Learn
Web security checks, explained.
What we check, why it matters, and how Barrion runs each check. Use these guides to understand your scan results and to look up TLS, headers, cookies, CORS, email, and more.
TLS configuration and monitoring guide
What TLS security is, why it matters for web apps, and how Barrion checks TLS configuration, protocols, and certificates. Passive, production-safe.
Security header monitoring guide
What HTTP security headers are, why they matter, and how Barrion monitors CSP, HSTS, X-Frame-Options, and more. Step-by-step fix guides.
Secure cookies: Secure, HttpOnly, SameSite reference
What cookie security attributes are (Secure, HttpOnly, SameSite), why they matter, and how Barrion checks Set-Cookie headers. Fix insecure cookies.
Mixed content on HTTPS: detection and fix
What mixed content is, why it weakens HTTPS, and how Barrion detects HTTP resources on HTTPS pages. Fix mixed content with step-by-step guides.
CORS and cross-origin security monitoring
What CORS is, why misconfiguration matters, and how Barrion checks Access-Control-Allow-Origin and related headers. Secure cross-origin requests.
Email domain security (SPF, DKIM, DMARC) monitoring
What SPF, DKIM, and DMARC are, why they matter for email security, and how Barrion checks your domain's email configuration.
TLS certificate validity and expiry monitoring
Why certificate validity and expiry matter, and how Barrion monitors certificate expiry and hostname match. Avoid outages from expired certs.
Clickjacking protection (X-Frame-Options, frame-ancestors)
What clickjacking is, how X-Frame-Options and CSP frame-ancestors prevent it, and how Barrion checks your configuration.
Content Security Policy (CSP) monitoring guide
What CSP is, why it matters for XSS and injection, and how Barrion checks your Content-Security-Policy header. Fix missing or weak CSP.
How to suppress Server and X-Powered-By headers
What server information disclosure is, why it matters, and how Barrion detects headers that leak server or platform details.
Referrer-Policy: a practical reference
What Referrer-Policy is, why it matters for privacy and leakage, and how Barrion checks your Referrer-Policy header.
Permissions-Policy: how to lock down browser features
What Permissions-Policy is, why it matters for browser features and APIs, and how Barrion checks your Permissions-Policy header.
X-Content-Type-Options: nosniff in 5 minutes
What X-Content-Type-Options nosniff is, why it prevents MIME sniffing attacks, and how Barrion checks your configuration.
HSTS: how to enable Strict-Transport-Security safely
What HSTS is, why it prevents downgrade attacks, and how Barrion checks your Strict-Transport-Security header. Enable HSTS step by step.
CAA DNS records: how to restrict certificate issuance
What CAA DNS records are, why they limit which CAs can issue certs for your domain, and how Barrion checks your CAA configuration.
SameSite cookies: Lax, Strict, None explained
What SameSite=Lax/Strict/None mean, what changed with Chrome 80, and how to choose the right value. Stop CSRF without breaking SSO.
See what applies to your site.
Run a free security scan to find which of these checks fail on your domain, with step-by-step fixes.