CSRF, CORS, and HTTP Security headers Demystified

Posted on 2021-04-30 [Friday] by Jay Jay

This on Hacker News today: CSRF, CORS, and HTTP Security headers Demystified.

The above article referred to OWASP SameSite doco, and you can read about how to implement that with PHP.

Apache HTTP Proxy Header Manipulation

Posted on 2016-07-10 [Sunday] by Jay Jay

Found this:

<Location /jira>
  RequestHeader unset Authorization
  ProxyPreserveHost On
  ProxyPass http://jiraserver/jira
  ProxyPassReverse http://jiraserver/jira
</Location>

Over here. Wanted to keep a note of those settings.

PHP HTTP response data

Posted on 2014-05-23 [Friday] by Jay Jay

Today I learned about headers_list and http_response_code… yay! :)

HTTP cache control headers

Posted on 2012-11-19 [Monday] by Jay Jay

I had to do two things today. One was to make sure that in production all of my resources were cached. The other was to make sure that in development none of my resources were cached. I ended up with these two functions, which seem to be doing the trick to disable/enable caching:


function set_nocache() {
  header("Expires: Tue, 03 Jul 2001 06:00:00 GMT");
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
  header("Cache-Control: post-check=0, pre-check=0", false);
  header("Pragma: no-cache");
}

function set_cache() {
  header('Expires: ' . gmdate( 'D, d M Y H:i:s', time()+31536000 ) . ' GMT');
  header('Cache-Control: max-age=31536000');
}

Reference: Completely disable any browser caching.

John's blog

Talking about technology (mostly)

Tag Archives: headers

Apache HTTP Proxy Header Manipulation

PHP HTTP response data

HTTP cache control headers