Ars Technica

HTTP Headers - Content Security Policy

Anyone have expertise with HTTP headers, specifically Content-Security-Policy? I'm trying to set CSP on a couple of sites, to improve protection to a hosted application, and running into issues with ...
Security Boulevard

When Proxies Become Attack Vectors Through Header Injection

This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same header field in fundamentally different ways, creating exploitable gaps that attackers are ...
Dark Reading

Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks

A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Daniel Thatcher, researcher and penetration tester at ...