Common HTTP response headers
HTTP requests return some common response headers that address browser security concerns. These headers have fixed values. The table below describes these headers.
Header | Value | Description |
---|---|---|
Cache-Control | no-cache,no-store,must- revalidate |
Specifies directives that must be obeyed by all caching mechanisms along the request/response chain |
Content-Security- Policy |
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe- inline'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-ancestors 'self'; |
Restricts the content that the browser can load to the sources specified by the header value |
Expires | Thu, 01 Jan 1970 00:00:00 GMT |
Causes the response to become stale immediately after it is sent |
Pragma | no-cache | Prevents the response from being used for subsequent requests for the same resource without the browser first checking whether the resource has changed |
X-Content-Type- Options |
nosniff | Prevents the browser from examining the returned content to determine the content MIME type |
X-DNS-Prefetch- Control |
off | Prevents the browser from performing domain name resolution on URLs embedded in returned content before the URLs are requested |
X-Download- Options |
noopen | Prevents the browser from opening resources that are downloaded through links in the returned content |
X-Frame-Options | SAMEORIGIN | Prevents the browser from rendering the returned content in a frame on a page containing content not returned by the HCP system |
X-XSS-Protection | 1; mode=block | Stops the browser from loading the returned content if the browser detects reflected cross-site scripting (XSS) in the response |
Note: HCP can also return several standard HTTP response headers that are not described in this book. Among others, these include Connection, Content-Disposition, Content-Encoding, and Content-Language. For more information on HTTP response headers, see the HTTP/1.1 standards (RFCs 7230 through 7237). |
Trademarks and Legal Disclaimer
© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.