From 8efcc54084b2ae928214d5fe42cec69283c032ed Mon Sep 17 00:00:00 2001
From: Moritz Marby <moritz.marby@sap.com>
Date: Tue, 25 Nov 2025 16:06:38 +0100
Subject: [PATCH] fix: add additional prohibited request headers to prevent
 forwarding of transport headers

---
 internal/server/handlerMain.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/internal/server/handlerMain.go b/internal/server/handlerMain.go
index 48d49d6..94687ae 100644
--- a/internal/server/handlerMain.go
+++ b/internal/server/handlerMain.go
@@ -37,6 +37,17 @@ var prohibitedRequestHeaders = []string{
 	authorizationHeader,
 	"User-Agent",
 	"Host",
+	// HTTP hop-by-hop headers that should not be forwarded to downstream services
+	"Accept-Encoding",
+	"Content-Encoding",
+	"Transfer-Encoding",
+	"Connection",
+	"Keep-Alive",
+	"Upgrade",
+	"TE",
+	"Trailer",
+	"Proxy-Authorization",
+	"Proxy-Authenticate",
 }
 
 type ExtractedRequestData struct {