XSS 與 XSRF 預防措施

為防止跨網站指令碼 (XSS)，所有回應都需要 HTTP 標頭 X-Content-Type-Options: nosniff。也需要 Also include Content-Type: application/json; charset=utf-8 在回應標頭中。

為防止跨網站要求偽造 (XSS)，所有要求都需要 HTTP 標頭 X-XSRF-Protected: 1。

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2017-04-06 UTC.