Application security options (Security options)
X-Frame-Options
X-Content-Type-Options
X-XSS-Protection (deprecated)
Content-Security-Policy (CSP):
- Content Security Policy Level 3, W3C Working Draft (In conformance with CSP3 we consider
frame-src
not as deprecated.) - Content Security Policy Level 2, W3C Recommendation
- MDN webdocs on Content-Security-Policy
- Mozilla's Laboratory (Content Security Policy / CSP Toolkit)