Skip to main content
Every response from the Law4Devs API includes a set of security headers designed to protect both the API and its consumers. These headers are set automatically — no configuration required on your end.

Response Headers

HeaderValuePurpose
X-Content-Type-OptionsnosniffPrevents MIME-type sniffing attacks in browsers
X-Frame-OptionsDENYPrevents the API response from being embedded in iframes
X-XSS-Protection1; mode=blockLegacy XSS filter for older browsers
Referrer-Policystrict-origin-when-cross-originControls how much referrer information is included
X-API-Version1.0Signals the current API version on every response
X-Request-IDUUID (per-request)Unique identifier for each request — use this when reporting issues
The Server header is stripped from all responses to avoid fingerprinting the underlying infrastructure.

Using X-Request-ID

Every response carries a unique X-Request-ID header. Log this value alongside your application errors — it lets the Law4Devs team trace a specific request end-to-end when you report an issue.

Using X-API-Version

The X-API-Version header is included in every response so your application can detect version changes without parsing the URL.