Knowledge-sharing: HTTP Headers

15 Mar 2023 in Workshops and Knowledge-sharing on Presenting, Software security, Knowledge-sharing, Http, Headers, Web security, Browser security

HEADING INTO THE UNKNOWN

A brief overview of Headers that we should use to ensure a better browsing experience for the user of our webpage. A demonstration of how and why using these headers are a good thing. Showing easily accessible tools such as curl to play with HTTP requests, and Scott Helmes https://securityheaders.com/ to scan for missing headers. It also contains good documentation of details regarding the different headers.

Headers and the browser
- Origin
- X-XSS-Protection
- X-Content-Type-Options
- X-Frame-Options
- Referer-Policy
- Strict-Transport-Security (HSTS)
- Permission-Policy
- Content-Security-Policy
- Content-Security-Policy Configuration options
Brief mention
- Upcoming Headers
Topics not covered
- CORS
Resources

Knowledge-sharing: HTTP Headers

HEADING INTO THE UNKNOWN

kefo.no

Error

HEADING INTO THE UNKNOWN

Templates (for web app):

Error