Block Content Sniffing
Download List of All Websites using Block Content Sniffing
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing, or, in other words, it is a way to say that the webmasters knew what they were doing.
Tags:
X-Frame-Options Header
Download List of All Websites using X-Frame-Options Header
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Vary Header check for User-Agent
Download List of All Websites using Vary Header check for User-Agent
When using the Vary: User-Agent header, caching servers should consider the user agent when deciding whether to serve the page from cache
Tags:
Vary Header Accept-Encoding
Download List of All Websites using Vary Header Accept-Encoding
The Accept-Encoding request HTTP header advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header.
Tags:
XSS-Protection Header
Download List of All Websites using XSS-Protection Header
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript (`unsafe-inline`), they can still provide protections for users of older web browsers that don`t yet support CSP.
Tags: