Preventing Exposure in URLs: Tokens contained in the header are shielded from exposure in the URL. When URL parameters contain sensitive data, there may be a security issue because they are frequently recorded in multiple locations, including browser history and server logs.
Cross-Site Request Forgery (CSRF) Protection: Placing tokens in the header helps protect against CSRF attacks. Malicious websites may be able to operate on behalf of the user without authorization if tokens are present in the request body or URL. Tokens based on headers are immune to these kinds of attacks.
Keeping Cookies Safe from Cross-Site Scripting (XSS) Attacks: Tokens contained in cookies may be subject to XSS attacks. Tokens stored in headers are less likely to be accessed or altered by malicious scripts.
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
Why shouldn't cookies be safe in contrast to headers? A cookie is transmitted exactly the same in HTTP or do I understand something wrong?