w3c规定,当请求的header匹配如下不安全字符时,将被终止web
- 1. Accept-Charset
- 2. Accept-Encoding
- 3. Connection
- 4. Content-Length
- 5. Cookie
- 6. Cookie2
- 7. Content-Transfer-Encoding
- 8. Date
- 9. Expect
- 10.Host
- 11. Keep-Alive
- 12. Referer
- 13. TE
- 14. Trailer
- 15. Transfer-Encoding
- 16. Upgrade
- 17. User-Agent
- 18. Via