HTTP Security Headers Flashcards

1
Q

Explain the X-Permitted-Cross-Domain-Policies header

A
  • specifies the policy for cross-domain data sharing
  • can be used to control whether cross-domain requests are allowed or restricted, helping to prevent data leakage and cross-site request forgery (CSRF) attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain the X-Download-Options header

A
  • used to prevent Internet Explorer from executing HTML and executable files when downloaded from a web page
  • helps protect against certain types of attacks that exploit file downloads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain the X-Content-Security-Policy header

A
  • similar to Content-Security-Policy (CSP) and allows web developers to define a policy for controlling content sources
  • provides an additional layer of security for older browsers that do not support the CSP header
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain the X-Powered-By header

A
  • used to hide or modify the server information typically sent by the server software
  • prevent potential attackers from obtaining information about the server technology in use, reducing the risk of targeted attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain the Expect-CT header

A
  • enables websites to enforce Certificate Transparency (CT) for their SSL/TLS certificates
  • instructs the browser to only accept certificates that are logged in publicly audited CT logs, reducing the risk of certificate misissuance or fraudulent certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain the Feature-Policy header

A
  • allows web developers to control and limit the features or APIs that a web page can access
  • helps mitigate the risk of abuse or misuse of certain browser features that could be exploited by attackers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain the Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) headers

A

provide mechanisms to control cross-origin interactions and mitigate security risks associated with cross-origin communication and embedding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly