hsts
Safeguard articles tagged "hsts" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Implementing HSTS correctly in Node.js and Express
HSTS has one header and three flags, yet a misconfigured includeSubDomains or a premature preload submission can take a domain offline for months.
A practical guide to HTTP security headers: CSP, HSTS, and beyond
A misconfigured checkout page let attackers skim 380,000+ card payments from British Airways in 2018. Here's how CSP, HSTS, and frame-ancestors actually stop attacks like that.
HTTP Security Headers Explained (2026)
HTTP security headers are the cheapest defense-in-depth you can ship. Here is what each one does, the values to set in 2026, and how to verify they are actually present.
Security Headers Implementation Checklist: Hardening Your Web Application
HTTP security headers are your first line of defense against XSS, clickjacking, and data injection attacks. Here is a practical implementation checklist with correct configurations.