Skip to main content
Information Security

Questions tagged [header]

Ask Question

For questions regarding headers (like http headers) that give meta information about a payload being transmitted

156 questions
Newest Active Bountied Unanswered
0 votes
1 answer
253 views

I have an Nginx reverse proxy that connects to different servers in the back-end according to the SNI. Recently it was pointed to me that if I add a header X-Forwarded-Host to something like https://...
Jorge Martínez's user avatar
  • 1
8 votes
3 answers
4k views

In another question, I implied that an application can check the Origin request header to determine where the request is from. I was under the assumption that the browser sets this to the origin of ...
Sjoerd's user avatar
  • 35.6k
2 votes
0 answers
505 views

Let's say you serve a website with the header Cross-Origin-Opener-Policy: same-origin. This is a new header that, if I understood it correctly, completely separates a browsing tab/origin to prevent ...
rugk's user avatar
  • 1,325
4 votes
1 answer
485 views

I have a web page with a Cross-Origin-Embedder-Policy: require-corp header. When I include an cross-origin image without CORP or CORS headers in the response, I expect the image to be blocked, because ...
Sjoerd's user avatar
  • 35.6k
1 vote
1 answer
165 views

As we know some important information can be found in MIME Boundary field in email headers. Such as the one described in this interesting link (Dates in Hiding Part 2 — Gmail MIME Boundary Timestamps) ...
user1973744's user avatar
  • 31
1 vote
0 answers
455 views

In an email forensic study, I want to know the meaning of the field "X-UI-Sender-Class" in email header and how can we decode this information. Note: the email is sent from mail.com Email ...
user1973744's user avatar
  • 31
2 votes
0 answers
99 views

I came across a site that allows the client-security-token in CORS requests: Access-Control-Allow-Headers: ..., client-security-token I have not found any request yet that includes this header. But ...
Sjoerd's user avatar
  • 35.6k
1 vote
0 answers
115 views

In my webserver log files I sometimes find such entries: 185.30.14.116 [2024-09-14T07:56:57+02:00] 400 | HOST-HDR "185.30.14.116" | SRV _:80" | URI "/" So there is a request ...
archygriswald's user avatar
  • 11
1 vote
2 answers
154 views

I implement a server application in .NET. I just want to know which security headers I need to set if I use HTTPS. I know about the HttpOnly and SameSite Cookies. OWASP has a recommendation HTTP ...
GangSTARclown's user avatar
  • 369
6 votes
1 answer
975 views

For various reasons, I need to shrink my CSP header a bit without degrading its effectiveness. I'm able to save some bytes by wildcarding some subdomains, but I'm also tempted to strip out all ...
Tom Wright's user avatar
  • 163
0 votes
1 answer
1k views

I might have found a way to highjack an Oauth Flow, but the source server is responding with 403 errors when the Oauth request is sent with a Sec-Fetch-Dest HTTP header. Is there a way to alter or ...
user2284570's user avatar
  • 1,512
0 votes
3 answers
6k views

My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance. I have created ...
chriaass's user avatar
  • 101
0 votes
1 answer
649 views

I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get ...
Sjoerd's user avatar
  • 35.6k
0 votes
1 answer
187 views

cURL is returning a 200 status code after correct login. The common response code after user login should be 302. Why am I not receiving this status code? All information is provided below. #!/usr/bin/...
user avatar
0 votes
1 answer
386 views

If I send an unknown domain name in the HTTP request header 'Host' to a webserver and the webserver responds with a HTTP status code 301/302 (redirect) along with a HTTP response header 'Location' ...
Bob Ortiz's user avatar
  • 7,715

15 30 50 per page
1
2 3 4 5
11