Difference between revisions of "HTTP headers"
Jump to navigation
Jump to search
↑ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
| Line 28: | Line 28: | ||
* [[HTTP Security headers]] | * [[HTTP Security headers]] | ||
* <code>[[has been blocked by CORS policy]] no '[[access-control-allow-origin]]' header is present on the request</code> | * <code>[[has been blocked by CORS policy]] no '[[access-control-allow-origin]]' header is present on the request</code> | ||
| − | * [[Request Header Fields]] | + | * [[Request Header Fields]]: https://www.rfc-editor.org/rfc/rfc2616#section-5.3 |
== Activities == | == Activities == | ||
Latest revision as of 09:52, 15 October 2024
WWW-AuthenticateAuthorization:Content-Security-Policy[1]X-Frame-Options(deprecated): https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
strict-Transport-Security- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
Cache-Control: no-cache, no-store, max-age- X-Forwarded-For (XFF)
Activities[edit]
- Use Terraform aws lb: drop_invalid_header_fields to drop not valid headers
Related terms[edit]
aws s3 cp --cache-control- Clickjacking
- Bearer token:
Authorization: Bearer .../... curl --header- Python,
urlliblibrary - HTTP Security headers
has been blocked by CORS policy no 'access-control-allow-origin' header is present on the request- Request Header Fields: https://www.rfc-editor.org/rfc/rfc2616#section-5.3
Activities[edit]
- Read about Amazon CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-security-headers.html
- Cloudflare: https://developers.cloudflare.com/pages/how-to/add-custom-http-headers/
See also[edit]
- X-Forwarded-For (XFF), HTTP/1.1: Request Header Fields
- HTTP headers, Security headers, HTTP Security headers, X-Forwarded-For (XFF)
- HTTP Headers:
Authorization:, X-Frame-Options, Content-Security-Policy, Cache-Control, Terraform:drop_invalid_header_fields
Advertising:
