Cache-Control示例:Cache-Control: max-age=3600, public作用:强制缓存1小时,允许代理/CDN缓存。Content-Encoding示例:Content-Encoding: gzip作用:启用Gzip压缩,减少传输体积。Strict-Transport-Security (HSTS)示例:Strict-Transport-Security: max-a
有效的HTTP响应头及其操作示例:Content-Security-Policy防止XSS攻击示例: X-Content-Type-Options阻止MIME类型嗅探示例: X-Frame-Options防止点击劫持示例: Strict-Transport-Security (HSTS)强制HTTPS示例: X-XSS-Protection启用浏览器XSS过滤器示例: Referrer-Polic
