Tag: http

Simple Content Security Policies to Defend Against XSS Attacks

Posted on Saturday, July 8th, 2017

  We’ve covered quite a few security related HTTP headers on the blog in recent weeks but the boss of them all has to be Content-Security-Policy (CSP). The boss, both because of the level of protection it provides but unfortunately also because of the difficulty of implementing it correctly on the first go. As with […]

Read More

How to Secure HTTP Traffic and Protect Users with the HTTP Strict Transport Security Header

Posted on Friday, April 29th, 2016

  It’s amazing that so many specific and active steps still need to be taken to ensure our clients’ and their HTTPS traffic really are as secure as we and they hope. Luckily those steps are quick and simple when you can utilise our flightPATH traffic management rules. flightPATH is a dynamic, event-based rule engine […]

Read More

A HTTP Security Header to Combat ‘Clickjacking’ – How to Improve your Site’s Security with the X-Frame Options Header

Posted on Wednesday, April 13th, 2016

Perhaps it comes to your attention after a security penetration test or perhaps because you are trying to prevent some party hijacking your site or overlaying it with advertisements. Either way the X-Frame-Options header is a good one to always include in website responses to improve your site’s security and provide some safety to it’s […]

Read More

Introducing Error 451 – Also Known as the “You’re Being Censored Code”

Posted on Thursday, January 28th, 2016

  Last month the Internet Engineering Task Force (IETF) introduced a new HTTP status code for legally-restricted resources. Ok, before you give up on reading this, writing it off as the most boring blog on the internet, I promise you it’s not quite that dry. In fact the new HTTP error code raises some interesting […]

Read More