Detections
Analytics

Duplicate HTTP Headers Detected

info Web App Scanning Plugin ID 113333

Language:

Synopsis

Duplicate HTTP Headers Detected

Description

Multiple HTTP headers of the same name have been detected. RFC 7230 states a server must not generate multiple header fields with the same field name unless either the entire field value for that header field is defined as a comma-separated list, or the header field is a well-known exception. Strings split across multiple header instances may have unpredictable results, since other elements such as command and whitespace may be inserted during recombination outside the control of the originating serializer.

Solution

Ensure that any HTTP header or meta tag http-equiv declarations are named uniquely.

See Also

https://tools.ietf.org/id/draft-ietf-httpbis-header-structure-15.html

https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2

Plugin Details

Severity: Info

ID: 113333

Type: remote

Published: 8/8/2022

Updated: 3/25/2024

Scan Template: basic, config_audit, full, overview, pci, quick, scan