有效的HTTP响应头及其操作示例:Content-Security-Policy防止XSS攻击示例: X-Content-Type-Options阻止MIME类型嗅探示例: X-Frame-Options防止点击劫持示例: Strict-Transport-Security (HSTS)强制HTTPS示例: X-XSS-Protection启用浏览器XSS过滤器示例: Referrer-Polic
