Security: Purely a matter of the head(ers)?

Arne Blankerts | International PHP Conference – Spring Edition |

HTTP used to be a comparatively simple protocol. Or so it seemed. In reality, modern web applications require a large number of HTTP headers to ensure secure transport and, later on, the correct execution in the browser. It does not matter if you have Strict-Transport-Security, Content-Security-Policy, accesses across domain boundaries, or even the good old Cookie-Headers – without the right values and settings, you won’t get far these days. But who knows all the options? And which of them are important? Where do pitfalls lurk? This presentation provides the answers.

3 / 100
Download PDF

About the presenter

Arne Blankerts

Arne Blankerts has solutions ready before others have even understood the problem.