这篇翻译不完整。请帮忙从英语翻译这篇文章

草案
本页尚未完工.

你可以采取一些措施来确保你的网站安全。本文提供了各种建议,以及提供更多有用信息的其他文章的链接。

Note: This article is a work in progress, and is neither complete nor does following its suggestions guarantee your site will be fully secure.

用户信息安全

如何关闭表单的自动完成功能
在Gecko中表单字段支持自动完成功能; 因此他们的值可以被记住,并且在下一次用户访问你的网站时自动被填充. 对于某些特定类型的数据, 你可能希望禁止这个功能.
隐私和:visited选择器
这篇文章讨论对于getComputedStyle()方法的改动, 消除恶意站点获取用户浏览历史的能力.

内容安全

正确配置服务器的 MIME 类型
不正确的 MIME 类型有几种方式可以对您的站点造成潜在的安全问题. 这篇文章解释了其中的几种方式, 并且向您展示如何配置您的服务器,以让它使用正确的 MIME 类型提供文件服务.
HTTP Strict Transport Security
The Strict-Transport-Security: HTTP header lets a web site specify that it may only be accessed using HTTPS.
HTTP access control
The Cross-Origin Resource Sharing standard provides a way to specify what content may be loaded from other domains. You can use this to prevent your site from being used improperly; in addition, you can use it to establish resources that other sites are expressly permitted to use.
Content Security Policy
An added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.
The X-Frame-Options response header

The X-Frame-Options: HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

另外参考

文档标签和贡献者

此页面的贡献者: Roscoe93, keep2zero, xgqfrms-GitHub, hashedhyphen
最后编辑者: Roscoe93,