Home Web Security Archive for HTTP Headers
Blog Archives

A Twisted Tale of Web Security: Clickjacking and X-Frame-Options

Posted on March 5, 2016 by Jim Downey Leave a comment

I don’t use frames. So I’m safe, right? With our focus on cranking out functionality, it’s easy to overlook the security implication of frames, especially if we’re building an application that doesn’t use frames. However, clickjacking is a serious security

Read more ›

Posted in Content Security Policy, HTTP Headers, X-Frame-Options

Start Secure: HTTP Secure Transport Security

Posted on January 26, 2016 by Jim Downey Leave a comment

As an experiment, please take a moment to type your bank’s URL into a browser. If you are anything like the vast majority of users, you wrote the URL without specifying the protocol scheme, that is you typed mybank.com rather

Read more ›

Posted in HTTP Headers, Web Security

Content Security Policy: What are We Waiting For?

Posted on January 17, 2016 by Jim Downey Leave a comment

The Web Application Security Working Group of the W3C has created a standard for web security called Content Security Policy (CSP). Currently on version two with a version three in the works, CSP has been implemented by the majority of

Read more ›

Posted in HTTP Headers, Web Security