Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Securing websites with HTTP headesr

Slide for presentation from DevClub.ee (October 2016).
Covers HTTP headers related to security - old ones and modern ones like Strict -Transport-Security / Public-Key-Pins / Content Security Policy.
Also we touch on few attacks using those technologies.

  • Login to see the comments

  • Be the first to like this

Securing websites with HTTP headesr

  1. 1. Feature Chrome Edge Firefox Internet Explorer Opera Safari Servo Basic Support 1.0 (Yes) 51 8.0 13 No support (Yes) Desktop Mobile Feature Android Chrome for Android Edge Mobile Firefox for Android IE Mobile Opera Mobile Safari Mobile Basic Support (Yes) (Yes) (Yes) 51 (Yes) (Yes) No support
  2. 2. Domains 548567 "x-content-type-options" 64643 "x-frame-options" 71772 "x-xss-protection" 31404 HSTS 20113 HSTS (report only) 0 HPKP 365 HPKP (report only) 34 CSP 5833
  3. 3. 0.00% 2.00% 4.00% 6.00% 8.00% 10.00% 12.00% 14.00% 0 10000 20000 30000 40000 50000 60000 70000 80000 "x-content-type-options" "x-frame-options" "x-xss-protection" Security headers Series1 Series2
  4. 4. 0.00% 0.50% 1.00% 1.50% 2.00% 2.50% 3.00% 3.50% 4.00% 0 5000 10000 15000 20000 25000 HSTS HSTS (report only) HPKP HPKP (report only) CSP New security headers Series1 Series2

×