HTTP Headers

https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

X- prefix is deprecated

https://www.linkedin.com/posts/rickvianaldi_stop-using-the-x-prefix-for-your-custom-activity-7384400311790211072-sHBm/

The X- prefix was officially deprecated in 2012 by the IETF via RFC 6648.

https://datatracker.ietf.org/doc/html/rfc6648

Check headers security

MDN HTTP Observatory (note that the HTTP Observatory is for websites, not APIs - source):

• New version: https://developer.mozilla.org/en-US/observatory
• Previous version (deprecated July 2024): https://observatory.mozilla.org

https://pentest-tools.com/website-vulnerability-scanning/website-scanner

Content-Type

The media type.

https://stackoverflow.com/questions/23714383/what-are-all-the-possible-values-for-http-content-type-header

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type

Cache-Control

https://www.keycdn.com/blog/http-cache-headers