Security

January 9, 2021

HTTP Content Security Policy

HTTP Content Security Policy HTTP response headers help Web documents identify the valid sources to load various objects from like javascript, CSS files, etc. It is commonly denoted by CSP and has 3 versions as of now. Apart from response header, this policy can also be defined in meta, the reference link on how to do that is provided in the end.

Read More
April 14, 2020

CORS

Any one with a little experience in web development or web security have heard of CORS (Cross Origin Resource Sharing). This is the most fundamental security header setup these days and is intended to restrict/allow resource sharing across different domains.

Read More
April 14, 2020

Except-CT

Except-CT, where CT stands for certificate Transparency, is a new security header which replaces the HPKP (HTTP Public Key Pinning) and enables websites to opt in to enforce-CT framework. OK, too much in one line, lets break it down:

Read More
April 14, 2020

X-XSS-Protection

We know that inline javascript code execution causes XSS (i.e. cross site scripting), hence to fight this at browser level X-XSS-Protection header was introduced. This header is enabled by default on browsers chrome, IE and safari but to enforce it its better to enabled it. Firefox does not support this HTTP header as it makes use of CSP (Content Security Policy) to provide protection. This header will be replaced...

Read More
RSS