This is a research project completed at Intruder, covering a methodology to determine how headers can be modified to smuggle them through to back-end servers without the front-end processing them. This project was also presented at Black Hat Europe 2021 - you can watch the talk here.

https://www.intruder.io/research/practical-http-header-smuggling