Response headers can deliver additional metadata along with the actual response to an API call. This information could be about the response itself, like its location. But in some cases, the headers might contain actual data or reveal details about the backend server sending the response that you rather keep hidden.
In other words, response headers could be a source of direct data breach, or include details that put your API security at risk. It is recommended that you lock down and define your response headers properly. This way, even if your backend servers were breached, the design of your API prevents the servers from returning more information than the API is supposed to.
Browse through this section to see the details of each API security risk related to your API response headers.
- Array header has no maximum number of items definedArray header has no type of items definedArray header with numeric items has no format definedArray header with numeric items has no maximum definedArray header with numeric items has no minimum definedArray header with string items has no maximum length definedArray header with string items has no pattern definedFormat of a numeric header is unknownFormat of a string header is unknownNumeric header has no format definedNumeric header has no maximum definedNumeric header has no minimum definedPattern for string header is too loosePattern for string items in an array header is too looseString header has no maximum length definedString header has no pattern defined
Copyright 42Crunch 2020