security http headers
TRANSCRIPT
Security HTTP HeadersThe Missing Manual
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Content Security Policy
HTTP Strict Transport Security
Public Key Pinning
X-Content-Type-Options
X-Content-Type-Options: nosniff
nosniff
X-Frame-Options
X-Frame-Options: DENYX-Frame-Options: SAMEORIGINX-Frame-Options: ALLOW-FROM https://example.com
SAMEORIGIN, DENY or ALLOW-FROM <url>
X-XSS-Protection
X-XSS-Protection: 0X-XSS-Protection: 1X-XSS-Protection: 1; mode=block
0/1 (; mode=block)
Content Security PolicyCSP
CSP
Level 1
Level 2
Level 3 Draft
HTTP Strict Transport SecurityHSTS
307 Internal Redirect
Strict-Transport-Security: max-age=31536000
max-age=<sec> (; includeSubDomains) (; preload)
Public Key PinsHPKP
Public Key Pins: pin-sha256=“…”; max-age=15552000
pin-<algo>=“<value>”; max-age=<sec>
(; includeSubDomains)
(; report-uri=“<uri>”)
Q & A
Reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
http://caniuse.com
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Public-Key-Pins
https://hstspreload.appspot.com
Image Source
http://all4syria.info/wp-content/uploads/2016/06/15.png
http://www.tccpa.org.tw/mag/pages/201410/1-2.png
http://blog.smartbear.com/wp-content/uploads/2013/09/Internet_Explorer_10_logo.svg_.png
https://cdn1.vox-cdn.com/uploads/chorus_asset/file/3665120/Microsoft_Edge_logo.svg.0.png
https://lh4.googleusercontent.com/-gjxoCu8Fu3c/AAAAAAAAAAI/AAAAAAABV2s/G6QAFjz-5Zc/s0-c-k-no-ns/photo.jpg
https://lh6.googleusercontent.com/-fhrLO8TWc5o/AAAAAAAAAAI/AAAAAAAAP4E/qZBNhp3iREM/s0-c-k-no-ns/photo.jpg
https://upload.wikimedia.org/wikipedia/zh/6/61/Apple_Safari.png
http://www.zyhxfcyy.com/images/140120/2-14012015003IZ.jpg
http://www.ebestmobile.com/wp-content/uploads/2016/04/002tL3nWty6Hqufi4WTf3690.jpg
Thanks