Security options
HTTP security headers
X-Frame-Options
X-Content-Type-Options
X-XSS-Protection (deprecated)
Content-Security-Policy (CSP)
- Content Security Policy Level 3, W3C Working Draft (In conformance with CSP3 we consider
frame-src
not as deprecated.) - Content Security Policy Level 2, W3C Recommendation
- MDN webdocs on Content-Security-Policy
- Mozilla's Laboratory (Content Security Policy / CSP Toolkit)
Referrer-Policy
- Referrer Policy, W3C Candidate Recommendation, 26 January 2017
- Referrer Policy, Editor’s Draft
- Referrer-Policy, MDN webdocs
Other security options
Security.txt
- RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
- Securitytxt.org
- "Wat is security.txt?" (in Dutch) by Digital Trust Center
- "Coordinated Vulnerability Disclosure: the Guideline" by NCSC-NL