HTTP

Tag

Security

28 resources tagged Security across methods, status codes, headers, cookies, guides, and glossary.

All Tags Search All Content
HTTP Headers

Access-Control-Allow-Credentials Header

Learn how Access-Control-Allow-Credentials controls whether browsers expose responses when credentials (cookies, auth headers) are included in CORS requests.

 HTTP Headers

Access-Control-Allow-Headers Header

Learn how Access-Control-Allow-Headers specifies which custom HTTP headers can be used during cross-origin requests in CORS preflight responses.

 HTTP Headers

Access-Control-Allow-Methods Header

Learn how Access-Control-Allow-Methods specifies which HTTP methods are permitted for cross-origin requests in CORS preflight responses.

 HTTP Headers

Access-Control-Allow-Origin

Learn how Access-Control-Allow-Origin controls which origins can access resources in CORS. Covers wildcard, specific origin, and credential configurations.

 HTTP Headers

Authentication-Info Header

Learn how Authentication-Info provides additional authentication data in responses to successful requests. Covers digest authentication and session info.

 HTTP Headers

Authorization Header: HTTP Authentication

Learn how the Authorization header works, different authentication schemes (Bearer, Basic, API keys), and security best practices.

 HTTP Headers

Content-Security-Policy Header

Learn how Content-Security-Policy (CSP) defines security policies to prevent XSS, clickjacking, and code injection. Master CSP directives and best practices.

 Guides

Cookie Security: HttpOnly, SameSite, and Secure Flags

A comprehensive guide to understanding and implementing secure HTTP cookies to protect against XSS, CSRF, and session hijacking attacks.

 Guides

Cross-Origin Resource Sharing (CORS)

Master Cross-Origin Resource Sharing (CORS) for secure cross-origin HTTP requests. Learn preflight requests, headers, credentials, and common error solutions.

 HTTP Headers

Cross-Origin-Embedder-Policy

Learn how Cross-Origin-Embedder-Policy (COEP) controls cross-origin resource loading. Required for SharedArrayBuffer and high-resolution timer access.

 HTTP Headers

Cross-Origin-Opener-Policy

Learn how Cross-Origin-Opener-Policy (COOP) isolates your browsing context from cross-origin documents. Required for SharedArrayBuffer and enhanced security.

 HTTP Headers

Cross-Origin-Resource-Policy

Learn how Cross-Origin-Resource-Policy (CORP) blocks no-cors cross-origin requests to protect resources from Spectre attacks and data leaks.

 Cookie Attributes

Domain

Learn how the Domain cookie attribute controls which domains can access cookies. Understand subdomain sharing, security implications, and restrictions.

 Guides

HTTP Authentication Methods and Best Practices

A comprehensive guide to HTTP authentication methods including Basic Auth, Bearer tokens, API keys, and OAuth 2.0.

 Cookie Attributes

HttpOnly Cookie Attribute: XSS Protection

Learn how the HttpOnly cookie attribute protects against XSS attacks by preventing JavaScript access to sensitive cookies.

 Guides

HTTPS and TLS: How Secure Connections Work

Beginner-to-advanced guide to HTTP vs HTTPS, TLS basics, migration checklists, and HTTP/1.1 vs HTTP/2 tradeoffs for production systems.

 HTTP Headers

Origin Header

Learn how the Origin header identifies where cross-origin requests come from. Essential for CORS security policies and preventing cross-site request forgery.

 Cookie Attributes

Path

Learn how the Path cookie attribute restricts which URL paths can receive cookies. Understand path matching rules and how to scope cookies to specific routes.

 HTTP Headers

Permissions-Policy Header

Learn how the Permissions-Policy header controls which browser features and APIs can be used in your site and embedded iframes. Enhance security and privacy.

 HTTP Headers

Referer Header

Learn how the Referer header tells servers which page led to the current request. Understand its use in analytics, security, and privacy implications.

 HTTP Headers

Referrer-Policy Header

Learn how Referrer-Policy controls how much referrer information is sent with requests. Protect user privacy while maintaining analytics functionality.

 Cookie Attributes

SameSite Cookie Attribute: CSRF Protection

Learn how the SameSite cookie attribute prevents CSRF attacks, the differences between Strict, Lax, and None, and when to use each.

 Cookie Attributes

Secure

Learn how the Secure cookie attribute ensures cookies are only sent over HTTPS connections. Protect sensitive data from man-in-the-middle attacks.

 HTTP Headers

Strict-Transport-Security Header

Learn how Strict-Transport-Security (HSTS) forces browsers to only communicate over HTTPS, preventing protocol downgrade and man-in-the-middle attacks.

 HTTP Headers

WWW-Authenticate

Learn how the WWW-Authenticate header specifies authentication methods required to access protected resources. Understand Basic, Bearer, and Digest schemes.

 HTTP Headers

X-Content-Type-Options Header

Learn how X-Content-Type-Options with nosniff prevents browsers from MIME-sniffing responses. Protect against XSS attacks from content type confusion.

 HTTP Headers

X-Frame-Options Header

Learn how X-Frame-Options prevents clickjacking attacks by controlling whether your site can be embedded in frames, iframes, or objects on other domains.

 HTTP Headers

X-XSS-Protection Header

Deprecated header that enabled browser XSS filters to detect and block reflected cross-site scripting attacks.