Difference between revisions of "HTTP headers"
Jump to navigation
Jump to search
↑ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
(25 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
[[wikipedia:HTTP headers]] | [[wikipedia:HTTP headers]] | ||
+ | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers | ||
− | |||
* <code>[[WWW-Authenticate]]</code> | * <code>[[WWW-Authenticate]]</code> | ||
* <code>[[HTTP Header: Authorization|Authorization:]]</code> | * <code>[[HTTP Header: Authorization|Authorization:]]</code> | ||
+ | * <code>[[Content-Security-Policy]]</code><ref>https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy</ref> | ||
+ | * <code>[[X-Frame-Options]]</code> (deprecated): https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
− | * | + | * <code>[[strict-Transport-Security]]</code> |
+ | * [[Content-Security-Policy]] | ||
+ | * [[X-Frame-Options]] | ||
+ | * [[X-Content-Type-Options]] | ||
+ | * [[Referrer-Policy]] | ||
+ | * [[Permissions-Policy]] | ||
+ | * <code>[[Cache-Control]]: [[no-cache]], [[no-store]], [[max-age]]</code> | ||
+ | * [[X-Forwarded-For (XFF)]] | ||
+ | * <code>[[Sec-Fetch-Mode]]</code> | ||
+ | |||
+ | |||
+ | == Activities == | ||
+ | * Use [[Terraform aws lb: drop_invalid_header_fields]] to drop not valid headers | ||
== Related terms == | == Related terms == | ||
+ | * <code>[[aws s3 cp --cache-control]]</code> | ||
* [[Clickjacking]] | * [[Clickjacking]] | ||
* [[Bearer token]]: <code>[[Authorization:]] Bearer .../...</code> | * [[Bearer token]]: <code>[[Authorization:]] Bearer .../...</code> | ||
+ | * <code>[[curl --header]]</code> | ||
+ | * [[Python]], <code>[[urllib]]</code> library | ||
+ | * [[HTTP Security headers]] | ||
+ | * <code>[[has been blocked by CORS policy]] no '[[access-control-allow-origin]]' header is present on the request</code> | ||
+ | * [[Request Header Fields]]: https://www.rfc-editor.org/rfc/rfc2616#section-5.3 | ||
== Activities == | == Activities == | ||
* Read about [[Amazon CloudFront]]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html | * Read about [[Amazon CloudFront]]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html | ||
+ | * Cloudflare: https://developers.cloudflare.com/pages/how-to/add-custom-http-headers/ | ||
== See also == | == See also == | ||
+ | * {{XFF}} | ||
+ | * {{HTTP headers}} | ||
* {{HTTP Header}} | * {{HTTP Header}} | ||
− | |||
− | |||
[[Category:Web]] | [[Category:Web]] |
Latest revision as of 12:31, 28 October 2024
WWW-Authenticate
Authorization:
Content-Security-Policy
[1]X-Frame-Options
(deprecated): https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
Cache-Control: no-cache, no-store, max-age
- X-Forwarded-For (XFF)
Sec-Fetch-Mode
Activities[edit]
- Use Terraform aws lb: drop_invalid_header_fields to drop not valid headers
Related terms[edit]
aws s3 cp --cache-control
- Clickjacking
- Bearer token:
Authorization: Bearer .../...
curl --header
- Python,
urllib
library - HTTP Security headers
has been blocked by CORS policy no 'access-control-allow-origin' header is present on the request
- Request Header Fields: https://www.rfc-editor.org/rfc/rfc2616#section-5.3
Activities[edit]
- Read about Amazon CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html
- Cloudflare: https://developers.cloudflare.com/pages/how-to/add-custom-http-headers/
See also[edit]
- X-Forwarded-For (XFF), HTTP/1.1: Request Header Fields
- HTTP headers, Security headers, HTTP Security headers, X-Forwarded-For (XFF)
- HTTP Headers:
Authorization:, X-Frame-Options, Content-Security-Policy, Cache-Control
, Terraform:drop_invalid_header_fields
Advertising: