Java-HTTP安全头

2020-07-20T14:35:10
 @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest)request;
        HttpServletResponse resp = (HttpServletResponse)response;

        String sessionid = req.getSession().getId();
        resp.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; HttpOnly");
        resp.setHeader("x-frame-options","SAMEORIGIN"); //X-Frame-Options
        resp.setHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; ");//Strict-Transport-Security: max-age=expireTime [; includeSubDomains] [; preload]
        resp.setHeader("X-XSS-Protection","1;mode=block");
        resp.setHeader("X-Content-Type-Options","nosniff");
        resp.setHeader("Referrer-Policy", "no-referrer-when-downgrade");
        resp.setHeader("Cache-Control","no-cache");
        chain.doFilter(request, response);
    }
当前页面是本站的「Baidu MIP」版。发表评论请点击:完整版 »