search
Home

HTTP security headers

hashtag
General

HTTP header
Estado

Strict-Transport-Security

Recomendado

Content-Security-Policy

Recomendado

X-Content-Type-Options

Recomendado

Content-Type

Recomendado

X-Frame-Options

Opcional según contexto

Referrer-Policy

Opcional según contexto

Cache-Control

Opcional según contexto

chevron-rightStrict-Transport-Securityhashtag
Strict-Transport-Security: max-age=31536000; includeSubDomains
chevron-rightContent-Security-Policyhashtag
Content-Security-Policy: default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
chevron-rightX-Content-Type-Optionshashtag
X-Content-Type-Options: nosniff
chevron-rightContent-Typehashtag
chevron-rightX-Frame-Optionshashtag
chevron-rightReferrer-Policyhashtag
chevron-rightCache-Controlhashtag

hashtag
cURL

  • -I = headers.

  • -L = seguir redireccionamientos.

  • --url = URL (Uniform Resource Locator).

    • <target> = objetivo.

hashtag
Nmap

  • -p = puertos.

  • --script http-security-headers = HTTP security headers.

  • <target> = objetivo.

hashtag
Nuclei

hashtag
securityheaders

hashtag
shcheck

hashtag
Mozilla Observatory

hashtag
OWASP Secure Headers Project

hashtag
Security Headers

AnteriorTecnologías webSiguienteHTTP methods (verbs)

Última actualización