I talk about implementing common headers in your web app to increase its security.
Access-Control-Allow-Origin
: Defines domains that can access your content. MDN link.Permissions-Policy
: Defines permissions your web app can request for. W3C link.Referrer-Policy
: Defines how much information you share with link B about link A when you go from link A to link B. MDN link.Strict-Transport-Security
: Defines whether or not https://
should be compulsory when accessing your web app. MDN link.X-Content-Type-Options
: Mandates content to be of the type defined. MDN link.X-Frame-Options
: Defines whether or not your web app can be loaded within an iframe
or other embed elements. MDN link.X-XSS-Protection
: Defines Cross-Site Scripting filter level. MDN link.#chrome #firefox #react #angular