about a month ago, I was reflecting on Twitter about the differences I experienced parsing JSON in statically- and dynamically-typed languages, and finally, I realized what I was looking for. Now I have a single, snappy slogan that encapsulates what type-driven design means to me, and better yet, it’s only three words long:
Parse, don’t validate.
Source: Parse, don’t validate, an article by Alexis King.
In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting. At the end of the article, I will include sample setups for common applications and web servers.
Source: HTTP Security Headers - A Complete Guide, a guide by Charlie Belmer.
Using this guide and Mozilla Observatory I managed to get Plurrrr from an F to an A+.
Note that the guide has syntax errors in the NGINX configuration example. At least, at the time of writing, I had to remove the colon after each header name and had to put some values between double quotes.