Security Headers
Some 'sets' that could save the 'system'
Red Zone Area | April 2021HTTP security headers are a fundamental part of website security. Upon implementation, they protect you against the different types of attacks that your site is most likely to come across. These headers protect against XSS, code injection, clickjacking, etc.. They should be used to pass additional information between the clients and the server through the request and response headers.
There are four kinds of headers context-wise:
- General Header: This type of headers applied on Request and Response headers.
- Request Header: This type of headers contains information about the fetched request by the client.
- Response Header: This type of headers contains the location of the source that has been requested by the client.
- Entity Header: This type of headers contains the information about the body of the resources like MIME type, Content-length.
Headers can also be categorized according to how proxies handle them like Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, TE, Trailer, Transfer-Encoding, and others many cases where headers could help you properlyi handling security, caching, client hints, conditionals, Connections, etc. More than useful!!
All the headers are case-insensitive, headers fields are separated by colon, key-value pairs in clear-text string format and we will share here some tips for you all.
Enjoy!
How to do it or that?
This session is dedicated to explain, share and spread ideas, tricks, tips about security
The HTTP Transfer-Encoding is a response-type header that performs as the hop-by-hop header, the hop-by-hop header connection is the single transport-level connection must not be re-transmitted. This header is performing between two nodes (single transport and level connection).
Syntax:
Transfer-Encoding: chunked | compress | deflate | gzip | identity
Directives:
This header accepts five directives mentioned above and described below:
- chunked: This directive is used to send the series of data in a chunk format, but have to mentioned the length of each chunk before sending the chunk of the data in hexadecimal format like
'\r\n'and then the chunk itself, followed by another'\r\n'. - compress: It is a compression format using the Lempel-Ziv-Welch (LZW) algorithm.
- deflate: It is a compression format using the zlib structure, with the deflate compression algorithm.
- gzip: It is a compression format using the Lempel-Ziv coding (LZ77), with a 32-bit CRC.
- identity: This directive Indicates the identity function which is always acceptable
Example: The chunk encoding for this header is useful when the server sending the huge amount of series of data to the client. The total size of the response may be unknown until the request has been completed.
Supported Browsers:
The browsers are compatible with HTTP Transfer-Encoding header are listed below:
- Google Chrome
- Internet Explorer
- Firefox
- Safari
- Opera