Findings

Average Response Header Size Reduced

Updated: June 19, 2025

findings log based findings api finding

Description

Severity: Info

The average response header size has decreased during the current observation period.

The average response header size of the API during a given period is significantly lower than the mean average of the preceding period, reduced by one standard deviation. Response headers typically contain essential metadata about the response, such as content type, length, caching information, and other necessary details. A sudden decrease in response header size could indicate issues such as missing or incomplete headers, misconfigurations, or potential security concerns. It could also be a sign of abnormal behavior in the API or its communication protocols.

Example Attack

A malicious actor may target a vulnerability that relies on missing or improperly configured response headers. For example, if security headers such as X-XSS-Protection or Strict-Transport-Security are removed or not sent due to the reduced header size, the API could become vulnerable to attacks like Cross-Site Scripting (XSS) or man-in-the-middle (MITM) attacks. Additionally, reduced headers could indicate a configuration error, which might cause unexpected behaviors, such as a failure to properly authenticate or authorize users. This could open the API up to unauthorized access or other malicious activities.

Remediation

Investigate what has caused the response headers sent to this API to decrease significantly in size.

Need help?

Contact FireTail support

Previous (Findings - Log based findings)
Average Response Header Size Elevated
Next (Findings - Log based findings)
Average Response Payload Size Elevated