# Headers

The Headers section allows you to monitor all the response headers that were sent by your web servers.

## Use Cases

* **View which web applications are using secure response headers.** Secure response headers protect users of the site by mitigating many common forms of web-based attacks, such as cross-site scripting (XSS), clickjacking, and others.

## Detection

During the scanning process, we catalog all HTTP response headers that are returned when we issue queries.

## Risk

Risk is assigned by verifying that critical headers are being sent by the target web application.

* **High** (<mark style="color:red;">●</mark> Red): None currently.
* **Medium** (<mark style="color:yellow;">●</mark> Yellow): Targets are missing some important headers. The headers we consider important are:
  * Content-Security-Policy
  * Strict-Transport-Security
  * X-Frame-Options
  * X-Content-Type-Options
  * Referrer-Policy
* **Low** (<mark style="color:green;">●</mark> Green): No significant risks are associated with the headers.

Headers rated **Medium** risk will create [issues](/docs/platform/issues.md).

{% hint style="info" %}
We recommend fixing **Medium** risk issues.
{% endhint %}

## Reports

Headers can be monitored for changes by toggling their monitor status on the [List](https://app.halosecurity.com/user/security/website/script/list) page. If a change is detected it will trigger a `website-header-monitor-change` event so you can be immediately notified.

Learn more about events at:

{% content-ref url="/pages/MtggX3t55b2BwW9thVOd" %}
[Events](/docs/platform/events.md)
{% endcontent-ref %}

## Pages

* [Overview](https://app.halosecurity.com/user/security/website/header/): Risk rating and metrics on secure response headers found.
* [Summary](https://app.halosecurity.com/user/security/website/header/summary): Summary by Target of secure response headers.
* [List](https://app.halosecurity.com/user/security/website/header/list): List of Targets and every header/value collected. Toggle monitor status of headers.
* [Missing](https://app.halosecurity.com/user/security/website/header/missing): Allows you to search for missing headers by name or value.
* [Changes](https://app.halosecurity.com/user/security/website/header/changes): Displays changes between current and prior scans when a header is found or no longer found, or the value is different.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.halosecurity.com/docs/platform/websites/headers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.