Content-Type-Options
X-Content-Type-Options is a security-related response header to
protect the web users and websites against the Multipurpose Internet
Mail Extensions (MIME) type confusion attacks
X-Content-Type-Options: nosniff
Example:
Mohammad Hossein Rouhani
9. Content-Security-Policy
Content Security Policy (CSP) is a defense response header against the
XSS Attacks and Clickjacking. CSP is a detailed security-related policy
protocol for websites.
Content-Security-Policy: default-src 'self' https://holisticseo.digital;
connect-src 'none';
Example:
Mohammad Hossein Rouhani
11. Referrer Policy
The referrer policy response header protects the domain information
during a click event for a new domain. Referrer-Policy determines what
information related to the referrer domain will be shared.
<meta name="referrer" content="origin">
Example:
Mohammad Hossein Rouhani
Header values
• no-referrer”,
• “no-referrer-when-downgrade”,
• “origin”,
• “origin-when-cross-origin”,
• “same-origin”,
• “strict-origin”,
• “strict-origin-when-cross-origin”, “unsafe-url”
13. Feature Policy
Feature policy is a similar security-related HTTP response header to the
permissions policy.The main difference between the feature policy and
the permissions policy response headers is that the feature policy is
valid for only the website’s own content, and frame while the
permissions policy can be effective for all of the websites.
Feature-Policy: autoplay 'none’
Feature-Policy : geolocation="https://google-developers.appspot.com"
Example:
Mohammad Hossein Rouhani
14. Expect-CT
Expect-CT HTTP Header is to make a website to use Certificate
Transparency requirements. If a website uses a misused certificate, it
will be reported to the report URI.
Header values
• Report-uri
• Max-age
• enforce
Expect-CT: max-age=86400, enforce, report-
uri="https://report.example/"
Example:
Mohammad Hossein Rouhani
15. Clear-Site-Data
If a web user logs out from the website, a website can clear all of the
related cookies, and caches for the related website via a log-out web
page. Clear-site-data is helpful for web developers to control the cache,
cookies, and storage of the website within the devices and web
browsers of the users.
Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"
Example:
Mohammad Hossein Rouhani
Header values
• Cache
• ExecutionContexts
• Cookies
• Storage
• localStorage
• *
16. Cross-Origin-Embedder-Policy
Cross-Origin-Embedder-Policy (COEP) response header is to prevent an
HTML Document to load a cross-origin resource without the document
permission. Cross-Origin-Embedder-Policy security response header
has two directives.
Header values
• require-corp
• same-origin
Cross-Origin-Embedder-Policy: require-corp
Example:
Mohammad Hossein Rouhani
18. Cross-Origin-Opener-Policy
A web browser can group different windows within the same browsing
context. A document can make a request to the previous document’s
resources if the second document is opened via the first document.
Thus, using the noreferrer, and nopeener is important in the same
context.
Cross-Origin-Opener-Policy: same-origin
Example:
Mohammad Hossein Rouhani
Header values
• “unsafe-origin”,
• “same-origin-allow-popups”,
• “same-origin”
20. Cross-Origin-Resource-Policy
The Cross-Origin-Resource policy has three directives.The directives of
the Cross-Origin-Resource-Policy Security Header are “same-site”,
“same-origin”, “cross-origin”.These directives can be used to make a
certain type of resource to be used within the same website, same
origin, or the cross-origins.
Cross-Origin-Opener-Policy: same-origin
Example:
Mohammad Hossein Rouhani
Header values
• “unsafe-origin”,
• “same-origin-allow-popups”,
• “same-origin”