René's URL Explorer Experiment


Title: headers

direct link

Domain: domaincontroller.github.io

Links:

Securityhttps://domaincontroller.github.io/index.html
Cookie security attributeshttps://tools.ietf.org/html/rfc6265#section-4.1
(1)https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
CSPhttps://domaincontroller.github.io/domxss/csp.html
XFOhttps://tools.ietf.org/html/rfc7034
(1)https://www.youtube.com/watch?v=JrSFc_KeNzc
HSTShttps://tools.ietf.org/html/rfc6797
x-xss-protectionhttps://www.youtube.com/watch?v=l7WFXv5cXzA
x-content-typehttps://domaincontroller.github.io/domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=20
(1https://fetch.spec.whatwg.org/#x-content-type-options-header
2https://www.youtube.com/watch?v=ZsrjRhFi90s&t=763s
Privacyhttps://www.iana.org/assignments/message-headers/message-headers.xhtml#perm-headers
CORS: https://www.youtube.com/watch?v=TNlcoYLIGFk&t=1336s
MDN,https://developer.mozilla.org/fr/docs/Web/HTTP/CORS
CORS in Action,https://www.manning.com/books/cors-in-action
definition https://domaincontroller.github.io/definition.html#CORSDefinition
(script tag...) https://domaincontroller.github.io/domxss/script.html
referrer policyhttps://domaincontroller.github.io/domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=23
(1https://www.w3.org/TR/referrer-policy/
2,https://www.youtube.com/watch?v=TNlcoYLIGFk&t=1250s
3,https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lekies.pdf#page=11
4https://www.youtube.com/watch?v=lCmiYKgq-o8
serverhttps://tools.ietf.org/html/rfc7231#section-7.4.2
datehttps://tools.ietf.org/html/rfc7231#section-7.1.1.2
Parametershttps://www.youtube.com/playlist?list=PLxeJU39M7tLFbwYxe27vzwNeX3rCgONg4
request methodhttps://tools.ietf.org/html/rfc7231#section-4
request URLhttps://tools.ietf.org/html/rfc7231#section-5
response status codehttps://tools.ietf.org/html/rfc7231#section-6
Requesthttps://www.iana.org/assignments/message-headers/message-headers.xhtml#perm-headers
accept-encodinghttps://tools.ietf.org/html/rfc7231#section-5.3.4
accept-languagehttps://tools.ietf.org/html/rfc7231#section-5.3.5
sec-fetch-desthttps://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-dest-header
sec-fetch-modehttps://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-mode-header
sec-fetch-sitehttps://w3c.github.io/webappsec-fetch-metadata/#sec-fetch-site-header
Responsehttps://tools.ietf.org/html/rfc7231#section-8.3.2
accept-rangeshttps://tools.ietf.org/html/rfc7233#section-2.3
content-encodinghttps://tools.ietf.org/html/rfc7231#section-3.1.2.2
content-lengthhttps://tools.ietf.org/html/rfc7230#section-3.3.2
cross-origin-opener-policyhttps://www.chromestatus.com/feature/5432089535053824
last-modifiedhttps://tools.ietf.org/html/rfc7232#section-2.2
surrogate-keyhttps://docs.fastly.com/en/guides/getting-started-with-surrogate-keys
varyhttps://tools.ietf.org/html/rfc7231#section-7.1.4
x-cachehttps://domaincontroller.github.io/domxss/domxsspapers/headers/2017 - Exploring HTTP Header Manipulation In-The-Wild.pdf#page=6
1https://www.youtube.com/watch?v=TNlcoYLIGFk&t=667s
x-powered-byhttps://domaincontroller.github.io/domxss/domxsspapers/headers/2018 - HTTP security headers analysis of top one million websites.pdf#page=22
x-response-timehttps://staart.js.org/api/response-headers
x-ton-expected-sizehttps://tools.ietf.org/html/rfc7234#section-5.1
Content Negociationhttps://tools.ietf.org/html/rfc7231#section-5.3
accept-encodinghttps://tools.ietf.org/html/rfc7231#section-5.3.4
accept-languagehttps://tools.ietf.org/html/rfc7231#section-5.3.5
Request Contexthttps://tools.ietf.org/html/rfc7231#section-5.5
user-https://tools.ietf.org/html/rfc7231#section-5.5.3
agenthttps://humanwhocodes.com/blog/2010/01/12/history-of-the-user-agent-string/
refererhttps://tools.ietf.org/html/rfc7231#section-5.5.2
Cachinghttps://www.youtube.com/watch?v=WImU1HhsB8k&t=172s
pragmahttps://tools.ietf.org/html/rfc7234#section-5.4
expireshttps://tools.ietf.org/html/rfc7234#section-5.3
agehttps://tools.ietf.org/html/rfc7234#section-5.1
etaghttps://tools.ietf.org/html/rfc7232#section-2.3
(1)https://www.youtube.com/watch?v=WImU1HhsB8k&t=209s
cache-controlhttps://tools.ietf.org/html/rfc7234#section-5.2
(1)https://www.youtube.com/watch?v=WImU1HhsB8k&t=282s
Amazon-specifichttps://tools.ietf.org/html/rfc7231#section-5.5
x-served-byhttps://developer.fastly.com/reference/http-headers/X-Served-By/
x-amz-ir-idhttps://developer.fastly.com/reference/http-headers/X-Served-By/
timing-allow-originhttps://www.w3.org/TR/resource-timing-1/#timing-allow-origin
Twitter-specifichttps://tools.ietf.org/html/rfc7231#section-5.5
x-connection-hashhttps://twitter.com/TwitterAPI/status/453289427700170752
x-ton-expected-sizehttps://twitter.com/TwitterAPI/status/453289427700170752
x-connection-hashhttps://twitter.com/TwitterAPI/status/453289427700170752

Viewport: width=device-width, initial-scale=1.0

URLs of crawlers that visited me.