OWASP DevSlop’s journey to TLS and Security Headers

Franziska Buehler
Nov 15, 2018 · 6 min read

Why TLS? It’s only static content!

TLS Server Certificate

SSL Report for devslop.co

Security Headers


Content-Security-Policy (CSP)




SecurityHeaders.com Report for devslop.co

Further improvements

Strict-Transport-Security (HSTS)


More Headers and Cookie Settings

    Franziska Buehler

    Written by

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade