Tag
http-headers
Safeguard articles tagged "http-headers" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Application Security
Implementing HSTS correctly in Node.js and Express
HSTS has one header and three flags, yet a misconfigured includeSubDomains or a premature preload submission can take a domain offline for months.
Jul 15, 20266 min read
Application Security
Web cache poisoning: attack mechanics and prevention
A 2024 academic scan of the Tranco Top 1000 domains found roughly 17% vulnerable to web cache poisoning — here's how the attack works and how to stop it at the edge.
Jul 8, 20266 min read
Web Security
Security Headers Implementation Checklist: Hardening Your Web Application
HTTP security headers are your first line of defense against XSS, clickjacking, and data injection attacks. Here is a practical implementation checklist with correct configurations.
Jun 5, 20225 min read