Modern browsers offer multiple opt-in security features that help protect your web application. These features are enabled through a variety of HTTP response headers. You should take advantage of these security headers in your web applications to prevent several common web application attacks.
We'll go through the list of security headers and see what they do to improve security for your users.Security headers are the low hanging fruits of web application security. We should all be using them!
This talk is relevant for web developers, testers and architects on all platforms. The security headers enable security features in the browser, and so is not tied to any particular web application development stack. Any examples will be shown using the NWebsec security library for ASP.NET.