Securing a client
We have prepared our server side to secure the communication, and now it's time to talk about the security of the client side of our web application. For all our content, we will start using secure communication with TLS and we will start updating our client side using cookies.
Attributes of cookies
A cookie has two special attributes: Secure and HttpOnly. The Secure attribute of a cookie allows it to be sent only to the TLS connection. The other attribute, HttpOnly, marks the cookie that is accessible only via HTTP or HTTPS connections. Mark both of them as true and this small improvement in cookies prevents the web browser from sending a cookie via an insecure connection. With each request sent, the cookies are accompanied to follow the server inside headers. Let's check what we can improve in other headers.
HTTP Strict Transport Security
The well-known SSL man-in-the-middle attacks can be safely fixed with a HTTP Strict Transport Security (HSTS) header sent from...
