Security headers are easily overlooked in website audits. While some may say that website security is not an SEO-related concern, it does become SEO-related when a site becomes hacked and search ...

A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Daniel Thatcher, researcher and penetration tester at ...

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections, if those websites have opted into a new security mechanism. Users can test the ...

BLACK HAT USA – LAS VEGAS – A security researcher who previously demonstrated how attackers can abuse weaknesses in the way websites handle HTTP requests warned that the same issues can be used in ...

In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of ...

In order to prevent attacks such as cache probing, Google Chrome will begin to limit the HTTP Referer header to 4KiB in size. Other browsers such as Microsoft Edge and Mozilla Firefox have indicated ...

Recent revelations in cybersecurity unveil a new menace lurking in the depths of the internet infrastructure. Dubbed "CONTINUATION Flood," these vulnerabilities within the HTTP/2 protocol pose a ...

The other day, Jack Stonehouse asked me on Twitter why I was using a 307 redirect from the HTTP to HTTPS version of this site. The answer was, I was not. But why was he getting a 307 redirect and not ...

Take advantage of a DelegatingHandler and the X-HTTP-Method-Override in Web API to overcome browser and firewall constraints When deploying your REST Web API over a public domain, you will sometimes ...

In light of overall low adoption of HTTP security headers, Mozilla is advising webmasters to at least implement X-Frame-Options on their sites, arguing that this header can prevent several types of ...