Menu
While trying to play with AJAX I tried to add "Range" header to the request. Sniffing with wireshark revealed the "X-Removed" header.
Couldn't find anything relevant on the web. Does anyone knows what's this header?
Testcase headers (using Chrome):
GET /img/initializing.png HTTP/1.1
Host: fiddle.jshell.net
Connection: keep-alive
X-REMOVED: Range
Accept: */*
Referer: http://fiddle.jshell.net/_display/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,he;q=0.6
Range: bytes=0-
694
X-headers are fields in the request HTTP header beginning with an X. Put simply. These fields are kind of non-standard or proprietary add-ons to the regular fields in the HTTP header.
The X-Powered-By header describes the technologies used by the webserver. This information exposes the server to attackers. Using the information in this header, attackers can find vulnerabilities easier.
Open the site which you would like to open and then click on the HTTP Response Headers option. Click on the X-Powered-By header and then click Remove on the Actions Pane to remove it from the response.
The X-Forwarded-Host (XFH) header is a de-facto standard header for identifying the original host requested by the client in the Host HTTP request header.
Historically, designers and implementers of application protocols have often distinguished between standardized and unstandardized parameters by prefixing the names of unstandardized parameters with the string "X-" or similar constructs (e.g., "x."), where the "X" is commonly understood to stand for "eXperimental" or "eXtension".
Under this convention, the name of a parameter not only identified the data, but also embedded the status of the parameter into the name itself: a parameter defined in a specification produced by a recognized standards development organization (or registered according to processes defined in such a specification) did not start with "X-" or similar constructs, whereas a parameter defined outside such a specification or process started with "X-" or similar constructs.
"X-" headers are "non-standard headers" that is defined by the developer, and can mean anything they like it to mean, they don't really have to follow any standards as there is non.
However some X- headers are common, such as X-Requested-With which is sent with Ajax requests in all the widely used frameworks, like jQuery, and X-Frame-Options and X-Powered-By that is supported by most browsers, or the IE specific X-UA-Compatible but they are still not standardized headers.
In other words, any "X-" header is valid, and using the "X-" prefix means it's not a standard header, and it could do anything really.
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
