Updated notes on X-XSS-Protection
Not just for IE
This commit is contained in:
Neil Matatall
Родитель
8816ac4a04
Коммит
058e58dd17
|
|
@ -4,7 +4,7 @@ The gem will automatically apply several headers that are related to security.
|
|||
- Content Security Policy (CSP) - Helps detect/prevent XSS, mixed-content, and other classes of attack. [CSP 1.1 Specification](https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html)
|
||||
- HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. [HSTS Specification](https://tools.ietf.org/html/rfc6797)
|
||||
- X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. [X-Frame-Options draft](https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-00)
|
||||
- X-XSS-Protection - [Cross site scripting filter for IE](http://msdn.microsoft.com/en-us/library/dd565647\(v=vs.85\).aspx)
|
||||
- X-XSS-Protection - [Cross site scripting heuristic filter for IE/Chrome](http://msdn.microsoft.com/en-us/library/dd565647\(v=vs.85\).aspx)
|
||||
- X-Content-Type-Options - [Prevent content type sniffing](http://msdn.microsoft.com/en-us/library/ie/gg622941\(v=vs.85\).aspx)
|
||||
|
||||
## Installation
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче