Web Security: Learning HTTP Security Headers
Minimum price
Suggested price

Web Security: Learning HTTP Security Headers

About the Book

This book is a follow-up on Liran Tal's Essential Node.js Security for Express web applications and teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.

For each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well-maintained Node.js package on npm.

  • Share this book

  • Categories

    • Web Development
    • Computer Security
    • DevOps
    • Software Architecture
  • Feedback

    Email the Author(s)

About the Author

Liran Tal
Liran Tal

Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.

Reader Testimonials

Michael Azimov
Michael Azimov

Software Developer Fundbox

I started reading the book few days ago and I am half way in it, and I must say that although I kinda knew that I should use all these HTTP headers, your book really made me understand why I should use them and what could happen if I dont, and most importantly- if the browsers yells at you, dont just give up and remove the headers 😆

Luke Rasmus
Luke Rasmus


Absolutely awesome - really. This was targeted at a perfect level for me, as someone who had exposure to these topics, had done some fiddling with helmet previously in node, but this was a great succinct guide to quickly and effectively teach "what" and "why".

Sumit Kumar
Sumit Kumar

Front End Engineer and Designer

To the point content. Short book - this one is just for me as I like books that are short. I like the interesting facts about technology terms mid-sections. The code examples are good. I like the educational approach of Risk→Solution→Implementation. I like the use of GitHub to serve the example source code. Some topics I found to be complicated, like HTTP Strict Transport Security.

Table of Contents

  • About The Author
    • Liran Tal
  • About The Book
    • Requirements
    • Source Code
  • Introduction
    • Requirements
    • Headers as browser security controls
    • Helmet - a Node.js package to set HTTP security headers
  • HTTP Security Headers
    • HTTP Strict Transport Security
    • X Frame Options
    • Content Security Policy
    • Referer and Referrer Policy
    • Deprecated security headers
  • Testing for Security Headers
    • The State of HTTP Security
    • WebPageTest
    • Lighthouse
    • Check My Headers command line application
    • Summary
  • What’s next?
    • Establish a CSP and Security Headers standard
    • Monitor your web application
    • Other browser security headers and controls
    • Referrer-Policy
    • Educational resources
    • Security headers tooling

The Leanpub 60-day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Do Well. Do Good.

Authors have earned$11,974,502writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub