Potential header injection. This rule is emitted when user-controlled input can be passed into a HTTP header.
The risk of a header injection depends hugely on your environment.
If your system does not do that, there may be other concerns, such as:
- Cookie Injection
- Open Redirects
- Proxy Cache Poisoning
Make sure only the value and not the key can be set by an attacker. (e.g.
header('Location: ' . $_GET['target']);)
Verify the set values are sensible. Consider using an allow list. (e.g. for redirections)