-
Notifications
You must be signed in to change notification settings - Fork 0
/
headers.html
139 lines (136 loc) · 8.79 KB
/
headers.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>headers</title>
<link rel="stylesheet" href="styles/sommaire.css">
</head>
<body>
<br>
<h2><a href="index.html" class="bg1">Security</a></h2>
<div class="blue">
<ul>
<li>
<a href="https://tools.ietf.org/html/rfc6265#section-4.1" target="_blank">Cookie security attributes</a>
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie">(1)</a> |
<a href="domxss/csp.html" target="_blank">CSP</a> |
<a href="https://tools.ietf.org/html/rfc7034" target="_blank">XFO</a>
<a href="https://www.youtube.com/watch?v=JrSFc_KeNzc">(1)</a> |
<a href="https://tools.ietf.org/html/rfc6797" target="_blank">HSTS</a> |
<a href="https://www.youtube.com/watch?v=l7WFXv5cXzA" target="_blank">x-xss-protection</a> |
<a href="domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=20" target="_blank">x-content-type</a>
<a href="https://fetch.spec.whatwg.org/#x-content-type-options-header" target="_blank">(1</a>,
<a href="https://www.youtube.com/watch?v=ZsrjRhFi90s&t=763s">2</a>)
</li>
</ul>
</div>
<h2><a href="https://www.iana.org/assignments/message-headers/message-headers.xhtml#perm-headers" target="_blank">Privacy</a></h2>
<div class="yellow">
<ul>
<li>
<a href="https://www.youtube.com/watch?v=TNlcoYLIGFk&t=1336s" target="_blank">CORS: </a>
<a href="https://developer.mozilla.org/fr/docs/Web/HTTP/CORS" target="_blank">MDN,</a>
<a href="https://www.manning.com/books/cors-in-action" target="_blank"> CORS in Action,</a>
<a href="definition.html#CORSDefinition" target="_blank">definition </a>
<a href="domxss/script.html" target="_blank">(script tag...) </a> |
<a href="domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=23" target="_blank">referrer policy</a>
<a href="https://www.w3.org/TR/referrer-policy/" target="_blank">(1</a>,
<a href="https://www.youtube.com/watch?v=TNlcoYLIGFk&t=1250s" target="_blank">2,</a>
<a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lekies.pdf#page=11" target="_blank">3,</a>
<a href="https://www.youtube.com/watch?v=lCmiYKgq-o8" target="_blank">4</a>) |
<a href="https://tools.ietf.org/html/rfc7231#section-7.4.2" target="_blank">server</a> |
<a href="https://tools.ietf.org/html/rfc7231#section-7.1.1.2" target="_blank">date</a>
</li>
</ul>
</div>
<h2><a href="https://www.youtube.com/playlist?list=PLxeJU39M7tLFbwYxe27vzwNeX3rCgONg4" target="_blank">Parameters</a></h2>
<div class="red">
<ul>
<li>
<a href="https://tools.ietf.org/html/rfc7231#section-4" target="_blank">request method</a> |
<a href="https://tools.ietf.org/html/rfc7231#section-5" target="_blank">request URL</a> |
<a href="https://tools.ietf.org/html/rfc7231#section-6" target="_blank">response status code</a>
</li>
</ul>
</div>
<h2><a href="https://www.iana.org/assignments/message-headers/message-headers.xhtml#perm-headers" target="_blank">Request</a></h2>
<div class="green">
<ul>
<li><a href="https://tools.ietf.org/html/rfc7231#section-5.3.4" target="_blank">accept-encoding</a></li>
<li><a href="https://tools.ietf.org/html/rfc7231#section-5.3.5" target="_blank">accept-language</a></li>
<li><a href="https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header" target="_blank">sec-fetch-dest</a> |
<a href="https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-mode-header" target="_blank">sec-fetch-mode</a> |
<a href="https://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-site-header" target="_blank">sec-fetch-site</a></li>
</li>
</ul>
</div>
<h2><a href="https://tools.ietf.org/html/rfc7231#section-8.3.2">Response</a></h2>
<div class="orange">
<ul>
<li><a href="https://tools.ietf.org/html/rfc7233#section-2.3">accept-ranges</a></li>
