2020-02-18 Welcome to the Veggiespam’s Secure HTTP Headers page where I provide my whitepapers showing how to secure the headers on your website. The content here is updated as technology, standards, and best practices change over time. This effort started when I wrote a detailed paper on how to Remove Insecure HTTP Headers by re-configuring many different server technologies in order to share with my clients. Over time, I could see many other companies referencing the webpage from their internal bug ticketing systems and various open source projects posted links in issues on GitHub or other communal sites. So a few years after, I finally finished the companion paper, Useful HTTP Security Headers, where I discussed how to add all of the necessary headers all in one comprehensive document. Remove Insecure HTTP Headers, aka Bad headers and how to remove them Useful HTTP Security Headers, aka Good headers and how to enable them If you came to /headers expecting the Header Removal page, it has migrated to /bad-headers and this /headers URI now shows all of the HTTP Header related topics, including the new /good-headers page. Feel free to explore. I welcome feedback via DM on Twitter @veggiespam or via email. Share this:Click to share on Twitter (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on Pocket (Opens in new window)