Posts tagged with headers

A new security header: Feature Policy

scotthelme.co.uk

Scott Helme, creator of both securityheaders.com and report-uri.com introduces a header to enable or disable certain APIs on a webpage.

Feature Policy is being created to allow site owners to enable and disable certain web platform features on their own pages and those they embed. Being able to restrict the features your site can use is really nice but being able to restrict features that sites you embed can use is an even better protection to have.

Read more [scotthelme.co.uk]

Join 9,500+ smart developers

Every month I share what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.

No spam. Unsubscribe anytime. You can also follow me on X.

Using Content Security Policy headers in a Laravel app original

by Freek Van der Herten – 5 minute read

By default all scripts on a webpage are allowed to send and fetch data from and to any site they want. If you think about it, that's kinda scary. Imagine that one of your JavaScript dependencies would send all keystrokes, including passwords, to a third party website. That would be pretty bad. In…

Read more

A new security header: Referrer Policy

Almost a year ago, Scott Helme, creator of securityheaders.io and report-uri.com, wrote a blogpost on a not well known http header: Referrer-Policy.

Regular readers will know how fond I am of the existing security headers so it's great to hear that we're getting another! Referrer Policy will allow a site to control the value of the referer header in links away from their pages.

https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Read more