alt Hacker News> I don’t get why headers and requests need to be spoofed if all traffic is over https?
Because the traffic is to a CDN endpoint (like Cloudflare) which expects it to be a HTTP message.
> I don’t get why headers and requests need to be spoofed if all traffic is over https?
Because the traffic is to a CDN endpoint (like Cloudflare) which expects it to be a HTTP message.