How do HTTP Headers Help with Web Security
HTTP Response Headers are how web servers communicate back to web browsers what security rules should be applied to requests. As an application developer setting these headers can help prevent certain types of web attacks.
What Security Headers Should Be Enabled
Helps to prevent cross-site scripting attacks by restricting certain browser behaviors.
Prevents your site from loading in an iframe. This is important as sometimes iframes are used in phishing attempts.
Prevents MIME-based content attacks.
What you need to get started:
- Expedited WAF add-on is setup in front of your application.
How To Enable Security Headers
Enable Security Headers from the Stop Attacks page of your Expedited WAF dashboard:
- Settings these options is usually quite safe with existing applications
Learn more about Security Headers
Need this for your Heroku App?
Find out how Expedited WAF can immediately improve your security posture, reliability and site speed. Book a time to get started or jump in on the Heroku Elements Marketplace.