User Tools

Site Tools

tools:http-headers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
tools:http-headers [2025/10/11 12:02] – [HTTP Headers] Humphrey Boa-Garttools:http-headers [2025/10/11 12:05] (current) Humphrey Boa-Gart
Line 16: Line 16:
 ===== Manipulating Headers ===== ===== Manipulating Headers =====
  
-Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy:user-agent-spoofing|User-Agent]] or [[diy:referrer-spoofing|Referer]] headers is a great way to familiarize yourself with the concept of manipulating this data.+Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy:user-agent-spoofing|User-Agent]] or [[diy:referer-spoofing|Referer]] headers is a great way to familiarize yourself with the concept of manipulating this data.
  
 Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser's [[tools:developer-tools|developer tools]] and see what you can find! Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser's [[tools:developer-tools|developer tools]] and see what you can find!
tools/http-headers.txt · Last modified: by Humphrey Boa-Gart

Find this page online at: https://bestpoint.institute/tools/http-headers