From HSTS through to CSP and almost every acronym in between security headers, are simple HTTP Headers, sent with requests from your server to the browser but they can be a valuable piece in hardening sites if implemented correctly what’s more for most of them it’s simple to do. In this talk Tim going to go through various security headers explaining how and when to use them and some of the pitfalls. It’s a journey that will take us through HTTPS and into a world where we need to consider carefully what third party content is being used.