Apart from response header, this policy can also be defined in meta, the reference link on how to do that is provided in the end.
Continue reading “HTTP Content Security Policy”
In the previous blog we discussed about what chaos engineering is. And in this part we will go through how to plan and implement it.
While planning for the testing keep following things in the mind:
Continue reading “Chaos Engineering-Part 2(in-progress)”
Any one with a little experience in web development or web security have heard of CORS (Cross Origin Resource Sharing). This is the most fundamental security header setup these days and is intended to restrict/allow resource sharing across different domains.
Continue reading “CORS”
Except-CT, where CT stands for certificate Transparency, is a new security header which replaces the HPKP (HTTP Public Key Pinning) and enables websites to opt in to enforce-CT framework. OK, too much in one line, lets break it down:
Continue reading “Except-CT”
Continue reading “X-XSS-Protection”