Web Application Security: Understanding HTTP Security Headers/

...

Other browser security headers and controls

The web is an evolving standard. As such, new security controls would be introduced. We should keep an eye on them! Embrace and prepare for privacy, feature controls, and future headers such as Referrer-Policy, Feature-Policy, Origin-Policy, Integrity, Accept-CH, Clear-Site-Data.

We'll cover the following...

Referrer-Policy
Feature-Policy
Summary

As the web evolves, it creates new standards for us to adopt. This also applies to new HTTP headers. We will quickly review a bunch of them here as a first step in establishing familiarity with a wider range of headers.

Referrer-Policy

Embrace and prepare for privacy-related policies using Referrer-Policy, which instructs the browser when and how much information to provide when setting a Referer header as users navigate from an existing web page.

Some example values for Referrer Policy are:

Referrer-Policy: no-referrer
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: same-origin

The default value set by the browser is ...

Introduction

HTTP Security Headers

Testing for Security Headers

What's Next?

Other browser security headers and controls

Referrer-Policy