> ## Documentation Index
> Fetch the complete documentation index at: https://docs.law4devs.eu/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Headers

> HTTP response headers Law4Devs sets on every API response

Every response from the Law4Devs API includes a set of security headers designed to protect
both the API and its consumers. These headers are set automatically — no configuration
required on your end.

## Response Headers

| Header                   | Value                             | Purpose                                                             |
| ------------------------ | --------------------------------- | ------------------------------------------------------------------- |
| `X-Content-Type-Options` | `nosniff`                         | Prevents MIME-type sniffing attacks in browsers                     |
| `X-Frame-Options`        | `DENY`                            | Prevents the API response from being embedded in iframes            |
| `X-XSS-Protection`       | `1; mode=block`                   | Legacy XSS filter for older browsers                                |
| `Referrer-Policy`        | `strict-origin-when-cross-origin` | Controls how much referrer information is included                  |
| `X-API-Version`          | `1.0`                             | Signals the current API version on every response                   |
| `X-Request-ID`           | UUID (per-request)                | Unique identifier for each request — use this when reporting issues |

The `Server` header is stripped from all responses to avoid fingerprinting the underlying
infrastructure.

## Using `X-Request-ID`

Every response carries a unique `X-Request-ID` header. Log this value alongside your
application errors — it lets the Law4Devs team trace a specific request end-to-end when
you report an issue.

```bash theme={null}
curl -v -H "X-API-Key: YOUR_API_KEY" \
  https://api.law4devs.eu/v1/frameworks 2>&1 | grep X-Request-ID

# < X-Request-ID: 4f2a1c8e-9b3d-47e2-a1f0-8c5d6e7b9a2c
```

## Using `X-API-Version`

The `X-API-Version` header is included in every response so your application can detect
version changes without parsing the URL.

```python theme={null}
import requests

response = requests.get(
    "https://api.law4devs.eu/v1/frameworks",
    headers={"X-API-Key": "YOUR_API_KEY"},
)
api_version = response.headers.get("X-API-Version")
print(f"API version: {api_version}")  # API version: 1.0
```
