(default) Header Value Sanity
Deny Rule Group – (default) Header Value Sanity

SANITY_HEADER_VALUE

  • Prevents the injection of special encoded characters in header values.

Included Deny Rules

Rule name
Legacy
Basic
Standard
Strict
(default 17) Non-printable characters in header value rule
Icon - ON
(default SAN_010b) Full-/half-width unicode in HTTP header value
Icon - ON
Icon - ON
Icon - ON
(default SAN_030b) Enforce printable ASCII characters in HTTP header value
Icon - ON
Icon - ON
Icon - ON
(default SAN_040b) Sanity check of Content-Type header value
Icon - ON
Icon - ON
Icon - ON
(default SAN_045b) Sanity check of multipart content-type header value
 
Icon - ON
Icon - ON
Icon - ON
(default SAN_050b) Unsafe character in HTTP header value
Icon - ON
Icon - ON
(default SAN_060b) Header value longer than 300 characters
Icon - ON
Icon - ON
(default SAN_070b) Sanity check of Accept-Encoding header value
 
 
Icon - ON
Icon - ON
(default SAN_080b) Sanity check of Accept-Language header value
 
 
Icon - ON
Icon - ON
(default SAN_090b) Sanity check of Accept header value
 
Icon - ON
Icon - ON
(default SAN_100b) Sanity check of Cache-Control header value
 
Icon - ON
Icon - ON
Icon - ON
(default SAN_110b) Sanity check of Sec-Fetch-headers value
 
 
Icon - ON
Icon - ON
(default SAN_120b) Sanity check of Range header value
 
 
Icon - ON
Icon - ON