- Browser headers add controls on the client.
- They are an additional layer of defense to server side controls.
- These headers are evolving , some are no longer used and some are not recognized as well.
- Most importantly these headers are massively underutilized.
Few Web Server or Database Server security risks are as follows.
- SQL Injection
- Insufficient Authorization
- Weak Credential Storage
Few Web Browser ( Client ) security risks are as follows.
- Cross Site Scripting
- Insufficient Transport Layer Security
- Click Jacking
THINGS THE SERVER CAN’T CONTROL
- A client explicitly requests secure content via the HTTP scheme.
FIX : We will fix this with the HSTS Header.
- A certificate authority is compromised and issues rogue certificates.
FIX : We will fix this with the HPKP Header.
- Another website embeds yours in a frame and clickjacks it.