Using your headers for better security


In order to combat some of the most common web security vulnerabilities new HTTP headers have been standardized and adopted by modern browsers, but adoption by websites is still slow.  This session will cover how some of the most common security vulnerabilities occur and what their effects are, how new HTTP headers and browser features enable you to improve the privacy and security of your website, and how to implement them within Drupal 8.

I will also cover a strategy for segmenting site responsibilities across subdomains, and on progress of developing a module to automatically apply Content Security Policy by utilizing Drupal 8's libraries API.

See the slides at

Session Track

Coding and Development

Experience Level


Drupal Version

When & Where

Thursday, 28 September, 2017 - 13:00 to 13:25
Lehar 2