HTTP security headers in Cybersecurity - Time & Space Complexity

Analyzing time complexity helps us understand how adding HTTP security headers affects server processing time as requests grow.

We want to know how the work done by the server changes when more headers are added or more requests come in.

Analyze the time complexity of the following code snippet.

// Pseudocode for adding HTTP security headers
function addSecurityHeaders(response) {
  response.setHeader('Content-Security-Policy', "default-src 'self'");
  response.setHeader('X-Content-Type-Options', 'nosniff');
  response.setHeader('Strict-Transport-Security', 'max-age=31536000');
  response.setHeader('X-Frame-Options', 'DENY');
  response.setHeader('Referrer-Policy', 'no-referrer');
  return response;
}

This code adds several security headers to an HTTP response before sending it to the client.

Identify the loops, recursion, array traversals that repeat.

• Primary operation: Setting each security header on the response object.
• How many times: Once per header, here 5 headers are set sequentially.

As the number of headers increases, the time to add them grows linearly because each header requires a separate operation.

Input Size (number of headers)	Approx. Operations
5	5 operations
10	10 operations
100	100 operations

Pattern observation: Doubling the number of headers roughly doubles the work done.

Time Complexity: O(n)

This means the time to add security headers grows directly in proportion to how many headers you add.

[X] Wrong: "Adding more headers does not affect performance because headers are small."

[OK] Correct: Even small headers require processing time; as the number grows, the total time adds up linearly.

Understanding how adding security headers affects server response time shows you can balance security and performance, a valuable skill in real-world web development.

"What if we batch set all headers in one call instead of individually? How would the time complexity change?"