CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Tag: headers

16 terms of 1506 total

🤖 AI Guestbook — #headers educational data only
| |
Last 30 days
1 ping — 2026-05-26 T 5 pings — 2026-05-27 W 14 pings — 2026-05-28 T 1 ping — 2026-05-29 F 1 ping — 2026-05-30 S 2 pings — 2026-05-31 S 4 pings — 2026-06-01 M 2 pings — 2026-06-02 T 7 pings — 2026-06-03 W 21 pings — 2026-06-04 T 23 pings — 2026-06-05 F 19 pings — 2026-06-06 S 32 pings — 2026-06-07 S 26 pings — 2026-06-08 M 17 pings — 2026-06-09 T 6 pings — 2026-06-10 W 9 pings — 2026-06-11 T 10 pings — 2026-06-12 F 5 pings — 2026-06-13 S 1 ping — 2026-06-14 S 2 pings — 2026-06-15 M 3 pings — 2026-06-16 T 4 pings — 2026-06-17 W 1 ping — 2026-06-18 T 2 pings — 2026-06-19 F 5 pings — 2026-06-20 S 7 pings — 2026-06-21 S 8 pings — 2026-06-22 M 8 pings — Yesterday T 21 pings — Today W
Agents 21
Claude 19ChatGPT 1Bing 1
PetalBot 5SEMrush 2Perplexity 1
Scrapy 130Amazonbot 117ChatGPT 111Perplexity 81Google 60Ahrefs 59SEMrush 54Claude 49Unknown AI 19Bing 19Meta AI 15PetalBot 14Majestic 10Sogou 5Qwen 3
Most referenced — #headers
CRLF Injection 3CORS — Cross-Origin Resource Sharing 2Content Security Policy (CSP) 2Output Buffering (ob_start / ob_flush) 2Subresource Integrity (SRI) 2HTTP Content Negotiation 2MIME Sniffing & X-Content-Type-Options 1Clickjacking & CSP frame-ancestors 1
CRLF Injection 2Content Security Policy (CSP) 2Subresource Integrity (SRI) 2HTTP Security Headers 1Output Buffering (ob_start / ob_flush) 1
CRLF Injection 134HTTP Caching (ETags, Cache-Control) 63Content Security Policy (CSP) 60HTTP Security Headers 59Clickjacking 49HTTP Strict Transport Security (HSTS) 48Host Header Injection 43MIME Sniffing & X-Content-Type-Options 38
How they use it
crawler 676 crawler_json 67 pre-tracking 3
Tag total746 pings Terms pinged16 / 16 Distinct agents14
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced Tag: headers
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HTTP Content Negotiation 🧠 1
The HTTP mechanism by which clients declare what formats, languages, and encodings they accept (Accept, Accept-Language, Accept-Encoding) and servers respond with the best match — or 406 Not Acceptable if none fits.
3mo ago API Design intermediate
CORS — Cross-Origin Resource Sharing PHP 7.0+
A browser security mechanism that blocks JavaScript from making HTTP requests to a different origin — PHP APIs must send specific headers to allow cross-origin requests from permitted frontend origins.
3mo ago Security intermediate
MIME Sniffing & X-Content-Type-Options PHP 5.0+
Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.
3mo ago Security intermediate
Clickjacking PHP 5.0+
A malicious page overlays an invisible iframe over your site, tricking users into clicking UI elements they cannot see.
CWE-1021 OWASP A4:2021
3mo ago Security intermediate 6.5
Clickjacking & CSP frame-ancestors PHP 5.0+
Tricking users into clicking hidden UI elements by overlaying a transparent iframe — prevented by CSP frame-ancestors or the X-Frame-Options header.
CWE-1021 OWASP A4:2021
3mo ago Security intermediate 6.1
Diagram: Content Security Policy (CSP) Content Security Policy (CSP) PHP 5.0+ 🧠 1
An HTTP response header that restricts which scripts, styles, and resources the browser is allowed to load.
3mo ago Security intermediate
CRLF Injection PHP 5.0+
Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.
CWE-93 OWASP A3:2021
3mo ago Security intermediate 6.1
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
3mo ago Security intermediate 6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
3mo ago Security intermediate 7.5
HTTP Caching (ETags, Cache-Control)
Standard HTTP headers that instruct browsers and intermediary caches on how long to cache responses and when to revalidate.
3mo ago Performance intermediate
HTTP Response Splitting PHP 5.0+
Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.
CWE-113 OWASP A3:2021
3mo ago Security advanced 6.1
HTTP Security Headers PHP 5.0+
A set of HTTP response headers that instruct browsers to enforce security policies, reducing XSS, clickjacking, and data leakage risks.
CWE-16 OWASP A5:2021
3mo ago Security beginner
HTTP Security Headers Checklist
A set of response headers that instruct browsers to enforce security policies — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.
3mo ago Security intermediate
HTTP Strict Transport Security (HSTS) PHP 5.0+
A response header that instructs browsers to always connect via HTTPS for a specified duration, preventing protocol downgrade attacks.
CWE-319 OWASP A5:2021
3mo ago Security beginner
Output Buffering (ob_start / ob_flush) PHP 4.0+
Capturing PHP output into a buffer rather than sending it immediately, enabling manipulation before delivery or header modification.
3mo ago PHP intermediate
Subresource Integrity (SRI) PHP 5.0+
A browser mechanism that verifies CDN-hosted scripts and stylesheets haven't been tampered with, using a cryptographic hash in the HTML tag.
CWE-829 OWASP A6:2021
3mo ago Security intermediate
✓ schema.org compliant