Passing unknown or invalid headers through to the target poses a potential risk of compromise.
By setting drop_invalid_header_fields to true, anything that doe not conform to well known, defined headers will be removed by the load balancer.
Invalid headers being passed through to the target of the load balance may exploit vulnerabilities
Set drop_invalid_header_fields to true
The following example will fail the aws-elb-drop-invalid-headers check.
The following example will pass the aws-elb-drop-invalid-headers check.