Headers.pptx

•Download as PPTX, PDF•

0 likes•16 views

Naor Tedgi

Http Headers Etag ,Keep-alive and security headers Demo

Software

DEMAND HEADERS
By Naor Tedgi (Abu Emma)
@ntedgi

• Headers are part of HTTPprotocols
• Existon any client request
• Existon any server response
The response alters how the site is responding and how the
browser render the site

1)(Response) X-Powered-By:Express
http://netinfo.link/http/header/x-powered-by.html
•PHP/5.4.45-4+deprecated+dontuse+deb.sury.org~precise+1

2)(Response) Server
https://httpd.apache.org/security/vulnerabilities_24.html
Something you want toremove!

Remove Hedear:
app.disable( ‘X-powered-by’ );
app.use(function (req, res, next) {
res.removeHeader("X-Powered-By");
next();
});
SetHeader:
res.setHeader( 'X-Powered-By', 'Awesome App v0.0.1');
Add OrRemove Headers in Express:

1)Etag: HTTP response header is an identifier for a
specific version of a resource. It lets caches be
more efficient and save bandwidth, as a web
server does not need to resend a full response if
the content was not changed
2) Cache-Policy: public, maxage=31536000

4)(Response) Keep Alive
The HTTP keep-alive header maintains a connection between a client
and your server, reducing the time needed to serve files. A persistent
connection also reduces the number of TCP and SSL/TLS connection
requests, leading to a drop in round trip time (RTT).

5)(Response) ELB Headers
https://docs.aws.amazon.com/elasticloadb
alancing/latest/classic/x-forwarded-
headers.html

More Example:
XSS X-XSS-Protection
CSRF
HSTS

Further reading:
https://www.imperva.com/learn/performanc
e/http-keep-alive/
http://netinfo.link/http/header/x-powered-by.html
https://httpd.apache.org/security/vulnerabilities_24.html
https://cheatsheetseries.owasp.org/cheats
heets/Cross-
Site_Request_Forgery_Prevention_Cheat_
Sheet.html

HAPPY CODING ..
HTTPS://GITHUB.COM/NTEDGI/DEMAND-TECHTALKS

Similar to Headers.pptx

Clojure and the Web

nickmbailey

Universal JavaScript

名辰洪

Dynamic content generation

Eleonora Ciceri

Implementing Early Hints in Chrome - Approaches and Challenges

Viet-Hoang Tran

Day02 a pi.

ABDEL RAHMAN KARIM

Performance tuning with zend framework

Alan Seiden

My Saminar On Php

Arjun Kumawat

Building and Scaling Node.js Applications

Ohad Kravchick

Introduction to Node.js

Richard Lee

An Introduction to Tornado

Gavin Roy

HTML5 is still evolving and, naturally, APEX cannot yet support all the new functionality declaratively. This doesn’t mean you cannot use new advanced HTML5 features and API’s in your application. In my session, I will explain and demonstrate 5 HTML5 functionalities that can add valuable functionality to your APEX application and how to (easily) integrate them in APEX. In this session I will explain and demonstrate 5 HTML5 elements and API’s and how to integrate those in an Oracle Application Express application. The selected features are not declaratively supported by Application Express (yet) but can add functionality that improves functionality and user experience.

5 x HTML5 worth using in APEX (5)

Christian Rokitta

Running php on nginx

Harald Zeitlhofer

Using Ajax In Domino Web Applications

dominion

Building Web Apps with Express

Aaron Stannard

Nginx: Accelerate Rails, HTTP Tricks

Adam Wiggins

Writing robust Node.js applications

Tom Croucher

Andrei shakirin rest_cxf

Aravindharamanan S

Android is now the most popular software platform in the world and millions of people use it in their everyday life. One of the largest challenges for application developers is how to make their applications consume as little network and battery as possible. Although the Android platform has improved a lot over the years, there are still lots of things that developers need to think about. In this session, Erik goes through the different choices and what they will mean to your application. Learn about the latest protocols, Android platform tricks and how to get the most out of an Android device without draining its battery.

