Java-HTTP安全头 最后更新时间:2020年07月20日 ```java @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse)response; String sessionid = req.getSession().getId(); resp.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly"); resp.setHeader("x-frame-options","SAMEORIGIN"); //X-Frame-Options resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; ");//Strict-Transport-Security: max-age=expireTime [; includeSubDomains] [; preload] resp.setHeader("X-XSS-Protection","1;mode=block"); resp.setHeader("X-Content-Type-Options","nosniff"); resp.setHeader("Referrer-Policy", "no-referrer-when-downgrade"); resp.setHeader("Cache-Control","no-cache"); chain.doFilter(request, response); } ```
Comments | NOTHING