Y
Hacker News
new
|
ask
|
show
|
jobs
by
niftich
3578 days ago
A secret value, whether it's called a 'password', a 'key', a 'token', or comes in an 'Authorization' header or 'X-CustomHeader' is always a good countermeasure.
1 comments
oandrei
3578 days ago
Right, but a custom HTTP header does not even have to contain a secret. I just has to have a non-standard name. Firefox will refuse setting it, right?
link