Table of Contents
List
- Cross-Origin-Embedder-Policy (COEP) header
- Cross-Origin-Opener-Policy (COOP) header
- Cross-Origin-Resource-Policy (CORP) header
- Content-Security-Policy (CSP) header
- Content-Security-Policy-Report-Only (CSPRO) header
- Expect-CT (experiemental) - lets sites opt in to reporting and enforcement of Certificate Transparency to detect use of misussed certificate for that site .
- Permissions-Policy header
- Reporting-Endpoints (experiemental) - response header that allows website owners to specify one or more endpoints used to receive errors such as CSP violation reports , Cross-Origin-Opener-Policy (COOP) reports, or other generic violations
- Strict-Transport-Security (HSTS) header
- Upgrade-Insecure-Requests header
- X-Content-Type-Options header
- X-Frame-Options (XFO) header
- X-Permitted-Cross-Domain-Policies header
- X-Powered-By header
- X-XSS-Protection (non-standard) - was a feature of Internet Explorer , Chrome and Safari that stopped pages from loading when they detected reflected cross-site scripting (XSS) attacks.