HTTP - Security Headers

About

In HTTP, the security is done via the setting of response header known as security header. They drives the execution of the browser page load

response HTTP header that control the browser and have an effect on security:

X-Content-Type-Options: nosniff
  • Referrer-Policy: HTTP - Referrer-Policy Header (to not leak private url)
  • Permissions-Policy: This header allows you to control which features and APIs can be used in the browser. It was previously named Feature-Policy. You can view the full list of permission options here.
Permissions-Policy: camera=(), microphone=(), geolocation=(), interest-cohort=()

Tools

Documentation / Reference


Powered by ComboStrap