Introductions - Meet your fellow Bugcrowd members

Hey Zy9ard3,

Just a heads up letting you know you replied to my post rather then the main discussion thread. This means not many fellow hackers will see your question and be able to respond to it. I’ve personally found the Bugcrowd Discord Channel to be a great place to ask questions. Since I’m here already I’ll go ahead and answer your question the best I can. :slight_smile:

At first glance, my opinion is no, these custom HTTP Response Headers don’t appear to be anything sensitive.

After searching for “Beacon Tracking Cloudflare” in my search engine, one of the top results was this post by Cloudflare discussing their use of drand to generate a truly unique random number to use as the token / data-cf-beacon you are seeing.

Another approach you could take to determine if these headers are exposing private data would be to search the Headers names themselves in your favorite search engine. Searching for " data-cf-beacon"Turned up this page which explains how data-cf-beacon is being set. You can repeat this process for the other headers.

Hope that helps at all. Let me know if you have any further questions. Take care!