zaproxy icon indicating copy to clipboard operation
zaproxy copied to clipboard

Published 20 hours ago verified publisher icon zaproxy

network: change normal removal of Accept-Encoding header to being filtered to supported encoding

Open double16 opened this issue 2 years ago • 2 comments
trafficstars

Is your feature request related to a problem? Please describe.

IMHO, ZAP should look like a legit browser as much as possible. Otherwise, site scans may be filtered.

The current behavior and recommendation from the ZAP documentation is to remove Accept-Encoding. I propose to change this to:

  1. Keep the incoming Accept-Encoding values, filtering out unsupported encodings.
  2. For non-proxy requests, add the supported Accept-Encoding values.

Describe the solution you'd like

  1. Keep the incoming Accept-Encoding values, filtering out unsupported encodings.
  2. For non-proxy requests, add the supported Accept-Encoding values.

Describe alternatives you've considered

A proxy script.

Screenshots

No response

Additional context

No response

Would you like to help fix this issue?

  • [X] Yes

double16 avatar Oct 15 '23 11:10 double16

Closing as duplicate of #2198.

thc202 avatar Oct 15 '23 12:10 thc202

Splitting from #2198 to discuss first what behaviour we want.

thc202 avatar Nov 17 '23 10:11 thc202