====== Entêtes HTTP de sécurité ======


  * [[/glossaire/XSS|Cross Site Scripting (XSS)]]
  * [[/glossaire/CSRF|Cross-Site Request Forgeries (CSRF)]]
  * [[/glossaire/XST|Cross site tracing (XST)]]
  * [[/glossaire/CSP|Content Security Policy (CSP)]]
    * https://developer.mozilla.org/fr/docs/Web/HTTP/CSP
    * https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
  * [[/glossaire/HPP|HTTP Parameter Pollution (HPP)]]
  * HTTP Strict Transport Security (HSTS)
    * HSTS est un en-tête HTTP, Strict-Transport-Security
    * [[https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html|HTTP Strict Transport Security]] sur owasp
  * [[https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Referrer-Policy|Referrer-Policy]]
    * ''Referrer-Policy: same-origin''