ITT 2014 - Erik Hellmann - Android Programming - Smarter and Better Networking

Istanbul Tech Talks

Middleware in Asp.Net Core

Shahriar Hossain

DjangoCon 2010 Scaling Disqus

zeeg

Similar to Headers.pptx (20)

Clojure and the Web

Universal JavaScript

Dynamic content generation

Implementing Early Hints in Chrome - Approaches and Challenges

Day02 a pi.

Performance tuning with zend framework

My Saminar On Php

Building and Scaling Node.js Applications

Introduction to Node.js

An Introduction to Tornado

5 x HTML5 worth using in APEX (5)

Running php on nginx

Using Ajax In Domino Web Applications

Building Web Apps with Express

Nginx: Accelerate Rails, HTTP Tricks

Writing robust Node.js applications

Andrei shakirin rest_cxf

ITT 2014 - Erik Hellmann - Android Programming - Smarter and Better Networking

Middleware in Asp.Net Core

DjangoCon 2010 Scaling Disqus

Recently uploaded

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

Jittipong Loespradit

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

Artyushina_Guest lecture_YorkU CS May 2024.pptx

AnnaArtyushina1

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

masabamasaba

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

masabamasaba

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

masabamasaba

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

Recently uploaded (20)

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

8257 interfacing 2 in microprocessor for btech students

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

Microsoft AI Transformation Partner Playbook.pdf

Artyushina_Guest lecture_YorkU CS May 2024.pptx

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

Architecture decision records - How not to get lost in the past

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

WSO2CON 2024 - Does Open Source Still Matter?

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

%in Soweto+277-882-255-28 abortion pills for sale in soweto

Headers.pptx

1. DEMAND HEADERS By Naor Tedgi (Abu Emma) @ntedgi

2. • Headers are part of HTTPprotocols • Existon any client request • Existon any server response The response alters how the site is responding and how the browser render the site

4. Where did they come from?

5. 1)(Response) X-Powered-By:Express http://netinfo.link/http/header/x-powered-by.html •PHP/5.4.45-4+deprecated+dontuse+deb.sury.org~precise+1

6. 2)(Response) Server https://httpd.apache.org/security/vulnerabilities_24.html Something you want toremove!

7. Remove Hedear: app.disable( ‘X-powered-by’ ); app.use(function (req, res, next) { res.removeHeader("X-Powered-By"); next(); }); SetHeader: res.setHeader( 'X-Powered-By', 'Awesome App v0.0.1'); Add OrRemove Headers in Express:

8. 1)Etag: HTTP response header is an identifier for a specific version of a resource. It lets caches be more efficient and save bandwidth, as a web server does not need to resend a full response if the content was not changed 2) Cache-Policy: public, maxage=31536000

9. 4)(Response) Keep Alive The HTTP keep-alive header maintains a connection between a client and your server, reducing the time needed to serve files. A persistent connection also reduces the number of TCP and SSL/TLS connection requests, leading to a drop in round trip time (RTT).

10. 4)(Response) Keep Alive

11. 5)(Response) ELB Headers https://docs.aws.amazon.com/elasticloadb alancing/latest/classic/x-forwarded- headers.html

12. 6)(Response) CDN

13. 7) x-correlation-id

14. Simple Header huge impact

15. Clickjacking

16. Block SSL Strip attack

17. More Example: XSS X-XSS-Protection CSRF HSTS

18. Further reading: https://www.imperva.com/learn/performanc e/http-keep-alive/ http://netinfo.link/http/header/x-powered-by.html https://httpd.apache.org/security/vulnerabilities_24.html https://cheatsheetseries.owasp.org/cheats heets/Cross- Site_Request_Forgery_Prevention_Cheat_ Sheet.html

19. HAPPY CODING .. HTTPS://GITHUB.COM/NTEDGI/DEMAND-TECHTALKS

Editor's Notes

'if-none-match': 'W/"f-QA9d7/mObwj2tWS69KgCPjeQMSI"'Note : First req 200 second 304
Notest:AB demo Long pulling from UIELB also Keep Connection Open RISK!Reminder AsyncWrapper and to many connection!!
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI
AB demo Long pulling from UI

Headers.pptx

Recommended

Recommended

More Related Content

Similar to Headers.pptx

Similar to Headers.pptx (20)

Recently uploaded

Recently uploaded (20)

Headers.pptx

Editor's Notes