Applicatie-beveiligingsopties (Beveiligingsopties)

X-Frame-Options

• RFC 7034: HTTP Header Field X-Frame-Options
• X-Frame-Options, MDN webdocs

X-Content-Type-Options

• Blog 'IE8 Security Part VI: Beta 2 Update'
• X-Content-Type-Options, MDN webdocs

X-XSS-Protection

• Blog 'IE8 Security Part IV: The XSS Filter'
• X-XSS-Protection, MDN webdocs

Content-Security-Policy (CSP):

• Content Security Policy Level 3, W3C Working Draft (In overeenstemming met CSP3 beschouwen we frame-src niet als 'deprecated'.)
• Content Security Policy Level 2, W3C Recommendation
• MDN webdocs on Content-Security-Policy
• Mozilla's Laboratory (Content Security Policy / CSP Toolkit)

Referrer-Policy

• Referrer Policy, W3C
• Referrer-Policy, MDN webdocs