From fcfd03146011dbb2ab77868b2f56374d51b39d56 Mon Sep 17 00:00:00 2001 From: Lowell Abbott Date: Thu, 25 May 2017 14:42:42 -0700 Subject: [PATCH] Add capitalize and other details --- docs/security.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/security.rst b/docs/security.rst index 59767139..5033ddda 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -108,13 +108,13 @@ arrays. Security Headers ---------------- -This section contains a list of headers supported by Flask. +This section contains a list of HTTP security headers supported by Flask. To configure HTTPS and handle the headers listed below we suggest the package `flask-talisman `_. HTTP Strict Transport Security (HSTS) ------------------------------------- -Redirects http requests to https on all urls, preventing Man-in-the-middle (MITM) attacks. +Redirects HTTP requests to HTTPS on all URLs, preventing man-in-the-middle (MITM) attacks. Example: @@ -129,7 +129,7 @@ See also `Strict Transport Security `_. -X-Frame-Options (Clickjacking protection) +X-Frame-Options (Clickjacking Protection) ----------------------------------------- Prevents the client from clicking page elements outside of the website, avoiding hijacking or UI redress attacks. @@ -166,7 +166,7 @@ See also `X-Content-Type-Options `_. -Cookie options +Cookie Options -------------- -While these headers are not directly security related, they have important options that may affect your flask application. +While these headers are not directly security related, they have important options that may affect your Flask application. - ``Secure`` limits your cookies to HTTPS traffic only. - ``HttpOnly`` protects the contents of your cookie from being visible to XSS.