<li><a href="https://tools.ietf.org/html/rfc7231#section-3.1.2.2" target="_blank">content-encoding</a> |
<a href="https://tools.ietf.org/html/rfc7230#section-3.3.2" target="_blank">content-length</a></li>
<li><a href="https://www.chromestatus.com/feature/5432089535053824" target="_blank">cross-origin-opener-policy</a></li>
<li><a href="https://tools.ietf.org/html/rfc7232#section-2.2" target="_blank">last-modified</a></li>
<li><a href="https://docs.fastly.com/en/guides/getting-started-with-surrogate-keys" target="_blank" class="red">surrogate-key</a></li>
<li><a href="https://tools.ietf.org/html/rfc7231#section-7.1.4" target="_blank">vary</a>
</li>
<li><a href="domxss/domxsspapers/headers/2017 - Exploring HTTP Header Manipulation In-The-Wild.pdf#page=6" target="_blank">x-cache</a>(
<a href="https://www.youtube.com/watch?v=TNlcoYLIGFk&t=667s">1</a>)
</li>
</li>
<li><a href="domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=22" target="_blank">x-powered-by</a></li>
<li><a href="https://staart.js.org/api/response-headers" target="_blank">x-response-time</a></li>
<li><a href="https://tools.ietf.org/html/rfc7234#section-5.1" target="_blank">x-ton-expected-size</a></li>
</ul>
</div>
<h2><a href="https://tools.ietf.org/html/rfc7231#section-5.3" target="_blank">Content Negociation</a></h2>
<div class="violet">
<ul>
<li><a href="https://tools.ietf.org/html/rfc7231#section-5.3.4" target="_blank">accept-encoding</a> |
<a href="https://tools.ietf.org/html/rfc7231#section-5.3.5" target="_blank">accept-language</a></li>
</ul>
</div>
<h2><a href="https://tools.ietf.org/html/rfc7231#section-5.5" target="_blank">Request Context</a></h2>
<div class="yellow">
<ul>
<li>
<a href="https://tools.ietf.org/html/rfc7231#section-5.5.3" target="_blank">user-</a>
<a href="https://humanwhocodes.com/blog/2010/01/12/history-of-the-user-agent-string/" target="_blank">agent</a> |
<a href="https://tools.ietf.org/html/rfc7231#section-5.5.2" target="_blank">referer</a>
</li>
</ul>
</div>
<h2><a href="https://www.youtube.com/watch?v=WImU1HhsB8k&t=172s" target="_blank">Caching</a></h2>
<div class="red">
<ul>
<li>
<a href="https://tools.ietf.org/html/rfc7234#section-5.4" target="_blank"><s>pragma</s></a> |
<a href="https://tools.ietf.org/html/rfc7234#section-5.3" target="_blank"><s>expires</s></a> |
<a href="https://tools.ietf.org/html/rfc7234#section-5.1" target="_blank"><s>age</s></a> |
<a href="https://tools.ietf.org/html/rfc7232#section-2.3" target="_blank">etag</a>
<a href="https://www.youtube.com/watch?v=WImU1HhsB8k&t=209s">(1)</a> |
<a href="https://tools.ietf.org/html/rfc7234#section-5.2" target="_blank">cache-control</a>
<a href="https://www.youtube.com/watch?v=WImU1HhsB8k&t=282s">(1)</a> |
</li>
</ul>
</div>
<h2><a href="https://tools.ietf.org/html/rfc7231#section-5.5" target="_blank">Amazon-specific</a></h2>
<div class="creme">
<ul>
<li><a href="https://developer.fastly.com/reference/http-headers/X-Served-By/" target="_blank">x-served-by</a></li>
<li><a href="https://developer.fastly.com/reference/http-headers/X-Served-By/" target="_blank">x-amz-ir-id</a></li>
<li><a href="https://www.w3.org/TR/resource-timing-1/#timing-allow-origin" target="_blank" class="red">timing-allow-origin</a></li>
</ul>
</div>
<h2><a href="https://tools.ietf.org/html/rfc7231#section-5.5" target="_blank">Twitter-specific</a></h2>
<div class="blue">
<ul>
<li><a href="https://twitter.com/TwitterAPI/status/453289427700170752" target="_blank">x-connection-hash</a></li>
<li><a href="https://twitter.com/TwitterAPI/status/453289427700170752" target="_blank">x-ton-expected-size</a></li>
<li><a href="https://twitter.com/TwitterAPI/status/453289427700170752" target="_blank">x-connection-hash</a></li>
</ul>
</div>
</body>
</html>