Ray "Vanhalen" Kelly has written a post describing the security mechanisms used by Google+, as well as compares them to facebook. In particular he reviews each HTTP protection header and provides a good explanation of the purpose of each protection.
Link: https://www.barracudanetworks.com/blogs/labsblog?bid=1743
