CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: headers

13 terms of 1444 total

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: headers
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HTTP Content Negotiation
The HTTP mechanism by which clients declare what formats, languages, and encodings they accept (Accept, Accept-Language, Accept-Encoding) and servers respond with the best match — or 406 Not Acceptable if none fits.
1mo ago api_design intermediate
CORS — Cross-Origin Resource Sharing PHP 7.0+
A browser security mechanism that blocks JavaScript from making HTTP requests to a different origin — PHP APIs must send specific headers to allow cross-origin requests from permitted frontend origins.
2mo ago security intermediate
MIME Sniffing & X-Content-Type-Options PHP 5.0+
Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.
2mo ago security intermediate
Clickjacking PHP 5.0+
A malicious page overlays an invisible iframe over your site, tricking users into clicking UI elements they cannot see.
CWE-1021 OWASP A4:2021
2mo ago security intermediate 6.5
Clickjacking & CSP frame-ancestors PHP 5.0+
Tricking users into clicking hidden UI elements by overlaying a transparent iframe — prevented by CSP frame-ancestors or the X-Frame-Options header.
CWE-1021 OWASP A4:2021
2mo ago security intermediate 6.1
Diagram: Content Security Policy (CSP) Content Security Policy (CSP) PHP 5.0+
An HTTP response header that restricts which scripts, styles, and resources the browser is allowed to load.
2mo ago security intermediate
CRLF Injection PHP 5.0+
Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.
CWE-93 OWASP A3:2021
2mo ago security intermediate 6.1
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
2mo ago security intermediate 6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
2mo ago security intermediate 7.5
HTTP Caching (ETags, Cache-Control)
Standard HTTP headers that instruct browsers and intermediary caches on how long to cache responses and when to revalidate.
2mo ago performance intermediate
HTTP Security Headers Checklist
A set of response headers that instruct browsers to enforce security policies — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.
2mo ago security intermediate
Output Buffering (ob_start / ob_flush) PHP 4.0+
Capturing PHP output into a buffer rather than sending it immediately, enabling manipulation before delivery or header modification.
2mo ago php intermediate
Subresource Integrity (SRI) PHP 5.0+
A browser mechanism that verifies CDN-hosted scripts and stylesheets haven't been tampered with, using a cryptographic hash in the HTML tag.
CWE-829 OWASP A6:2021
2mo ago security intermediate
✓ schema.org compliant