Common headers: Trusting headers

  1. Cookies
  2. Common headers

Headers from clients can’t be trusted; you can’t trust User-Agent, Date, HTTP-Referer, or anything else that the client sends (just look at the options in curl and HTTP Client: they can be faked easily).

  1. Cookies
  2. Common headers