內容簡介
這個外掛提供了在網站回應中添加 HTTP headers 的簡單方式。
這些 headers 可以包括您的應用程式特定的自訂 headers,或者是安全相關的 headers。您可能希望指定一些用於保護網站的 headers,包括:
Public-Key-Pins
Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Content-Security-Policy
Content-Security-Policy-Report-Only
相關鏈接
Troy Hunt – 在 Pluralsight 上介紹瀏覽器安全標頭
PluralSight.com – 瀏覽器安全標頭簡介
OWASP – 有用的 HTTP headers 清單
Scott Helme – 加強您的 HTTP 回應 headers
外掛標籤
開發者團隊
原文外掛簡介
This plugin addresses the need for a simple way to add HTTP headers to outbound HTTP responses in your site.
These headers can include custom ones specific to your application, or can be security related. Some you may wish to specify to protect your site may include:
Public-Key-Pins
Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Content-Security-Policy
Content-Security-Policy-Report-Only
Related Links
Troy Hunt – Introducing you to browser security headers on Pluralsight
PluralSight.com – Introduction to Browser Security Headers
OWASP – List of useful HTTP headers
Scott Helme – Hardening your HTTP response headers
