Content-Security-Policy <- prevent xss attack
X-XSS-Protection <- same
X-Frame-Options <- prevent clickjacking
X-Content-Type-Options <- prevent MIME sniffing
Referrer-Policy <- control how much information the browser with navigation
enum ReferrerPolicy {
"",
"no-referrer",
"no-referrer-when-downgrade",
"same-origin",
"origin",
"strict-origin",
"origin-when-cross-origin",
"strict-origin-when-cross-origin",
"unsafe-url"
};
Permissions-Policy <- controle wich feature and api can be used
Hey, It may a bit off topic but adding the most common security headers may be a good idea
Strict-Transport-Security <- strengthens tls implementation
Content-Security-Policy <- prevent xss attack X-XSS-Protection <- same
X-Frame-Options <- prevent clickjacking
X-Content-Type-Options <- prevent MIME sniffing
Referrer-Policy <- control how much information the browser with navigation enum ReferrerPolicy { "", "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url" };
Permissions-Policy <- controle wich feature and api can be used