Thursday, March 31, 2016

Security Headers Part 0

I am starting a series of postings that will focus on common security related HTTP headers such as:

  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Frame-Options
  • And several others...
My purpose for this is to communicate the risk associated with not implementing each one, why they matter and show some real-world scenarios centered around each of these headers.  The first posting will be focused on X-Frame-Options and Clickjacking; I hope to have it written and posted in the next couple of weeks. Stay tuned.