Technique | Type | Combats |
---|---|---|
Strict Transport Security | header | protocol downgrade, session hijacking |
Public Key Pinning | header | impersonation |
CSP Content Security Policy | header | cross site scripting |
Same-Origin Policy | browser | cross site request forgery |
Technique | Type | Relaxes |
---|---|---|
CORS Cross-Domain Resource Sharing | header | Same-Origin Policy |
Technique | Description |
---|---|
SNI Server Name Indication | An extension to TLS which allows multiple HTTPS virtual top-level hosts |
SSL Test | A tool for testing your HTTPS connection |
Security Headers test | A tool for testing your security related headers (see techniques of type header ) |