X-헤더, 무엇을 그리고 왜?
내용물
소개
Continuing on from my previous blog about website security week , 우리는 일련의X-
보안 헤더에 대해 이야기할 것입니다.사이트가 제공될 때 사이트에 headers으로 설정되어 있으므로 자세히 살펴보겠습니다.
X-콘텐츠 유형-옵션
This header indicates that the browser should not try and sniff the type of the file served up. Sniffing of the file type would mean the browser modifying the Content-Type
header that is returned from the server.
Background on content sniffing .
브라우저가 코드를 스니핑하지 않도록 하는 것이 가장 좋습니다.
권장 설정:
X-Content-Type-Options: nosniff
자세한 내용은 Modzilla에서 읽을 수 있습니다.
X-XSS-보호
This header has mostly been superseeded by the Content Security Policy, however its still useful for old browsers.
This header can be set so browsers detect XSS (Cross Site Scripting) and block loading of resources once a Cross Site Scripting attack has been detected.
Recommended setting:
X-XSS-Protection: 1; mode=block
X-프레임-옵션
This header has mostly been superseeded by the Content Security Policy, however its still useful for old browsers.
This indicates if the site can be loaded in a <frame>
, <iframe>
, <embed>
or <object>
.
Use this header to ensure you site and content cannot be embedded in someone elses site, this is commonly referred to click jacking attack.
Recommended setting:
X-Frame-Options: DENY
요약
In summary, setting a few additional headers when serving up your site can really improve the security of your site. It reduces the amount of attack surface there is for attackers and prevent common attacks on websites.
Set those headers now!
Happy Building!
Reference
이 문제에 관하여(X-헤더, 무엇을 그리고 왜?), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/jordanfinners/x-headers-what-and-why-jd텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)