# Headers

The Headers section allows you to monitor all the response headers that were sent by your web servers.

## Use Cases

* **View which web applications are using secure response headers.** Secure response headers protect users of the site by mitigating many common forms of web-based attacks, such as cross-site scripting (XSS), clickjacking, and others.

## Detection

During the scanning process, we catalog all HTTP response headers that are returned when we issue queries.

## Risk

Risk is assigned by verifying that critical headers are being sent by the target web application.

* **High** (<mark style="color:red;">●</mark> Red): None currently.
* **Medium** (<mark style="color:yellow;">●</mark> Yellow): Targets are missing some important headers. The headers we consider important are:
  * Content-Security-Policy
  * Strict-Transport-Security
  * X-Frame-Options
  * X-Content-Type-Options
  * Referrer-Policy
* **Low** (<mark style="color:green;">●</mark> Green): No significant risks are associated with the headers.

Headers rated **Medium** risk will create [issues](https://docs.halosecurity.com/docs/platform/issues).

{% hint style="info" %}
We recommend fixing **Medium** risk issues.
{% endhint %}

## Reports

Headers can be monitored for changes by toggling their monitor status on the [List](https://app.halosecurity.com/user/security/website/script/list) page. If a change is detected it will trigger a `website-header-monitor-change` event so you can be immediately notified.

Learn more about events at:

{% content-ref url="../events" %}
[events](https://docs.halosecurity.com/docs/platform/events)
{% endcontent-ref %}

## Pages

* [Overview](https://app.halosecurity.com/user/security/website/header/): Risk rating and metrics on secure response headers found.
* [Summary](https://app.halosecurity.com/user/security/website/header/summary): Summary by Target of secure response headers.
* [List](https://app.halosecurity.com/user/security/website/header/list): List of Targets and every header/value collected. Toggle monitor status of headers.
* [Missing](https://app.halosecurity.com/user/security/website/header/missing): Allows you to search for missing headers by name or value.
* [Changes](https://app.halosecurity.com/user/security/website/header/changes): Displays changes between current and prior scans when a header is found or no longer found, or the value is different.