Difference between revisions of "HTTP headers"
Jump to navigation
Jump to search
↑ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Line 22: | Line 22: | ||
* [[Python]], <code>[[urllib]]</code> library | * [[Python]], <code>[[urllib]]</code> library | ||
* [[HTTP Security headers]] | * [[HTTP Security headers]] | ||
+ | * [[Terraform aws lb: drop_invalid_header_fields]] | ||
* <code>[[has been blocked by CORS policy]] no '[[access-control-allow-origin]]' header is present on the request</code> | * <code>[[has been blocked by CORS policy]] no '[[access-control-allow-origin]]' header is present on the request</code> | ||
Revision as of 15:12, 28 June 2024
WWW-Authenticate
Authorization:
Content-Security-Policy
[1]X-Frame-Options
(deprecated): https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
Cache-Control: no-cache, no-store, max-age
Related terms
aws s3 cp --cache-control
- Clickjacking
- Bearer token:
Authorization: Bearer .../...
curl --header
- Python,
urllib
library - HTTP Security headers
- Terraform aws lb: drop_invalid_header_fields
has been blocked by CORS policy no 'access-control-allow-origin' header is present on the request
Activities
- Read about Amazon CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html
- Cloudflare: https://developers.cloudflare.com/pages/how-to/add-custom-http-headers/
See also
- HTTP Headers:
Authorization:, X-Frame-Options, Content-Security-Policy, Cache-Control
, Terraform:drop_invalid_header_fields
- HTTP/2, HTTP/3, Media type (
Content-Type
), HTTP headers, CVE-2023-44487 HTTP/2 Rapid Reset Vulnerability, Cloudflare Protocol optimization - HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1
Advertising: