Forum

When a CGI script sends the X-Hiawatha-Cache to Hiawatha, Hiawatha forwards that header to the web client.

The web server is expected to consume and discard X-Hiawatha-Cache, and not leak it to the web client.

What harm can it do?

There is no serious direct harm.


- It leaks a bit of info on what setup the website is using. Attackers often probe and collect as much info as possible in hopes of finding attack vectors. While this piece piece of info is useless on its own, who knows what use might it serve when combined with other info, why give it away if it can be easily protected?

- It sends a non standard header across the open net. While this is not forbidden since it starts with "x-", it is not common.

- It wastes a tiny bit of bandwidth.

Fair enough. I'll see what I can do.

As a side note, we greatly appreciate your effort and this piece of software is a masterpiece. Thanks for everything.

We hope we might contribute something to the project one day.

Thanks, good to hear! And you're welcome.

P.S.
Who is 'we'?

Just a bunch of RaspberryPi tinkerers