Ars Technica

HTTP Headers - Content Security Policy

Anyone have expertise with HTTP headers, specifically Content-Security-Policy? I'm trying to set CSP on a couple of sites, to improve protection to a hosted application, and running into issues with ...
Dark Reading

Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks

A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Daniel Thatcher, researcher and penetration tester at ...