Out of the following which can be considered as user input for which validation is not required
-
Host Header
-
Cookie
-
Referrer Header
-
None of the above
D
Correct answer
Explanation
ALL user-supplied input requires validation. Host Headers (A) can be used for cache poisoning or injection attacks. Cookies (B) contain user data that attackers can manipulate. Referrer Headers (C) can contain malicious URLs or scripts. Therefore 'None of the above' (D) is correct - there is no user input that can be safely trusted without validation.