Security is all about defense in depth: applying layer
upon layer of security controls such that any one single
failure does not lead to a compromise of the application
One of those layers is the browser itself, which is
becoming increasingly intelligent when it comes to
implementing defenses. Security headers are a way of
telling the browser how a website may behave when it's
loaded into the client. They provide numerous defenses
against a variety of attacks in ways that have not
previously been possible with security controls that ran
solely on the server. In this course, we'll walk through a
number of essential security headers that provide even
greater levels of defense for web applications. We'll look
at how they're intended to work, what attacks they protect
against, and how you can easily implement them in your
website