http

Links

CORS / Cross Origin Resource Sharing
- enable cross-origin resource sharing
CSP / Content Security Policy
Headers
- End-to-end and Hop-by-hop Headers
- List of HTTP header fields
- Request headers
- Cache-Control
  - no-cache
  - no-store
  - Avoiding caching
- X-Frame-Options
- X-UA-Compatible
  - Can use to tell IE to render using Chrome Frame.
- Link
  - Supporting rel="canonical" HTTP Headers
- Location vs. Content-Location
Redirecting after POST
- Use code 303 with a Location: header.
- 303: See Other
- stackoverflow
Websockets
- Use http://socket.io/
HAR file format
Caching
- Optimize caching - Make the Web Faster — Google Developers
HTTP 1.1
- Key Differences between HTTP/1.0 and HTTP/1.1
- RFC 2616
  - Upgrade header
  - End-to-end and Hop-by-hop Headers

Headers

Response headers

# In general
strict-transport-security:max-age=31536000; includeSubdomains
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block
Content-location: http(s)://www.domain.tld/....


# No caching
cache-control:no-cache, must-revalidate
expires:<Stick in some past date - e.g. Fri, 01 Jan 1990 00:00:00 GMT>

# For json responses
#
content-disposition:attachment
content-type:application/json; charset=UTF-8