Hi, why does the core rule set check for a missing "Accept" header?
As far as I understand it is optional. See http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html "If no Accept: field is present, then it is assumed that text/plain and text/html are accepted." Thanks and best regards, Ronald
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
