X-Content-Type-Options

X-Content-Type-Options

X-Content-Type-Options This HTTP header is typically used to control the MIME Type Sniffing function in web browsers. MIME Type Sniffing is a content evaluation function used by browsers when the...
Read More
Content Security Policy

Content Security Policy

Content Security Policy Introduced in November 2012, Content Security Policy presents an extra layer of security against multiple vulnerabilities such as XSS, Clickjacking, Protocol Downgrading and...
Read More
X-Permitted-Cross-Domain-Policies

X-Permitted-Cross-Domain-Policies

X-Permitted-Cross-Domain-Policies Using Adobe products like PDF, Flash, etc.? You can implement this header to instruct the browser on how to handle the requests over a cross-domain. By implementing...
Read More
Referrer-Policy

Referrer-Policy

Referrer-Policy Referer is a request header that is confusing on multiple levels. First of all ‘referer’ is misspelt. (The correct spelling is ‘referrer’.) Even though this is an amusing fun fact, it...
Read More
Expect-CT

Expect-CT

Expect-CT The header that will eventually replace HPKP is called Expect-CT. Even though HPKP was a useful security feature, it by far wasn’t the only way to detect certificates issued by rogue CAs or...
Read More
Permissions-Policy

Permissions-Policy

Permissions-Policy Earlier known as Feature-Policy, it is renamed as Permissions-Policy with enhanced features. You can check out this to understand the big changes between Feature-Policy to...
Read More
Clear Site Data

Clear Site Data

Clear Site Data As you may guess by the name, implementing a Clear-Site-Data header is a great way to tell a client to clear browsing data such as cache, storage, cookies, or everything. This gives...
Read More
Shopping Cart