PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
I did a lot of searching and also read the PHP $_SERVER docs. Do I have this right regarding which to use for … Read more
owasp
What is “X-Content-Type-Options=nosniff”?
I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was … Read more
Why is it common to put CSRF prevention tokens in cookies?
I’m trying to understand the whole issue with CSRF and appropriate ways to prevent it. (Resources I’ve read, understand, and agree with: OWASP … Read more