    Gain insights into HTTP security headers, learn their risks, explore solutions, and discover how to implement them using Helmet for enhanced web application security.

HSTS_brew_final.tar.gz

Chrome

run_mal

Chrome_hsts

Chrome_hsts-mkcert

debug

Chrome_hsts-mal

Chrome_hsts-inn

This course teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.

For each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well maintained Node.js package on npm.

Web Application Security: Understanding HTTP Security Headers

When users browse through web pages, the browser may set a request header called `Referer` in certain conditions. This `Referer` header is often used by back-end servers to track user behavior for analytics and other means.

How does the `Referer` header look in an HTTP request, though?

If we were to search for "wikipedia" on Google and click on the Wikipedia search result, we would see the `Referer` header set as such:

This lesson will cover how to use the `Referrer-Policy` header in a web server's response to instruct the browser to securely set a `Referer` value when making requests off the page.

Introduction

HTTP Security Headers

Testing for Security Headers

What's Next?

Referer and Referrer Policy