Knowledge-sharing: HTTP Headers

HEADING INTO THE UNKNOWN

A brief overview of Headers that we should use to ensure a better browsing experience for the user of our webpage. A demonstration of how and why using these headers are a good thing. Showing easily accessible tools such as curl to play with HTTP requests, and Scott Helmes https://securityheaders.com/ to scan for missing headers. It also contains good documentation of details regarding the different headers.

  • Headers and the browser
    • Origin
    • X-XSS-Protection
    • X-Content-Type-Options
    • X-Frame-Options
    • Referer-Policy
    • Strict-Transport-Security (HSTS)
    • Permission-Policy
    • Content-Security-Policy
    • Content-Security-Policy Configuration options
  • Brief mention
    • Upcoming Headers
  • Topics not covered
    • CORS
  • Resources