Here is a list of usefull HTTP headers for responses you should know about:<\/p>\n
When set to „nosniff<\/em>„, this header will prevent browsers from MIME-sniffing a response away from the declared content-type. While this header is more relevant for „normal“ web applications (it protects against some types of drive-by-downloads), it does not hurt to add it to your REST service, if<\/p>\n See http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/09\/02\/ie8-security-part-vi-beta-2-update.aspx<\/a><\/p>\n Provides Clickjacking protection. Allowed values are:<\/p>\n Re-enables cross side scripting protection in IE and Chrome if user has disabled it.<\/p>\n Enables HTTP Strict Transport Security (HSTS)<\/a>. This prevents browsers from using an insecure connection to a server for a given time (in seconds). Additionally, you can include all subdomains:<\/p>\n Here is a list of usefull HTTP headers for responses you should know about: X-Content-Type-Options When set to „nosniff„, this header will prevent browsers from MIME-sniffing a response away from the declared content-type. While this header is more relevant for … Weiterlesen X-Content-Type-Options: nosniff<\/code><\/pre>\n\n
\n
X-Frame-Options: deny<\/code><\/pre>\n\n
X-XSS-Protection: 1; mode=block<\/code><\/pre>\n\n
Strict-Transport-Security: max-age=16070400; includeSubDomains<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"