HTTP Headers are user-input for the recipient. I delivered a few security-related talks where my website sends XSS payloads in its HTTP headers. There are many "HTTP Headers checker" websites that fail to sanitize HTTP headers, and they make a good punchline for the talk about sanitizing user-input.
HTTP Headers are user-input for the recipient. I delivered a few security-related talks where my website sends XSS payloads in its HTTP headers. There are many "HTTP Headers checker" websites that fail to sanitize HTTP headers, and they make a good punchline for the talk about sanitizing user-input.
The same goes for DNS records too.