HTTP Security Headers – Extended

Advanced Reporting Features

Network, Intervention, Deprecation, DMARC, and Crash Reports

This extended http security course outlines the use of additional headers. These headers will not help improve a websites security rating, however, their additions will improve various performance issues through advanced monitoring and reporting features. Many of these new reporting tools are available from the Report-URI website and are available from the addition of only one reporting api header. Amazing stuff!

Additional Headers

  • Network Error Logging – Network reports
  • Deprecation – Deprecated feature warnings
  • Intervention – Browser intervention reporting
  • Crash – Crash reporting
  • Expect Staple – OSCP Certificate Staples (requires preload approval)
  • X-XSS-Auditor – Browser audit reports (on by default)
  • DMARC (Domain-based Message Autentication, Conformance and Reporting) – Email protection and reporting
  • Certificate Transparency – Extended certificate reporting errors