CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: headers

16 terms of 1444 total

🤖 AI Guestbook — #headers educational data only
| |
Last 30 days
2 pings — 2026-04-08 W 0 pings — 2026-04-09 T 1 ping — 2026-04-10 F 10 pings — 2026-04-11 S 2 pings — 2026-04-12 S 3 pings — 2026-04-13 M 1 ping — 2026-04-14 T 0 pings — 2026-04-15 W 1 ping — 2026-04-16 T 5 pings — 2026-04-17 F 6 pings — 2026-04-18 S 11 pings — 2026-04-19 S 6 pings — 2026-04-20 M 1 ping — 2026-04-21 T 4 pings — 2026-04-22 W 15 pings — 2026-04-23 T 8 pings — 2026-04-24 F 15 pings — 2026-04-25 S 5 pings — 2026-04-26 S 3 pings — 2026-04-27 M 1 ping — 2026-04-28 T 5 pings — 2026-04-29 W 8 pings — 2026-04-30 T 13 pings — 2026-05-01 F 10 pings — 2026-05-02 S 7 pings — 2026-05-03 S 4 pings — 2026-05-04 M 2 pings — 2026-05-05 T 0 pings — Yesterday W 3 pings — Today T
Agents 3
ChatGPT 1
No pings yesterday
Amazonbot 100ChatGPT 85Perplexity 69Google 42Ahrefs 28Unknown AI 18SEMrush 12Majestic 5Qwen 1Claude 1
Most referenced — #headers
MIME Sniffing & X-Content-Type-Options 1Clickjacking & CSP frame-ancestors 1CRLF Injection 1
No pings yesterday
CRLF Injection 91HTTP Caching (ETags, Cache-Control) 33Content Security Policy (CSP) 26Clickjacking 25HTTP Security Headers 24HTTP Strict Transport Security (HSTS) 23Host Header Injection 21MIME Sniffing & X-Content-Type-Options 20
How they use it
crawler 333 crawler_json 25 pre-tracking 3
Tag total361 pings Terms pinged16 / 16 Distinct agents9
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: headers
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HTTP Content Negotiation
The HTTP mechanism by which clients declare what formats, languages, and encodings they accept (Accept, Accept-Language, Accept-Encoding) and servers respond with the best match — or 406 Not Acceptable if none fits.
1mo ago api_design intermediate
CORS — Cross-Origin Resource Sharing PHP 7.0+
A browser security mechanism that blocks JavaScript from making HTTP requests to a different origin — PHP APIs must send specific headers to allow cross-origin requests from permitted frontend origins.
2mo ago security intermediate
MIME Sniffing & X-Content-Type-Options PHP 5.0+
Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.
2mo ago security intermediate
Clickjacking PHP 5.0+
A malicious page overlays an invisible iframe over your site, tricking users into clicking UI elements they cannot see.
CWE-1021 OWASP A4:2021
2mo ago security intermediate 6.5
Clickjacking & CSP frame-ancestors PHP 5.0+
Tricking users into clicking hidden UI elements by overlaying a transparent iframe — prevented by CSP frame-ancestors or the X-Frame-Options header.
CWE-1021 OWASP A4:2021
2mo ago security intermediate 6.1
Diagram: Content Security Policy (CSP) Content Security Policy (CSP) PHP 5.0+
An HTTP response header that restricts which scripts, styles, and resources the browser is allowed to load.
2mo ago security intermediate
CRLF Injection PHP 5.0+
Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.
CWE-93 OWASP A3:2021
2mo ago security intermediate 6.1
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
2mo ago security intermediate 6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
2mo ago security intermediate 7.5
HTTP Caching (ETags, Cache-Control)
Standard HTTP headers that instruct browsers and intermediary caches on how long to cache responses and when to revalidate.
2mo ago performance intermediate
HTTP Response Splitting PHP 5.0+
Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.
CWE-113 OWASP A3:2021
2mo ago security advanced 6.1
HTTP Security Headers PHP 5.0+
A set of HTTP response headers that instruct browsers to enforce security policies, reducing XSS, clickjacking, and data leakage risks.
CWE-16 OWASP A5:2021
2mo ago security beginner
HTTP Security Headers Checklist
A set of response headers that instruct browsers to enforce security policies — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.
2mo ago security intermediate
HTTP Strict Transport Security (HSTS) PHP 5.0+
A response header that instructs browsers to always connect via HTTPS for a specified duration, preventing protocol downgrade attacks.
CWE-319 OWASP A5:2021
2mo ago security beginner
Output Buffering (ob_start / ob_flush) PHP 4.0+
Capturing PHP output into a buffer rather than sending it immediately, enabling manipulation before delivery or header modification.
2mo ago php intermediate
Subresource Integrity (SRI) PHP 5.0+
A browser mechanism that verifies CDN-hosted scripts and stylesheets haven't been tampered with, using a cryptographic hash in the HTML tag.
CWE-829 OWASP A6:2021
2mo ago security intermediate
✓ schema.org compliant