Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

organicmultiloc on May 15, 2018 | parent | context | favorite | on: HTTP headers we don't want

[flagged]

tatersolid on May 15, 2018 | [–]

Headers which have caused production bugs or misbehaviors during my career (mostly in proxies and old IE):

Content-Encoding

Vary

Cache-Control (proxies ignoring private usually)

Content-Disposition

X-UA-Compatible

P3P

Strict-Transport-Security

X-Forwarded-For

Via

Referrer

ovao on May 15, 2018 | [–]

Prematurely axing X-Frame-Options would expose a security risk, not a “bug”, per se.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact