hacktricks/pentesting/pentesting-web/special-http-headers.md

Special HTTP headers

Wordlists:

• https://github.com/danielmiessler/SecLists/tree/master/Miscellaneous/web/http-request-headers

Headers to Change Location

Rewrite IP source:

• X-Originating-IP: 127.0.0.1
• X-Forwarded-For: 127.0.0.1
• X-Forwarded: 127.0.0.1
• Forwarded-For: 127.0.0.1
• X-Remote-IP: 127.0.0.1
• X-Remote-Addr: 127.0.0.1
• X-ProxyUser-Ip: 127.0.0.1
• X-Original-URL: 127.0.0.1
• Client-IP: 127.0.0.1
• True-Client-IP: 127.0.0.1
• Cluster-Client-IP: 127.0.0.1
• X-ProxyUser-Ip: 127.0.0.1
• Connection: close, X-Forwarded-For Check hop-by-hop headers

Rewrite location:

• X-Original-URL: /admin/console
• X-Rewrite-URL: /admin/console

Hop-by-Hop headers

A hop-by-hop header is a header which is designed to be processed and consumed by the proxy currently handling the request, as opposed to an end-to-end header.

• Connection: close, X-Forwarded-For

{% page-ref page="../../pentesting-web/abusing-hop-by-hop-headers.md" %}

HTTP Request Smuggling

• Content-Length: 30
• Transfer-Encoding: chunked

{% page-ref page="../../pentesting-web/http-request-smuggling.md" %}

Cache Headers

• X-Cache in the response may have the value miss when the request wasn't cached and the value hit when it is cached
• Cache-Control indicates if a resource is being cached and when will be the next time the resource will be cached again: Cache-Control: public, max-age=1800
• Vary is often used in the response to indicate additional headers that are treated as part of the cache key even if they are normally unkeyed.
• Age defines the times in seconds the object has been in the proxy cache.

{% page-ref page="../../pentesting-web/cache-deception.md" %}