Uppdaterad 2024-04-15
Header
431 Request Header Fields Too Large
Delar
Note: Lax replaced None as the default value in order to ensure that users have reasonably robust defense against some classes of cross-site request forgery (CSRF ) attacks.
Svar
header('WWW-Authenticate: Basic realm="My Realm"');
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']
Skicka headers med UNIX
curl --header "X-MyHeader: 123" example.com
xhr.open('HEAD', 'example.com', true);
function smart_split(cntn, first, second) {
arr = cntn.split(first);
obj = {};
arr.forEach(function (line) {
parts = line.split(second);
header = parts.shift();
value = parts.join(second);
obj[header] = value;
});
return obj;
}
xhr = new XMLHttpRequest();
xhr.open('GET', window.location, true);
xhr.onloadend = function() {
headers = smart_split(xhr.getAllResponseHeaders().trim(), /[\r\n]+/, ': ');
type = smart_split('mime-type=' + headers['content-type'], '; ', '=');
}
xhr.send();
xhr = new XMLHttpRequest();
xhr.setRequestHeader('custom-header', 'value');
xhr.open('GET', '/folder/file.extension?query=1&q=2', true);
xhr.onloadend = function() {
console.log(xhr.status);
console.log(xhr.statusText);
console.log(xhr.getAllResponseHeaders());
}
xhr.send();
getallheaders()
Hämta headers för server med PHP
headers_list()
apache_request_headers()
Hämta headers från URL med PHP
get_headers('http://example.com', 1)
Returnera en header med PHP
http_response_code(404);
headers_sent()
header('Location: http://www.example.com/');
header('Content-Type: text/html; charset=utf-8');
header("HTTP/1.0 404 Not Found");
header('Content-Type: text/css');
header('Content-Type: application/javascript');
header('Content-Type: text/javascript');
JPEG Image
header('Content-Type: image/jpeg');
header('Content-Type: application/json');
header('Content-Type: application/ubjson');
header('Content-Type: application/pdf');
header('Content-Type: application/rss+xml; charset=ISO-8859-1');
header('Content-Type: text/plain');
header('Content-Type: text/xml');
header('Content-Type: text/csv');
header('Content-Type: text/tsv');
header('Content-Type: image/png');
The XSS Auditor refused to execute a script in * because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
header('X-XSS-Protection: 0');
Liknande sidorHär är 15 liknande sidor