http-headers

What is “X-Content-Type-Options=nosniff”?

by

It prevents the browser from doing MIME-type sniffing. Most browsers are now respecting this header, including Chrome/Chromium, Edge, IE >= 8.0, Firefox >= 50 and Opera >= 13. See : https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx?Redirected=true Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type. EDIT: … Read more

What are all the possible values for HTTP “Content-Type” header?

by

You can find every content types here: http://www.iana.org/assignments/media-types/media-types.xhtml The most common types are: Type application: application/java-archive application/EDI-X12 application/EDIFACT application/javascript application/octet-stream application/ogg application/pdf application/xhtml+xml application/x-shockwave-flash application/json application/ld+json application/xml application/zip application/x-www-form-urlencoded Type audio: audio/mpeg audio/x-ms-wma audio/vnd.rn-realaudio audio/x-wav Type image: image/gif image/jpeg image/png image/tiff image/vnd.microsoft.icon image/x-icon image/vnd.djvu image/svg+xml Type multipart: multipart/mixed multipart/alternative multipart/related (using by MHTML (HTML mail).) … Read more

Maximum on HTTP header values?

by

No, HTTP does not define any limit. However most web servers do limit size of headers they accept. For example in Apache default limit is 8KB, in IIS it’s 16K. Server will return 413 Entity Too Large error if headers size exceeds that limit. Related question: How big can a user agent string get?

Why would one omit the close tag?

by

Sending headers earlier than the normal course may have far reaching consequences. Below are just a few of them that happened to come to my mind at the moment: While current PHP releases may have output buffering on, the actual production servers you will be deploying your code on are far more important than any … Read more

Access Control Request Headers, is added to header in AJAX request with jQuery

by

Here is an example how to set a request header in a jQuery Ajax call: $.ajax({ type: “POST”, beforeSend: function(request) { request.setRequestHeader(“Authority”, authorizationToken); }, url: “entities”, data: “json=” + escape(JSON.stringify(createRequestObject)), processData: false, success: function(msg) { $(“#results”).append(“The result =” + StringifyPretty(msg)); } });

“CAUTION: provisional headers are shown” in Chrome debugger

by

The resource could be being blocked by an extension (AdBlock in my case). The message is there because the request to retrieve that resource was never made, so the headers being shown are not the real thing. As explained in the issue you referenced, the real headers are updated when the server responds, but there … Read more

Do I need Content-Type: application/octet-stream for file download?

by

No. The content-type should be whatever it is known to be, if you know it. application/octet-stream is defined as “arbitrary binary data” in RFC 2046, and there’s a definite overlap here of it being appropriate for entities whose sole intended purpose is to be saved to disk, and from that point on be outside of … Read more

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)