Bug Bounty Hub
  • 🚀WELCOME
    • Bug Bounty Hub
    • BBH - Values
    • About the author
  • 🕸️PENTESTING WEB
    • Information Gathering
      • Enumerating ASN and IP blocks
      • Reverse IP Lookup
      • Scanning Open Ports/Services
      • Subdomain Enumeration
        • Active Subdomain Enumeration
        • Passive Subdomain Enumeration
        • Subdomain Permutations
        • Check Alive Subdomains
      • Subdomain Takeover
      • Fuzzing
      • JavaScript Files
      • Endpoints
      • Input Parameters
      • Mapping Attack Surface - Crawling/Spider
      • Fingerprinting
      • Potential Vulnerabilities - Nuclei
    • Client-Side Injection Attacks
    • Server-Side Vulnerabilities
      • Path Traversal/File Inclusion
      • Access Control
      • Authentication
      • Server-side Request Forgery (SSRF)
      • File upload vulnerabilities
      • OS Command Injection
      • SQL Injection
        • MySQL Injection
        • SQLi with SQLMap
    • Authentication
    • Insecure Direct Object Reference (IDOR)
    • Cross-Site Request Forgery Attacks
    • Business Logic Flaws
    • HTTP Verb Tampering
    • Bypass 401 & 403
    • Evading WAFs
    • Reporting
  • 🐣THE BASICS OF WEB
    • HTTP Methods
    • HTTP Response Codes
    • HTTP Headers
      • AWS S3 Buckets Headers
    • HTTP Cookies
    • Encoding
      • URL encoding
      • HTML encoding
      • Base 64 encoding
      • Unicode encoding
    • Web Browsers
      • Same-Origin Policy (SOP)
      • Content Security Policy (CSP)
      • Subresource Integrity Check (SIC)
    • Web Proxies
  • 📚RESOURCES
    • Books
    • Web resources
    • CTF Platforms
  • 🏔️Bug Bounty Platforms
Powered by GitBook
On this page
  • Gathering Information
  • 1. X-Amz-Cf-Pop
  • 2. X-Amz-Bucket-Region
  • 3. X-Amz-Server-Side-Encryption
  • 4. X-Amz-Delete-Marker
  • 5. Access-Control-Allow-Origin
  • 6. Access-Control-Allow-Credentials
  • 7. Access-Control-Allow-Headers
  • 8. Access-Control-Allow-Methods
  • 9. Access-Control-Expose-Headers
  • Diagnostic Headers
  • 1. X-Amz-Cf-Id
  • 2. X-Amz-Request-Id
  • 3. X-Amz-Id-2
  • References

Was this helpful?

  1. THE BASICS OF WEB
  2. HTTP Headers

AWS S3 Buckets Headers

When interacting with an AWS S3 bucket or accessing resources via CloudFront, you might notice specific HTTP headers in the responses. These headers provide valuable metadata about the request, such as where the request was processed, unique identifiers for tracking, and the region where the S3 bucket is hosted.

Here’s a breakdown of some common AWS headers:

Gathering Information

1. X-Amz-Cf-Pop

This header is related to Amazon CloudFront, AWS's content delivery network (CDN). It tells you the Point of Presence (PoP) or edge location where CloudFront served the content. This is useful for determining from which geographical location the response was delivered, which can affect latency.

Example: CloudFront PoP located in Los Angeles (LAX) and 50-C1 refers to specific CloudFront node:

X-Amz-Cf-Pop: LAX50-C1

2. X-Amz-Bucket-Region

It tells you the AWS region where the S3 bucket is located. This can be important for optimizing latency and ensuring that you're accessing resources from the closest geographical region.

Example: Bucket located in Oregon, USA

x-amz-bucket-region: us-west-2

3. X-Amz-Server-Side-Encryption

The server-side encryption algorithm used when storing this object in Amazon S3 (for example, AES256, aws:kms).

Example:

x-amz-server-side-encryption: AES256

4. X-Amz-Delete-Marker

This header is used when versioning is enabled in a bucket. It indicates that an object has been deleted, but instead of being permanently removed, a delete marker is placed on the most recent version. This makes the object appear deleted unless you specify a version ID to access previous versions.

Example:

x-amz-delete-marker: true

5. Access-Control-Allow-Origin

This header defines which origins (domains) are allowed to access the resources. It's one of the most critical headers in the CORS process because it controls the security of which external websites can interact with your resources.

Examples:

Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: https://example.com

If the Access-Control-Allow-Credentials header is set to true alongside Access-Control-Allow-Origin: '*', it creates a critical vulnerability. This allows any website to send requests with credentials to the server.

6. Access-Control-Allow-Credentials

The Access-Control-Allow-Credentials header is part of the CORS (Cross-Origin Resource Sharing) mechanism and determines whether the browser should include credentials (such as cookies, HTTP authentication, or client-side SSL certificates) in cross-origin requests.

Example:

Access-Control-Allow-Credentials: true

7. Access-Control-Allow-Headers

The Access-Control-Allow-Headers header is used in CORS (Cross-Origin Resource Sharing) to specify which headers can be included in the actual request from the client. It lists the allowed headers that the client can use in its requests. This header is important when the request includes custom headers that need to be accepted by the server.

Example:

Access-Control-Allow-Headers: Content-Type, Authorization, X-Custom-Header

8. Access-Control-Allow-Methods

The Access-Control-Allow-Methods header is used to specify the HTTP methods that are allowed for cross-origin requests. It defines what methods can be used when making requests from a different origin.

Example:

Access-Control-Allow-Methods: GET, POST, PUT, DELETE

9. Access-Control-Expose-Headers

The Access-Control-Expose-Headers header is used to specify which headers should be accessible to the client in a cross-origin response. By default, only a few simple headers (like Content-Type and Content-Length) are exposed to the client. This header allows the server to expose additional headers in the response.

Example:

Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header, Authorization

Diagnostic Headers

1. X-Amz-Cf-Id

This is a unique identifier for the specific request processed by CloudFront. It’s helpful for tracing a request when troubleshooting issues with CloudFront delivery, particularly in support cases. This identifier allows AWS to track this specific request as it passed through their CDN infrastructure.

Example:

X-Amz-Cf-Id: vjKNEvZ1asEXAMPLEabcdefg

2. X-Amz-Request-Id

This request ID is used to track individual requests to S3. If you encounter any errors or issues, you can provide this ID to AWS support for help with investigating what went wrong.

Example:

x-amz-request-id: 34F9CE989D0AC46F

3. X-Amz-Id-2

This header contains additional trace information that AWS uses to track how your request was processed through the internal systems, such as load balancers or storage systems. Together with x-amz-request-id, it helps in tracking issues across multiple layers of AWS infrastructure.

Example:

x-amz-id-2: sBDAgTGEXAMPLEbhFvfjRfD/EXAMPLEidGdzEXAMPLET

References

  • Common Request Headers: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html

  • Common Response Headers: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html

PreviousHTTP HeadersNextHTTP Cookies

Last updated 6 months ago

Was this helpful?

🐣