Skip to main content

History: HTTP Headers

Source of version: 2

Copy to clipboard
            You'll find in tiki-admin.php?page=security

|| Name | Description | Introduced in Tiki version
HTTP header x-frame options | The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> | 16
HTTP Header X-XSS-Protection | The x-xss-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers | 16
HTTP Header X-Content-Type-Options | The x-content-type-options header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. | 17
HTTP Header X-Content-Type-Options | The x-content-type-options header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. | 17
HTTP Header Content-Security-Policy | The Content-Security-Policy header allows web site administrators to control resources the user agent is allowed to load for a given page. | 17
HTTP Header Strict-Transport-Security | The Strict-Transport-Security header (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. | 17
HTTP Header Public-Key-Pins | The Public-Key-Pins header associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. If one or several keys are pinned and none of them are used by the server, the browser will not accept the response as legitimate, and will not display it. | 17


Information Version
Marc Laporte 5
Marc Laporte 4
Jean-Marc Libs Removed duplicate line. Fixed capitalisation 3
Marc Laporte Edit restored by rescue script 2017-04-24T18:09:12+00:00 2
Marc Laporte Page created by rescue script 2017-04-24T18:09:12+00:00 1