50以上のHTTPヘッダーを検索・解説。セキュリティヘッダーをビジュアルに設定して、Apache(.htaccess)またはNginx用の設定スニペットをワンクリックで生成。生のHTTPヘッダーを貼り付けて即座に解析することもできます。

50以上のHTTPヘッダーをカテゴリ別に検索できます。各ヘッダーをクリックすると説明・よく使う値・例が表示されます。
セキュリティヘッダーを選択・設定して、Apache(.htaccess)またはNginx用の設定スニペットを生成します。
  <!-- CSP -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">
      Content-Security-Policy
      <span class="hh-builder-sec-desc">— 読み込み元の制御</span>
    </div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-csp" onchange="hhBuild()">
      <label for="hh-b-csp">CSPヘッダーを有効化</label>
    </div>
    <div class="hh-field-group" id="hh-b-csp-fields" style="display:none;">
      <div class="hh-field-row">
        <span class="hh-field-label">default-src</span>
        <select class="hh-select" id="hh-csp-default" onchange="hhBuild()">
          <option value="'self'">'self'(同一オリジンのみ)</option>
          <option value="'self' 'unsafe-inline'">'self' 'unsafe-inline'</option>
          <option value="'none'">'none'(すべて禁止)</option>
          <option value="*">*(すべて許可)</option>
        </select>
      </div>
      <div class="hh-field-row">
        <span class="hh-field-label">script-src</span>
        <input type="text" class="hh-input" id="hh-csp-script" placeholder="'self'(空白でdefault-srcを継承)" oninput="hhBuild()">
      </div>
      <div class="hh-field-row">
        <span class="hh-field-label">style-src</span>
        <input type="text" class="hh-input" id="hh-csp-style" placeholder="'self'(空白でdefault-srcを継承)" oninput="hhBuild()">
      </div>
      <div class="hh-field-row">
        <span class="hh-field-label">img-src</span>
        <input type="text" class="hh-input" id="hh-csp-img" placeholder="'self' data:(空白で継承)" oninput="hhBuild()">
      </div>
      <div class="hh-field-row">
        <span class="hh-field-label">frame-src</span>
        <input type="text" class="hh-input" id="hh-csp-frame" placeholder="'none'(空白で継承)" oninput="hhBuild()">
      </div>
    </div>
  </div>

  <!-- HSTS -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">Strict-Transport-Security <span class="hh-builder-sec-desc">— HTTPS強制</span></div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-hsts" onchange="hhBuild()" checked>
      <label for="hh-b-hsts">HSTSを有効化</label>
    </div>
    <div class="hh-field-group">
      <div class="hh-field-row">
        <span class="hh-field-label">max-age</span>
        <select class="hh-select" id="hh-hsts-age" onchange="hhBuild()" style="max-width:240px;">
          <option value="2592000">30日(2592000秒)</option>
          <option value="15552000">6ヶ月(15552000秒)</option>
          <option value="31536000" selected>1年(31536000秒)</option>
        </select>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-hsts-sub" onchange="hhBuild()" checked>
        <label for="hh-hsts-sub">includeSubDomains(サブドメインも対象)</label>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-hsts-pre" onchange="hhBuild()">
        <label for="hh-hsts-pre">preload(HSTPSプリロードリストへ登録)</label>
      </div>
    </div>
  </div>

  <!-- X-Frame-Options -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">X-Frame-Options <span class="hh-builder-sec-desc">— クリックジャッキング対策</span></div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-xframe" onchange="hhBuild()" checked>
      <label for="hh-b-xframe">X-Frame-Optionsを有効化</label>
    </div>
    <div class="hh-field-group">
      <div class="hh-field-row">
        <span class="hh-field-label">値</span>
        <select class="hh-select" id="hh-xframe-val" onchange="hhBuild()" style="max-width:240px;">
          <option value="SAMEORIGIN" selected>SAMEORIGIN(同一オリジンのみ許可)</option>
          <option value="DENY">DENY(すべて禁止)</option>
        </select>
      </div>
    </div>
  </div>

  <!-- X-Content-Type-Options -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">X-Content-Type-Options <span class="hh-builder-sec-desc">— MIMEスニッフィング防止</span></div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-xcto" onchange="hhBuild()" checked>
      <label for="hh-b-xcto">有効化(常に nosniff)</label>
    </div>
  </div>

  <!-- Referrer-Policy -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">Referrer-Policy <span class="hh-builder-sec-desc">— リファラー情報の制御</span></div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-rp" onchange="hhBuild()" checked>
      <label for="hh-b-rp">Referrer-Policyを有効化</label>
    </div>
    <div class="hh-field-group">
      <div class="hh-field-row">
        <span class="hh-field-label">ポリシー</span>
        <select class="hh-select" id="hh-rp-val" onchange="hhBuild()">
          <option value="no-referrer">no-referrer(送信しない)</option>
          <option value="no-referrer-when-downgrade">no-referrer-when-downgrade</option>
          <option value="strict-origin-when-cross-origin" selected>strict-origin-when-cross-origin(推奨)</option>
          <option value="same-origin">same-origin(同一オリジンのみ)</option>
          <option value="origin">origin</option>
        </select>
      </div>
    </div>
  </div>

  <!-- Permissions-Policy -->
  <div class="hh-builder-section">
    <div class="hh-builder-sec-head">Permissions-Policy <span class="hh-builder-sec-desc">— ブラウザ機能の制御</span></div>
    <div class="hh-enable-row">
      <input type="checkbox" id="hh-b-pp" onchange="hhBuild()">
      <label for="hh-b-pp">Permissions-Policyを有効化</label>
    </div>
    <div class="hh-field-group" id="hh-b-pp-fields" style="display:none;">
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-pp-cam" onchange="hhBuild()" checked>
        <label for="hh-pp-cam">camera=()(カメラを無効化)</label>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-pp-mic" onchange="hhBuild()" checked>
        <label for="hh-pp-mic">microphone=()(マイクを無効化)</label>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-pp-geo" onchange="hhBuild()" checked>
        <label for="hh-pp-geo">geolocation=()(位置情報を無効化)</label>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-pp-pay" onchange="hhBuild()">
        <label for="hh-pp-pay">payment=()(決済APIを無効化)</label>
      </div>
      <div class="hh-enable-row" style="padding:0;border:none;">
        <input type="checkbox" id="hh-pp-usb" onchange="hhBuild()">
        <label for="hh-pp-usb">usb=()(USBを無効化)</label>
      </div>
    </div>
  </div>

</div><!-- /.hh-builder-left -->

<div class="hh-builder-right">
  <div class="hh-out-box">
    <div class="hh-out-topbar">
      <span class="hh-out-label">生成された設定</span>
      <div class="hh-out-actions">
        <div class="hh-format-btns">
          <button class="hh-format-btn hh-fmt-active" id="hh-fmt-apache" onclick="hhSetFmt('apache')">Apache</button>
          <button class="hh-format-btn" id="hh-fmt-nginx" onclick="hhSetFmt('nginx')">Nginx</button>
        </div>
        <button class="hh-copy-btn" id="hh-build-copy" onclick="hhCopyBuild()">コピー</button>
      </div>
    </div>
    <pre class="hh-out-code" id="hh-build-out"></pre>
  </div>
</div>
HTTPレスポンスヘッダーを貼り付けて「解析」をクリックすると、各ヘッダーの意味を日本語で確認できます。