Chrome's hidden X-Browser-Validation header reverse engineered
10 months ago
- #Headers
- #Chrome
- #Security
- Chrome added new headers including 'x-browser-validation' which appears to be a hash.
- The 'x-browser-validation' header is likely used for integrity checks like verifying user agent authenticity.
- The header is generated by concatenating a platform-specific API key with the user agent string, hashing with SHA-1, and base64 encoding the result.
- Different API keys are used for Windows, Linux, and macOS platforms.
- The process involves data preparation, hashing with SHA-1, and base64 encoding before setting the header.