Umthelela
Ukungabikho kwezihloko ezibalulekile zokuphepha ze-HTTP kukhulisa ubungozi bokuba sengozini yohlangothi lweklayenti [S1]. Ngaphandle kwalokhu kuvikela, izinhlelo zokusebenza zingase zibe sengcupheni yokuhlaselwa okufana ne-cross-site scripting (XSS) kanye nokuntshontshwa, okungaholela ezenzweni ezingagunyaziwe noma ukuvezwa kwedatha [S1]. Izihloko ezingalungiselelwanga kahle zingakwazi futhi ukuphoqelela ukuvikeleka kwezokuthutha, okushiya idatha isengozini yokuphazanyiswa [S1].
Imbangela
Izinhlelo zokusebenza ezikhiqizwe i-AI zivame ukubeka kuqala ikhodi esebenzayo ngaphezu kokulungiswa kokuphepha, ngokuvamile zishiya izihloko ezibalulekile ze-HTTP ku-boilerplate ekhiqiziwe [S1]. Lokhu kubangela izinhlelo zokusebenza ezingahlangabezani namazinga okuphepha esimanje noma ezilandela izinqubo ezihamba phambili ezimisiwe zokuvikela iwebhu, njengoba kukhonjwa ngamathuluzi okuhlaziya afana ne-Mozilla HTTP Observatory [S1].
Ukulungiswa kukakhonkolo
Ukuze kuthuthukiswe ukuvikeleka, izinhlelo zokusebenza kufanele zilungiselelwe ukubuyisela izihloko zokuphepha ezijwayelekile [S1]. Lokhu kufaka phakathi ukusebenzisa i-Content-Security-Policy (CSP) ukuze ulawule ukulayishwa kwensiza, ukuphoqelela i-HTTPS nge-Strict-Transport-Security (HSTS), kanye nokusebenzisa I-X-Frame-Options ukuvimbela ukwenza uzimele okungagunyaziwe ZXKCVENFIXBEXBEXBE. Onjiniyela kufanele futhi basethe Izinketho Zohlobo Lwe-X zibe 'Nosniff' ukuze bagweme ukuhogela kohlobo lwe-MIME [S1].
Ukutholwa
Ukuhlaziywa kokuphepha kuhilela ukuhlola okungenzi lutho kwezihloko zempendulo ye-HTTP ukuze kutholakale izilungiselelo zokuphepha ezingekho noma ezingalungiselelwe kahle [S1]. Ngokuhlola lezi zihloko ngokuqhathanisa namabhentshimakhi ajwayelekile embonini, njengalawo asetshenziswa i-Mozilla HTTP Observatory, kungenzeka ukunquma ukuthi ukulungiselelwa kohlelo lokusebenza kuhambisana nezinqubo zewebhu ezivikelekile [S1].