Thu 07 Nov 2019

HTTP Security Headers - A Complete Guide

In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting. At the end of the article, I will include sample setups for common applications and web servers.

Source: HTTP Security Headers - A Complete Guide, a guide by Charlie Belmer.

Mozilla Observatory scan summary
Mozilla Observatory scan summary; an A+ for Plurrrr.

Using this guide and Mozilla Observatory I managed to get Plurrrr from an F to an A+.

Note that the guide has syntax errors in the NGINX configuration example. At least, at the time of writing, I had to remove the colon after each header name and had to put some values between double quotes.