Browser directives

All the modern browsers (Chrome, Firefox, Safari, Microsoft IE / Edge, etc) bundle native protections against the most common threats on the client side. Those protections are set through regular HTTP headers on the server side. They control risky parts of your application like iFrame rendering or when a referrer is passed to subsequent pages.

Sqreen helps you configure and deploy the most relevant security headers and protect your SPA against the riskiest vulnerabilities:

  • Cross-site scripting with the X-XSS-Protection header and a Content Security Policy (CSP).
  • Clickjacking with the X-Frame-Options header.
  • Referrer leaking the X-Referrer-Policy header.
  • Arbitrary content upload with the X-Content-Type-Options header.

Learn more about each header and the Content Security Policy (CSP) here.