Objectives for 2024.

[righettod]

• Submit an application for a podcast in french at https://www.nolimitsecu.fr
• Handle Add information about headers in web API context. #19.
• Handle Deprecated Security Header - Pragma #28
• Add a section, into the best practices area, about how to prevent sensitive information exposure due to caching (use same approach than for CORS but with cache headers).
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching
• Submit an application to upgrade to production status: ⏳Pending.
• Handle Add Document-Policy header #22 and Review the feature permission policy header value #11

[righettod]

🚧 Submit an application to upgrade to production status.

📧 Promotion request submitted:

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📧 Proposition submitted to the team managing the podcast, in french, as we are all french native speakers and the podcast is made in french 😀:

💬 Translation:

Good morning,

I am contacting you to find out if you would be interested in a session to present and discuss the OWASP Secure Headers Project?

This project aims to provide a set of resources about HTTP headers aimed at adding additional protections to the behavior of a browser.

Connections:
https://owasp.org/www-project-secure-headers/
https://github.com/OWASP/www-project-secure-headers/
https://github.com/oshp/

Thanking you very much in advance for the attention that will be given to my proposal, I wish you an excellent day.

Sincerely.

[riramar]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📧 Proposition submitted to the team managing the podcast, in french, as we are all french native speakers and the podcast is made in french 😀:

You'll need to translate for us. 😀
I'll may do a presentation in a conference here in Brazil. I'll provide you more details when confirmed.

Thanks!
Ricardo Iramar

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📧 Proposition submitted to the team managing the podcast, in french, as we are all french native speakers and the podcast is made in french 😀:

You'll need to translate for us. 😀 I'll may do a presentation in a conference here in Brazil. I'll provide you more details when confirmed.

Thanks! Ricardo Iramar

Added into original post 😃

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📧 Proposition submitted to the team managing the podcast, in french, as we are all french native speakers and the podcast is made in french 😀:

You'll need to translate for us. 😀 I'll may do a presentation in a conference here in Brazil. I'll provide you more details when confirmed.

Thanks! Ricardo Iramar

Nice 💯

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📧 Proposition submitted to the team managing the podcast, in french, as we are all french native speakers and the podcast is made in french 😀:

💬 Translation:

Good morning,

I am contacting you to find out if you would be interested in a session to present and discuss the OWASP Secure Headers Project?

This project aims to provide a set of resources about HTTP headers aimed at adding additional protections to the behavior of a browser.

Connections:
https://owasp.org/www-project-secure-headers/
https://github.com/OWASP/www-project-secure-headers/
https://github.com/oshp/

Thanking you very much in advance for the attention that will be given to my proposal, I wish you an excellent day.

Sincerely.

📡 Record scheduled for the 2024-03-11 evening...

@riramar I need the help of your memory for some points:

• When the project was initially created?
• By who if it was not by you 😉

Thanks a lot in advance 😃

[riramar]

Hi @righettod

In 2015, during a conversation with Jim Manico about HTTP headers, he mentioned that the OWASP Secure Headers project had been inactive for nearly two years. Jim then proposed that I assume responsibility for the project, to which I agreed. Consequently, on December 14th, 2015, I made my inaugural contribution to the OWASP Secure Headers wiki page.

Best regards,
Ricardo Iramar

[righettod]

Hi @righettod

In 2015, during a conversation with Jim Manico about HTTP headers, he mentioned that the OWASP Secure Headers project had been inactive for nearly two years. Jim then proposed that I assume responsibility for the project, to which I agreed. Consequently, on December 14th, 2015, I made my inaugural contribution to the OWASP Secure Headers wiki page.

Best regards, Ricardo Iramar

Thanks a lot for the information 👍

[righettod]

🚧 Handle #19

👨‍💻 Work started via:

• ✔ CSP against the HTTP response serving it. #25
• Add hints for API OWASP/www-project-secure-headers#166

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

📋 My preparation for the podcast is here as a Google Document in French (easier for me to use the notes during the recording).

🌏 It is possible to translate the content from French to any language via Google Translate using a DOCX downloaded version of the content:

[righettod]

🚧 Handle #19

✅ Completed.

[righettod]

🚧 Submit an application to upgrade to production status.

📩 Status kindly asked to the project committee:

📡 Feedback received: Our application is under review.

[righettod]

🚧 Submit an application for a podcast in French at https://www.nolimitsecu.fr/

✅ Podcast recorded and published:

• https://www.nolimitsecu.fr/owasp-secure-headers-project/
• Add NLS podcasts ref. OWASP/www-project-secure-headers#174

[righettod]

🚧 Handle #28

✅ Done via OWASP/www-project-secure-headers#175

[righettod]

🚧 Add a section, into the best practices area, about how to prevent sensitive information exposure due to caching.

✅ Done in the following PR:

• Add section about information exposure via caching OWASP/www-project-secure-headers#176
• Add missing link to the new section OWASP/www-project-secure-headers#177