Heroku Security Resources

Security Frameworks

• How to Block the Latest (2018) OWASP Top 10 Vulnerabilities on Heroku

Securing Your Application and Stopping Attacks

• How to Choose What SSL/TLS/HTTPS option to use on Heroku

• How to Block HTML in forms (XSS) on Heroku

• How To Force HTTPS (SSL/TLS) on Heroku

• How To Enable Security Headers on Heroku

Blocking Bots and Attackers

• How to Block IP Addresses on Heroku

• How to Block Clients with Application Logic (Cookies) on Heroku

• How to Block User Agents on Heroku

• How to Block Anonymous Proxies on Heroku

• How to Block Clients by Country and Geolocation on Heroku

• How to Block Log4j Vulnerability on Heroku

Stopping DDOS Attacks

• How To Stop DDoS Attacks On Heroku With a CAPTCHA challenge

• How To Stop DDoS Flood Attacks with Javascript Verification on Heroku

• How to Block Referring Sites on Heroku

Speed and Fast Loading

• How to Enable HTTP2 (SPDY) on Heroku

• How to Enable Brotli Compression on Heroku

• How to Enable GZip Compression on Heroku

• How to Enable IPv6 on Heroku