HSTS_brew_final.tar.gz

Chrome

run_mal

Chrome_hsts

Chrome_hsts-mkcert

debug

Chrome_hsts-mal

Chrome_hsts-inn

This course teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.

For each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well maintained Node.js package on npm.

Web Application Security: Understanding HTTP Security Headers

## Security in HTTP

When developing web applications, your applications depend on communication protocols that already have a set of defined and implemented standards for how to transfer data and securely manage it.

Browsers utilize headers sent over HTTP (generally secure HTTP connections) to enforce and confirm such communication standards and policies. Using these HTTP headers to increase security for client-side code is a quick and efficient method to mitigate security vulnerabilities and implement a **defense in depth** strategy.

# Security in HTTP

When developing web applications, your applications depend on communication protocols that already have a set of defined and implemented standards for how to transfer data and securely manage it.

Browsers utilize headers sent over HTTP (generally secure HTTP connections) to enforce and confirm such communication standards and policies. Using these HTTP headers to increase security for client-side code is a quick and efficient method to mitigate security vulnerabilities and implement a **defense in depth** strategy.

In this lesson, we will learn what HTTP security headers are and how they can be useful to secure web applications. Consider, however, that they may break a web application if not applied correctly.

Introduction

HTTP Security Headers

Testing for Security Headers

What's Next?

Headers as Browser Security Controls

Security in HTTP