It’s Friday afternoon, and Bill is frantically writing a rebuttal to a fiery political thread on Facebook. Smashing his keyboard violently with fingers of fury. Around 3 pm, a message flies in on the upper right-hand corner of his computer screen updating him of the final score of the Giants vs. Phillies game. “Giants lost?!? What?” At 4:30, another notification flies in telling him the pet food he was browsing online earlier in the week is available at his local pet store and he can grab it on the drive home. “Gizmo’s gun’ be happy tonight heh heh. JUMBONE for…
HTTPS is a must for every website nowadays: Users are looking for the padlock when providing their details; Chrome and Firefox explicitly mark websites that provide forms on pages without HTTPS as being non-secure; it is an SEO ranking factor; and it has a serious impact on privacy in general.
Additionally, there is now more than one option to get an HTTPS certificate for free, so switching to HTTPS is only a matter of will.
Web applications, be they thin websites or thick single-page apps, are notorious targets for cyber-attacks. In 2016, approximately 40% of data breaches originated from attacks on web apps — the leading attack pattern. Indeed, these days, understanding cyber-security is not a luxury but rather a necessity for web developers, especially for developers who build consumer-facing applications.
HTTP response headers can be leveraged to tighten up the security of web apps, typically just by adding a few lines of code. In this article, we’ll show how web developers can use HTTP headers to build secure apps. While the code examples are for Node.js, setting HTTP response headers is supported across all major server-side-rendering platforms and is typically simple to set up.