Required HTTP security headers – HTTP Response Headers Vulnerability

jimmy j0
cyber security

The following are some of the Required Security Headers which you should enable in your web application.

Click here to watch video on How to change HTTP security headers using IIS or web configuration file

Content-Security-Policy

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
X-XSS-Protection


X-XSS-Protection

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
X-Content-Type-Options

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
X-Frame-Options

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Referrer-Policy

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
This is how you can apply the headers   <httpProtocol>
            <customHeaders>
                <add name=”X-Content-Type-Options” value=”nosniff” />
                <add name=”X-Frame-Options” value=”DENY” />
                <add name=”X-XSS-Protection” value=”1; mode=block” />
                <add name=”Referrer-Policy” value=” strict-origin-when-cross-origin” />
            </customHeaders>
        </httpProtocol>

Leave a Reply

Your email address will not be published. Required fields are marked *