Must Revalidate HTTP Cache-Control
Download List of All Websites using Must Revalidate HTTP Cache-Control
Indicates that once a resource has become stale (e.g. max-age has expired), a cache must not use the response to satisfy subsequent requests for this resource without successful validation on the origin server.
Tags:
Public Cache-Control
Download List of All Websites using Public Cache-Control
Indicates that the response may be cached by any cache, even if the response would normally be non-cacheable (e.g. if the response does not contain a max-age directive or the Expires header).
Tags:
Proxy Revalidate HTTP Cache-Control
Download List of All Websites using Proxy Revalidate HTTP Cache-Control
Same as must-revalidate, but it only applies to shared caches (e.g., proxies) and is ignored by a private cache.
Tags:
HSTS - Browser HTTPS Only
Download List of All Websites using HSTS - Browser HTTPS Only
The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP for 63072000 seconds
X-Frame-Options Header
Download List of All Websites using X-Frame-Options Header
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Vary Header check for User-Agent
Download List of All Websites using Vary Header check for User-Agent
When using the Vary: User-Agent header, caching servers should consider the user agent when deciding whether to serve the page from cache
Tags:
Vary Header Accept-Encoding
Download List of All Websites using Vary Header Accept-Encoding
The Accept-Encoding request HTTP header advertises which content encoding, usually a compression algorithm, the client is able to understand. Using content negotiation, the server selects one of the proposals, uses it and informs the client of its choice with the Content-Encoding response header.
Tags:
Block Content Sniffing
Download List of All Websites using Block Content Sniffing
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing, or, in other words, it is a way to say that the webmasters knew what they were doing.
Tags:
XSS-Protection Header
Download List of All Websites using XSS-Protection Header
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although these protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript (`unsafe-inline`), they can still provide protections for users of older web browsers that don`t yet support CSP.
Tags: