I am starting a series of postings that will focus on common security related HTTP headers such as:
- Strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- And several others...
My purpose for this is to communicate the risk associated with not implementing each one, why they matter and show some real-world scenarios centered around each of these headers. The first posting will be focused on X-Frame-Options and Clickjacking; I hope to have it written and posted in the next couple of weeks. Stay tuned.