Knowledge-sharing: HTTP Headers


A brief overview of Headers that we should use to ensure a better browsing experience for the user of our webpage. A demonstration of how and why using these headers are a good thing. Showing easily accessible tools such as curl to play with HTTP requests, and Scott Helmes to scan for missing headers. It also contains good documentation of details regarding the different headers.

  • Headers and the browser
    • Origin
    • X-XSS-Protection
    • X-Content-Type-Options
    • X-Frame-Options
    • Referer-Policy
    • Strict-Transport-Security (HSTS)
    • Permission-Policy
    • Content-Security-Policy
    • Content-Security-Policy Configuration options
  • Brief mention
    • Upcoming Headers
  • Topics not covered
    • CORS
  • Resources