I'm new to HTTP protocol and I have limited experience in networking.
I'm wondering which http request headers can be set arbitrarily and which headers cannot.
For example, can I create a http request to www.twitter.com and set the Referer header value to www.google.com even though I did not visit the www.twitter.com website by clicking a link on www.google.com??
Can it be forged?
If so, which other http request headers can be forged like this?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
