SecurityHeaderBuilder (Javadocs [I2P+ 2.11.0+]

java.lang.Object
- net.i2p.i2ptunnel.SecurityHeaderBuilder

```
public class SecurityHeaderBuilder
extends Object
```
Builds and manages HTTP security headers for server responses.
This class provides static methods for adding security-related HTTP headers to server responses. It handles:
- Referrer-Policy header
- Allow header
- Cache-Control header with appropriate policies
- X-XSS-Protection header
- X-Content-Type-Options header
Some headers are only added based on the MIME type of the response content. For example, Referrer-Policy and Allow headers are only added for HTML content. Cache-Control policies vary based on whether the content is static (immutable) or dynamic.

Constructor Summary

Constructors
Constructor and Description

SecurityHeaderBuilder()

Constructors
Constructor and Description
`SecurityHeaderBuilder()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`addSecurityHeaders(Map<String,List<String>> headers, StringBuilder command, String mimeType)` Adds all appropriate security headers to a response.
`static void`	`filterCacheControlHeaders(Map<String,List<String>> headers)` Filters Cache-Control headers to remove problematic values.
`static void`	`filterSetCookieHeaders(Map<String,List<String>> headers)` Filters Set-Cookie headers to remove unwanted cookies.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecurityHeaderBuilder
```
public SecurityHeaderBuilder()
```
- Method Detail
  - addSecurityHeaders
```
public static void addSecurityHeaders(Map<String,List<String>> headers,
                                      StringBuilder command,
                                      String mimeType)
```
    Adds all appropriate security headers to a response.
    This method adds security headers based on the MIME type of the response. Headers are only added if they are not already present in the response.
    
    The following headers may be added:
    - Referrer-Policy: same-origin (for HTML/XML/JSON content)
    - Allow: GET, POST, HEAD (for HTML/XML/JSON content)
    - Cache-Control (appropriate policy based on MIME type)
    - X-XSS-Protection: 1; mode=block
    - X-Content-Type-Options: nosniff
    Parameters:
    
    headers - the HTTP response headers map to modify
    
    command - the HTTP request command (used for logging/debugging)
    
    mimeType - the MIME type of the response content; may be null
  - filterCacheControlHeaders
```
public static void filterCacheControlHeaders(Map<String,List<String>> headers)
```
    Filters Cache-Control headers to remove problematic values.
    This method removes "none" and "post-check" values from Cache-Control headers, as these can cause issues with I2P HTTP proxying.
    
    Parameters:
    
    headers - the HTTP response headers map
  - filterSetCookieHeaders
```
public static void filterSetCookieHeaders(Map<String,List<String>> headers)
```
    Filters Set-Cookie headers to remove unwanted cookies.
    This method removes Set-Cookie headers containing specific strings (STYXKEY, visited=yes) that are known to be irrelevant or unwanted for I2P HTTP proxying.
    
    Parameters:
    
    headers - the HTTP response headers map

Class SecurityHeaderBuilder

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecurityHeaderBuilder

Method Detail

addSecurityHeaders

filterCacheControlHeaders

filterSetCookieHeaders