You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Clickjacking with header X-Frame-Options: Deny. It does not allow your page to be served inside any frames.
Public-Key-Pins. HPKP prevents MITM attacks with forged certificates
Not implemented
A way to invalidate tokens
Generated tokens could be stored in a memory-based storage (Redis) and we could check the storage on each to see if the token exists. Redis expire method can provide automatic deletion too.