Content-Security-Policy (CSP)限制页面资源加载来源示例: Content-Security-Policy: default-src 'self'X-Frame-Options防止点击劫持示例: X-Frame-Options: DENYX-Content-Type-Options禁用MIME类型嗅探示例: X-Content-Type-O
有效的HTTP响应头及其操作示例:Content-Security-Policy防止XSS攻击示例: X-Content-Type-Options阻止MIME类型嗅探示例: X-Frame-Options防止点击劫持示例: Strict-Transport-Security (HSTS)强制HTTPS示例: X-XSS-Protection启用浏览器XSS过滤器示例: Referrer-Polic
