Average combined header size reduced

firetail:average-combined-header-size-reduced

Type:

Detection

Rule Severity:

Info

The average combined request and response header size during a given period was <= the mean average - one standard deviation of the preceding period.

This reduction in header size could suggest that certain essential information or metadata is missing from the requests or responses, potentially affecting the functionality of the API or causing unintended behavior. Headers in HTTP requests and responses typically contain crucial data such as authentication tokens, content types, and other metadata needed for proper communication and processing between clients and servers.

Remediation

‍Investigate what has caused the combined request and response headers sent to this API to decrease significantly in size.

Example Attack Scenario

A significant reduction in header size could indicate a man-in-the-middle (MitM) attack, where an attacker intercepts and modifies the headers being sent between the client and server. In a MitM attack, the attacker might strip out or alter critical information from the headers, such as authentication tokens, session identifiers, or security headers. This would not only impact the functionality of the API but could also expose the system to additional vulnerabilities, such as session hijacking or unauthorized access.

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings