CSRF:

http://blog.csdn.net/stpeace/article/details/53512283



Session fixation:

https://www.cnblogs.com/davidwang456/p/3593578.html

http://www.gooseeker.com/cn/node/knowledgebase/whatissessionfixation


HTTP Strict Transport Security(HSTS):

HTTPS

XSS:

https://www.cnblogs.com/suwings/p/6285340.html

https://www.cnblogs.com/digdeep/p/4695348.html