Applicatie-beveiligingsopties (Beveiligingsopties)

X-Frame-Options

• RFC 7034: HTTP Header Field X-Frame-Options
• X-Frame-Options, MDN webdocs

X-Content-Type-Options

• Blog 'IE8 Security Part VI: Beta 2 Update'
• X-Content-Type-Options, MDN webdocs

X-XSS-Protection

• Test verwijderd van Internet.nl

Content-Security-Policy (CSP):

• Content Security Policy Level 3, W3C Working Draft (In overeenstemming met CSP3 beschouwen we frame-src niet als 'deprecated'.)
• Content Security Policy Level 2, W3C Recommendation
• MDN webdocs on Content-Security-Policy
• Mozilla's Laboratory (Content Security Policy / CSP Toolkit)

Referrer-Policy

• Referrer Policy, W3C Candidate Recommendation, 26 January 2017
• Referrer Policy, Editor’s Draft
• Referrer-Policy, MDN webdocs