Being Cellfish
Stuff I wished I've found in some blog (and sometimes did).
Pages
(Move to ...)
Home
About
Disclaimer
Contact
▼
Showing posts with label
http
.
Show all posts
Showing posts with label
http
.
Show all posts
2016-05-12
Preventing cross-site request forgery (CSRF)
›
Since I stumbled over a pretty good introduction to what CSRF is I figured it was worth a few lines.
2015-12-10
Do I need to remove the Server header from my HTTP responses?
›
You might have heard the recommendation that your web server should not return the Server header to reveal exactly what software is being us...
3 comments:
2015-11-19
Is logging raw HTTP requests ok?
›
When you are working on services that need to scale to millions of users you typically come to the conclusion that you will never be able to...
2 comments:
2015-11-05
Preventing DoS attacks with puzzles
›
So when a web service is getting too much traffic it starts returning the 503 status code. Well written services also return the Retry-After...
2015-08-20
Understanding HTTP Strict Transport Security (HSTS)
›
I'm not going to explain it all myself since it was explained in an excellent way here . However below is the executive summary.
2015-06-04
Returning 403 or 404 - that is the question
›
I think it is safe to say that anybody who is serious about security will tell you that security through obscurity is no security . Yet a l...
2013-12-12
429 vs 503
›
A while back I was involved in a discussion around using 429 instead of 503 in order to tell clients they should back off a little. And ther...
›
Home
View web version