staticSecurityHeaders top-level constant

Map<String, String> const staticSecurityHeaders

Static security headers shared by cached or text-based responses.

Example:

response.headers.set(
  'X-Content-Type-Options',
  staticSecurityHeaders['X-Content-Type-Options'],
);

Implementation

const Map<String, String> staticSecurityHeaders = {
  'X-Content-Type-Options': 'nosniff',
  'X-Frame-Options': 'SAMEORIGIN',
  'Referrer-Policy': 'strict-origin-when-cross-origin',
  'X-XSS-Protection': '1; mode=block',
  'Vary': 'Accept-Encoding',
  'Cache-Control': 'public, max-age=300, must-revalidate',
};

staticSecurityHeaders top-level constant

Implementation

extensions library