To exploit this, you must manually inject the header into your request to the server. There are two primary ways to do this: 1. Using Browser Developer Tools