O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Feature Chrome Edge Firefox
Internet
Explorer
Opera Safari Servo
Basic Support 1.0 (Yes) 51 8.0 13 No support (Yes)
Deskto...
Domains 548567
"x-content-type-options" 64643
"x-frame-options" 71772
"x-xss-protection" 31404
HSTS 20113
HSTS (report onl...
0.00%
2.00%
4.00%
6.00%
8.00%
10.00%
12.00%
14.00%
0
10000
20000
30000
40000
50000
60000
70000
80000
"x-content-type-optio...
0.00%
0.50%
1.00%
1.50%
2.00%
2.50%
3.00%
3.50%
4.00%
0
5000
10000
15000
20000
25000
HSTS HSTS (report only) HPKP HPKP (re...
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Securing websites with HTTP headesr
Próximos SlideShares
Carregando em…5
×

Securing websites with HTTP headesr

Slide for presentation from DevClub.ee (October 2016).
Covers HTTP headers related to security - old ones and modern ones like Strict -Transport-Security / Public-Key-Pins / Content Security Policy.
Also we touch on few attacks using those technologies.

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

Audiolivros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Securing websites with HTTP headesr

  1. 1. Feature Chrome Edge Firefox Internet Explorer Opera Safari Servo Basic Support 1.0 (Yes) 51 8.0 13 No support (Yes) Desktop Mobile Feature Android Chrome for Android Edge Mobile Firefox for Android IE Mobile Opera Mobile Safari Mobile Basic Support (Yes) (Yes) (Yes) 51 (Yes) (Yes) No support
  2. 2. Domains 548567 "x-content-type-options" 64643 "x-frame-options" 71772 "x-xss-protection" 31404 HSTS 20113 HSTS (report only) 0 HPKP 365 HPKP (report only) 34 CSP 5833
  3. 3. 0.00% 2.00% 4.00% 6.00% 8.00% 10.00% 12.00% 14.00% 0 10000 20000 30000 40000 50000 60000 70000 80000 "x-content-type-options" "x-frame-options" "x-xss-protection" Security headers Series1 Series2
  4. 4. 0.00% 0.50% 1.00% 1.50% 2.00% 2.50% 3.00% 3.50% 4.00% 0 5000 10000 15000 20000 25000 HSTS HSTS (report only) HPKP HPKP (report only) CSP New security headers Series1 Series2

×