Mmetụta
Enweghị isi ihe nchekwa HTTP dị mkpa na-abawanye ohere nke adịghị ike n'akụkụ ndị ahịa [S1]. Enweghị nchebe ndị a, ngwa nwere ike bụrụ ngwa ngwa na mwakpo dị ka ịde n'ofe saịtị (XSS) na clickjacking, nke nwere ike iduga omume na-enweghị ikike ma ọ bụ ikpughe data [S1]. Ndị nkụnye eji isi mee ahazighị ahazi nwekwara ike ịghara ịmanye nchekwa ụgbọ njem, na-ahapụ data nwere ike ịbanye [S1].
Ihe kpatara ya
Ngwa emepụtara AI na-ebutekarị koodu arụ ọrụ karịa nhazi nchekwa, na-ahapụkarị nkụnye eji isi mee HTTP dị egwu n'ime igwe ọkụ ọkụ [S1]. Nke a na-ebute ngwa ndị na-adabaghị ụkpụrụ nchekwa ọgbara ọhụrụ ma ọ bụ soro usoro kachasị mma maka nchekwa weebụ, dịka ejiri nyocha ngwaọrụ dịka Mozilla HTTP Observatory [S1].
Concrete ndozi
Iji kwalite nchekwa, ekwesịrị ịhazi ngwa ka ọ weghachi isi nchekwa ọkọlọtọ [S1]. Nke a na-agụnye imejuputa atumatu-Content-Security-Policy (CSP) iji chịkwaa ntinye ihe onwunwe, na-eme ka HTTPS site na Strict-Transport-Security (HSTS), na iji X-Frame-Options iji gbochie ịmepụta ZXBEX. Ndị mmepe kwesịkwara ịtọ nhọrọ X-Ọdịnaya-Ụdị-Nhọrọ na 'nosniff' iji gbochie ụdị MIME imi [S1].
Nchọpụta
Nyocha nchekwa na-agụnye ịme nyocha na-agafe agafe nke ndị isi nzaghachi HTTP iji chọpụta ntọala nchekwa efu ma ọ bụ ahaziri nke ọma [S1]. Site n'ịtụle nkụnye eji isi mee ndị a megide akara ọkọlọtọ ụlọ ọrụ, dị ka nke Mozilla HTTP Observatory ji, ọ ga-ekwe omume ikpebi ma nhazi ngwa ọ dabara na omume webụ echekwara [S1].