What is an Account-Control Surface?
Understand the account-control surface and why account protection has to cover more than the login form.
Support FAQ
HTTP headers are key-value pairs sent at the beginning of a request or response message as part of the HTTP (Hypertext Transfer Protocol). Headers provide information about the request or response, such as the type of browser being used, the type of data being sent, the server's expected behavior, and much more.
HTTP request headers provide information about the client's request, such as the type of content being sent, preferred languages, authentication details, etc. Here's an example of a typical HTTP request header:
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Here's an explanation of some key request headers:
HTTP response headers provide information about the server's response, including the status of the request and details about the data being sent back. Here's an example of a typical HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 02 Aug 2023 08:00:00 GMT
Server: Apache/2.4.7
Last-Modified: Mon, 01 Jul 2023 07:28:00 GMT
Content-Length: 438
Content-Type: text/html; charset=UTF-8
Connection: close
Here's an explanation of some key response headers:
Headers are also useful operating evidence. A request to a login, checkout, API, or cacheable content route can carry Authorization, Cookie, User-Agent, Accept, Accept-Encoding, Cache-Control, and Host values that change how the request should be handled. A response can add Cache-Status, Retry-After, Link, Vary, and status-code context that explains what happened next.
None of those headers proves intent by itself. They are stronger when they stay attached to the route, method, account or API key, fingerprint, response code, and selected action. That is the difference between a useful decision log and a pile of disconnected request fields. For related performance paths, see HTTP Link headers and Early Hints. For API enforcement, see the rate-limit decision matrix.
HTTP headers are a vital part of the web's architecture, enabling browsers and servers to exchange information in a standardized way. They help control various aspects of the communication between clients and servers, making the web a flexible and robust platform.
Understand the account-control surface and why account protection has to cover more than the login form.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.