What’s the purpose of these headers in the leaked #SpringShell exploit? They are included in the POST payload using “{headername}”.

Required to get around some non-security encoding context? Avoid double URL-encoding? WAF bypass (cant see any other reason for “Runtime”)? https://t.co/C6ZyAOBAIK