Security Blog

Web Security Guides & Tutorials

Learn about Content Security Policy, HTTP security headers, and best practices to protect your web applications.

February 15, 2026HeaderTest Team

HeaderTest Is Out of Beta: New Scoring, Domain History, and What's Next

HeaderTest is out of beta. Here's what changed: a new three-category scoring system, domain history pages with score trends, and a more accurate analysis engine.

February 8, 2026HeaderTest Team

Next.js + Sanity CMS: The CSP Gap and the _next/image Proxy Problem

A lot of Next.js sites using Sanity CMS ship with no CSP at all. Worse, the _next/image endpoint can become an open image proxy for cdn.sanity.io. Here's what's happening and how to lock it down.

January 13, 2026HeaderTest Team

What is Content Security Policy (CSP)? Complete Guide

A practical walkthrough of Content Security Policy — what it actually does, how browsers enforce it, and how to roll one out without breaking your site.

January 12, 2026HeaderTest Team

HTTP Security Headers Explained: Complete Checklist

The security headers that actually matter, what each one does, and copy-paste values to get you started. No fluff, just the headers you need.

January 11, 2026HeaderTest Team

How to Fix unsafe-inline in CSP: Complete Guide

unsafe-inline in your CSP basically turns off XSS protection. Here's how to get rid of it using nonces, hashes, or by refactoring your code.

January 10, 2026HeaderTest Team

Top 10 CSP Mistakes Developers Make (And How to Fix Them)

We scan thousands of CSP headers. These are the mistakes that come up over and over — and they're all fixable.

Test Your Website's Security

Use our free scanner to analyze your Content Security Policy and security headers instantly.

Scan Now - Free