|
|
|
|
|
|
by ChrisAtWork
3623 days ago
|
|
|
Why do you think HTTPS would fix this? For the TLS case, there are enough MITM proxies, both in the Enterprise and elsewhere, to make this a real concern. There are also API Aggrigators which are effectively MITM and need to be taught to "play-well" with custom headers. Certainly in the consumer case HTTPS would keep a majority of consumer facing ISPs from header-stripping, but there is still a pretty big hole. |
|
|