Findings
Average Request Header Size Reduced
Updated: June 19, 2025
Description
The average request header size has decreased during the current observation period.
The average request header size has significantly decreased during a given period, falling below the mean average minus one standard deviation from the preceding period. This reduction could indicate several potential causes, such as changes in the client-side application, updates to API endpoints, or possibly malicious behavior. A sudden decrease in header size may also suggest that important authentication, session, or other necessary headers are being omitted or stripped, which could affect the API's functionality and security.
Example Attack
An attacker may try to exploit the reduction in request headers by intentionally omitting certain headers, such as authentication tokens or session cookies, to bypass security controls. For example:
- Bypassing Authentication: If an attacker manipulates the headers to exclude an authentication token or session ID, the request may appear as though it is coming from an unauthenticated user. This could allow unauthorized access to sensitive data or functionality that would typically require authentication.
- Exploitation of Missing Data: If certain headers such as
Content-Typeare reduced, it could lead to unexpected behavior on the server, such as incorrect processing of data or the execution of unwanted operations, potentially causing vulnerabilities or errors. - Denial of Service (DoS): A reduction in headers could also be a tactic to manipulate the behavior of the API, such as causing errors or making the server handle malformed requests that could eventually lead to resource exhaustion.
Remediation
Investigate what has caused the request headers sent to this API to decrease significantly in size.