Tag: headers
HTTP Content Negotiation
The HTTP mechanism by which clients declare what formats, languages, and encodings they accept (Accept, Accept-Language, Accept-Encoding) and servers respond with the best match — or 406 Not Acceptable if none fits.
1mo ago
api_design intermediate
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
2mo ago
security intermediate
6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
2mo ago
security intermediate
7.5
HTTP Caching (ETags, Cache-Control)
Standard HTTP headers that instruct browsers and intermediary caches on how long to cache responses and when to revalidate.
2mo ago
performance intermediate
HTTP Response Splitting PHP 5.0+
Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.
CWE-113 OWASP A3:2021
2mo ago
security advanced
6.1
HTTP Security Headers PHP 5.0+
A set of HTTP response headers that instruct browsers to enforce security policies, reducing XSS, clickjacking, and data leakage risks.
CWE-16 OWASP A5:2021
2mo ago
security beginner
HTTP Security Headers Checklist
A set of response headers that instruct browsers to enforce security policies — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.
2mo ago
security intermediate
HTTP Strict Transport Security (HSTS) PHP 5.0+
A response header that instructs browsers to always connect via HTTPS for a specified duration, preventing protocol downgrade attacks.
CWE-319 OWASP A5:2021
2mo ago
security beginner