Leading tab in header name: Authorization
I have a violation / suggestion a detection of Leading tab in header named: "Authorization" When I look at the request, I don't see the "TAB" in the header name. I expect to see something like this: " Authorization" But, what I see is header named "Authorization" I'm wondering whether the meaning here is header context or is there something else I'm missing. Here is the request and F5 log: BIG-IP Application Security Manager Security Events Report Exported on: 2024-08-11 16:40:22 | Exported by: Hostname: F5-AWAF | IP Address: Support ID: 5162895 Request Details Requested URL [HTTPS] /ag/logout Time 2024-08-11 15:46:57 Enforcement Action Block Enforced By Application Security Policy Violation Rating 1 Request is most likely a false positive Attack Types Detection Evasion Geolocation Source IP Address 9.5.8.6.:53483 Device ID N/A Username N/A Session ID ad8a5466e66666b6 Source IP Intelligence N/A Security Policy /Common/SWAF Virtual Server /Common/s Request Status Blocked Blocking Exception Reason N/A Accept Status Not Accepted Host s.co Destination IP Address 16.16.16.6:443 Response Status Code N/A Protocol Info HTTP/1.1 Severity Error Signatures CVEs N/A Detected Violations Attack signature detected [1] Request Request actual size: 1337 bytes. GET /Ag/logout HTTP/1.1 Host: s.co. Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate sec-ch-ua: "Not)A;Brand";v="99", "Google Chrome";v="127", "Chromium";v="127" Pragma: no-cache sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 Authorization: ************************************************************************************************************************************************************************************************ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Accept: application/json, text/plain, */* If-Modified-Since: 0 Expires: 0 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://s.co/Ag/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en,en-US;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.6666663693.6666667143; SL_C_23361dd035530_SID={"666666":{"sessionId":"6666-T6666666","visitorId":"666666HGfeRq"}}; _ga_QX6666666=GS1.1.6666661357.0.0; TS014666666 X-Forwarded-For: 6.6.6.6 Response No response details are available because request was blocked Violation Details Attack signature detected [1] Detected Keyword **** (sensitive data masked) Attack Signature ID 200018064 Name Leading tab in header name Context Header Header Name Authorization Header Value ***** Applied Blocking Settings Block Alarm Learn Violation Description Description The system examines the HTTP message for known attacks by matching it against known attack patterns. Severity Error
