From ba0a01a6cfe935e3c5904884fb66a6553229c0d3 Mon Sep 17 00:00:00 2001
From: Elar Lang <47597707+elarlang@users.noreply.github.com>
Date: Thu, 14 Sep 2023 15:51:51 +0300
Subject: [PATCH] 1697-x-headers

#1697
---
 5.0/en/0x22-V14-Config.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/5.0/en/0x22-V14-Config.md b/5.0/en/0x22-V14-Config.md
index 77963f865d..502e3999a9 100644
--- a/5.0/en/0x22-V14-Config.md
+++ b/5.0/en/0x22-V14-Config.md
@@ -85,6 +85,7 @@ Configurations for production should be hardened to protect against common attac
 | **14.5.5** | [MODIFIED, MOVED FROM 13.2.1] Verify that HTTP requests using the HEAD, OPTIONS, TRACE or GET verb do not modify any backend data structure or perform any state-changing actions. These requests are safe methods and should therefore not have any side effects. | ✓ | ✓ | ✓ | 650 |
 | **14.5.6** | [ADDED] Verify that the infrastructure follows RFC 2616 and ignores the Content-Length header field if a Transfer-Encoding header field is also present. | | ✓ | ✓ | 444 |
 | **14.5.7** | [ADDED] Verify that the web application warns users who are using an old browser which does not support HTTP security features on which the application relies. The list of old browsers must be periodically reviewed and updated. | | | ✓ | 1104 |
+| **14.5.8** | [ADDED] Verify that if the application uses HTTP headers such as X-Real-IP and X-Forwarded-*, which are defined by intermediary devices like load balancers or proxies, that these cannot be overridden by the end-user. | | ✓ | ✓ | 345 |
 
 ## V14.6 HTTP/2