Difference between revisions of "HTTP headers"
Jump to navigation
Jump to search
(One intermediate revision by the same user not shown) | |||
Line 14: | Line 14: | ||
* [[Permissions-Policy]] | * [[Permissions-Policy]] | ||
* <code>[[Cache-Control]]: [[no-cache]], [[no-store]], [[max-age]]</code> | * <code>[[Cache-Control]]: [[no-cache]], [[no-store]], [[max-age]]</code> | ||
+ | * [[X-Forwarded-For (XFF)]] | ||
== Activities == | == Activities == | ||
− | * Use [[Terraform aws lb: drop_invalid_header_fields]] to drop headers | + | * Use [[Terraform aws lb: drop_invalid_header_fields]] to drop not valid headers |
== Related terms == | == Related terms == |
Latest revision as of 15:20, 13 September 2024
WWW-Authenticate
Authorization:
Content-Security-Policy
[1]X-Frame-Options
(deprecated): https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
Cache-Control: no-cache, no-store, max-age
- X-Forwarded-For (XFF)
Activities[edit]
- Use Terraform aws lb: drop_invalid_header_fields to drop not valid headers
Related terms[edit]
aws s3 cp --cache-control
- Clickjacking
- Bearer token:
Authorization: Bearer .../...
curl --header
- Python,
urllib
library - HTTP Security headers
has been blocked by CORS policy no 'access-control-allow-origin' header is present on the request
Activities[edit]
See also[edit]
Advertising: