Skip to main content

SecurityHeaders

Overview

Usage

import { SecurityHeaders } from 'keywork/http/headers'

Properties

Content-Security-Policy

Content-Security-Policy: `string`

Controls resources the user agent is allowed to load for a given page.

Defined in

http/headers/mod.ts:356

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: `string`

Allows web developers to experiment with policies by monitoring, but not enforcing, their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.

Defined in

http/headers/mod.ts:358

Cross-Origin-Embedder-Policy

Cross-Origin-Embedder-Policy: `string`

Allows a server to declare an embedder policy for a given document.

Defined in

http/headers/mod.ts:350

Cross-Origin-Opener-Policy

Cross-Origin-Opener-Policy: `string`

Prevents other domains from opening/controlling a window.

Defined in

http/headers/mod.ts:352

Cross-Origin-Resource-Policy

Cross-Origin-Resource-Policy: `string`

Prevents other domains from reading the response of the resources to which this header is applied.

Defined in

http/headers/mod.ts:354

Expect-CT

Expect-CT: `string`

Allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.

Defined in

http/headers/mod.ts:360

Feature-Policy

Feature-Policy: `string`

Provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds.

Defined in

http/headers/mod.ts:362

Origin-Isolation

Origin-Isolation: `string`

Provides a mechanism to allow web applications to isolate their origins.

Defined in

http/headers/mod.ts:367

Strict-Transport-Security

Strict-Transport-Security: `string`

Force communication using HTTPS instead of HTTP.

Defined in

http/headers/mod.ts:369

Upgrade-Insecure-Requests

Upgrade-Insecure-Requests: `string`

Sends a signal to the server expressing the client's preference for an encrypted and authenticated response, and that it can successfully handle the "upgrade-insecure-requests" directive.

Defined in

http/headers/mod.ts:371