Overview
Syllabus
Intro
Audience
What are HTTP Headers?
What are HTTP Security Headers?
HTTP Strict Transport Security (HSTS)
Without HSTS
What's the issue?
What can happen?
With HSTS
HSTS Options
HSTS Preload List
HSTS Gotchas
HSTS Impact of Retrofitting on Existing A
Quick word on HTTPS
Cross-Site Scripting (XSS)
XSS Final Note
Content Security Policy (CSP) Options
CSP Impacting of Retrofitting to Existing
Browser Sniffing Protection X-Content-Type
XCTO Impact of Retrofitting to Existing AS
Referer Header background
and even JIRA/Confluence/OWA
Referrer-Policy
Feature-Policy Is Experimental
How do I test my website?
Takeaways
Resources
Taught by
NDC Conferences