From the course: Complete Guide to Spring MVC
Join today to access over 24,700 courses taught by industry experts.
Security response headers - Spring Tutorial
From the course: Complete Guide to Spring MVC
Security response headers
- [Instructor] Security response headers. Security HTTP response headers in Spring MVC are essential for enforcing browser security policies and mitigating risks from common web vulnerabilities, like XSS, click-jacking, and MITM attacks. These headers are integrated with Spring Security and can be customized for Spring Security needs. Spring Security applies the following headers by default to enhance application security. You can configure or disable the default security headers in your SecurityConfig class. Now I'm going to walk through more in depth some of the security headers that I had on that table two slides before, starting with cacheControl and related headers. This prevents caching of sensitive data, like session tokens, and protect sensitive data by disabling cache. You can override these defaults if your application handles its own cache headers, like static resources. Next is X-Content-Type-Options. This prevents browsers from guessing the MIME type of content and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.