From the course: ASP.NET: Security
Join today to access over 23,200 courses taught by industry experts.
Security HTTP headers
From the course: ASP.NET: Security
Security HTTP headers
- [Instructor] A few final thoughts on HTTP Headers, at least from a security perspective. There are several of them which are supported by all major browsers and can increase the security of our web application. Going into detail for each and every one of them is a little bit out of scope for this rather SPO Netcentric course, but still, I would like to mention the most important ones. You can set all of those header in the Web.config file in the Custom Headers section. First we have X-Frame Options. X-Frame Options can prevent that a page is loaded within an eye frame, so someone might, steal, quote on quote, your content or try an attack called click jacking, where they load your website in an eye frame, make that eye frame invisible and then lure users into actually clicking in that eye frame and then clicking within your web application and starting some actions there. X-Frame Options can be set to the same origin or deny and limits or even prevents your page being framed…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Introduction27s
-
(Locked)
Securing cookies6m 11s
-
(Locked)
Securing sessions6m 7s
-
Setting cookie attributes in the app1m 37s
-
(Locked)
Enforcing HTTPS3m 12s
-
(Locked)
Error handling4m 6s
-
(Locked)
Hiding server information2m 50s
-
(Locked)
Hiding more server information3m 34s
-
(Locked)
Security HTTP headers4m 15s
-
(Locked)
-