Deny Rule Group – (default) Header Value Sanity

SANITY_HEADER_VALUE

  • Prevents the injection of special encoded characters in header values.

Included Deny Rules

Rule name

Basic

Standard

Strict

(default 17) Non-printable characters in header value rule

(default SAN_010b) Full-/half-width unicode in HTTP header value

Icon - ON

Icon - ON

Icon - ON

(default SAN_030b) Enforce printable ASCII characters in HTTP header value

Icon - ON

Icon - ON

Icon - ON

(default SAN_040b) Sanity check of Content-Type header value

Icon - ON

Icon - ON

Icon - ON

(default SAN_045b) Sanity check of multipart content-type header value

Icon - ON

Icon - ON

Icon - ON

(default SAN_050b) Unsafe character in HTTP header value

Icon - ON

Icon - ON

(default SAN_060b) Header value longer than 300 characters

Icon - ON

Icon - ON

(default SAN_070b) Sanity check of Accept-Encoding header value

Icon - ON

Icon - ON

(default SAN_080b) Sanity check of Accept-Language header value

Icon - ON

Icon - ON

(default SAN_090b) Sanity check of Accept header value

Icon - ON

Icon - ON

(default SAN_100b) Sanity check of Cache-Control header value

Icon - ON

Icon - ON

Icon - ON

(default SAN_110b) Sanity check of Sec-Fetch-headers value

Icon - ON

Icon - ON

(default SAN_120b) Sanity check of Range header value

Icon - ON

Icon - ON