User Tools

Site Tools

tools:http-headers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tools:http-headers [2025/09/12 18:12] – [Further Reading] Humphrey Boa-Garttools:http-headers [2025/10/11 12:05] (current) Humphrey Boa-Gart
Line 1: Line 1:
 ====== HTTP Headers ====== ====== HTTP Headers ======
  
-**HTTP headers** are key-value pairs of metadata sent in HTTP requests and responses, by both the client //(such as your web browser)// and the server //(such as the AMI's [[tools:nginx]] install)//. This metadata provides essential information about the connection, helping the client & server sync up for data transfer.+**HTTP headers** are key-value pairs of metadata sent in HTTP requests and responses, by both the client //(such as your web browser)// and the server //(such as the AMI's [[tools:reverse-proxy#nginx|nginx]] install)//. This metadata provides essential information about the connection, helping the client & server sync up for data transfer.
  
 HTTP headers are processed by the client application and the web server, and are usually invisible to the end user. Data sent as HTTP headers includes, but is not limited to: HTTP headers are processed by the client application and the web server, and are usually invisible to the end user. Data sent as HTTP headers includes, but is not limited to:
Line 16: Line 16:
 ===== Manipulating Headers ===== ===== Manipulating Headers =====
  
-Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy:user-agent-spoofing|User-Agent]] or [[diy:referrer-spoofing|Referer]] headers is a great way to familiarize yourself with the concept of manipulating this data.+Manually changing the values HTTP headers is fairly easy to do, and provides for some tactical opportunities on the field. Spoofing your [[diy:user-agent-spoofing|User-Agent]] or [[diy:referer-spoofing|Referer]] headers is a great way to familiarize yourself with the concept of manipulating this data.
  
 Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser's [[tools:developer-tools|developer tools]] and see what you can find! Header security is also a thing! Many websites are poorly developed, and use client-defined HTTP headers to delegate access to the system. The way to defend against this is making sure header inputs are sanitized and tested against spoofed headers, but not everyone does it. Poke around with your browser's [[tools:developer-tools|developer tools]] and see what you can find!
Line 25: Line 25:
 ===== Further Reading ===== ===== Further Reading =====
  
-Since a full writeup on HTTP headers is beyond the scope of the //Institute's// mission, consult some of the following guides and articles for more information.+Since a full writeup on HTTP headers is beyond the mission of the //Anonymous Military Institute//, consult some of the following guides and articles for more information.
  
   * [[wp>List of HTTP header fields]] on Wikipedia   * [[wp>List of HTTP header fields]] on Wikipedia
tools/http-headers.1757700762.txt.gz · Last modified: (external edit)

Find this page online at: https://bestpoint.institute/tools/http-headers