`Host:` --- Virtual host routing; test for host header injection - `X-Forwarded-For:` --- IP spoofing behind load balancers - `Referer:` --- CSRF protection bypass if checking referer - `Content-Type:` --- Change from `application/json` to `application/xml` to test XXE - `Cookie:` --- Session manipu