When it comes to input validation and sanitization, some developers focus on URL and body parameters, overlooking the fact that the whole request can be manipulated in the client side and allow for malicious payload to be included in cookies and header values.

In this recipe, we will identify and exploit a vulnerability in a header whose value is reflected in the response.