# 'humble' (HTTP Headers Analyzer)
# https://github.com/rfc-st/humble/
#
# MIT License
#
# Copyright (c) 2020-2025 Rafa 'Bluesman' Faura (rafael.fcucalon@gmail.com)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

Guidelines for enabling security HTTP response headers on popular frameworks, servers and services:

[Amazon Web Services]
https://dev.to/slsbytheodo/deliver-perfect-http-security-headers-with-aws-cloudfront-4din
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example_cloudfront_functions_add_security_headers_section.html

[Angular]
https://angular.dev/best-practices/security
https://learn.microsoft.com/en-us/answers/questions/1376588/how-to-remove-unwanted-security-headers-for-my-ang

[Apache HTTP Server]
https://htaccessbook.com/important-security-headers/
https://www.adminbyaccident.com/security/how-to-harden-apache-http/
https://geekflare.com/cybersecurity/apache-web-server-hardening-security/
https://www.digitalocean.com/community/tutorials/recommended-steps-to-harden-apache-http-on-freebsd-12-0

[Cloudflare]
https://algustionesa.com/security-headers/
https://developers.cloudflare.com/workers/examples/security-headers/

[Google Cloud]
https://cloud.google.com/cdn/docs/web-security-best-practices

[LiteSpeed Web Server]
https://docs.litespeedtech.com/lsws/security-headers/

[Microsoft Azure]
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-security-headers
https://neelborghs.com/implement-security-headers-on-azure-application-gateway
https://blog.jonsdocs.org.uk/2023/09/05/azure-static-web-apps-and-http-security-headers/

[Microsoft Internet Information Services]
https://geekflare.com/cybersecurity/http-header-implementation/
https://www.ryadel.com/en/iis-web-config-secure-http-response-headers-pass-securityheaders-io-scan/
https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html

[Nginx]
https://www.acunetix.com/blog/web-security-zone/hardening-nginx/
https://www.getpagespeed.com/server-setup/nginx-security-headers-the-right-way

[Node.js]
https://blog.risingstack.com/node-js-security-checklist/
https://blog.logrocket.com/using-helmet-node-js-secure-application/
https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html

[PHP]
https://dcblog.dev/laravel-security-headers
https://benjamincrozat.com/laravel-security-best-practices
https://needlify.com/essential-symfony-security-best-practices-for-building-secure-web-applications/

[Spring]
https://www.baeldung.com/spring-security-csp
https://docs.spring.io/spring-security/reference/servlet/exploits/headers.html
https://docs.spring.io/spring-security/reference/features/exploits/headers.html

[WordPress]
https://www.wpdownloadmanager.com/http-security-headers-on-wordpress/
https://www.wpbeginner.com/beginners-guide/how-to-add-http-security-headers-in-wordpress/
