An attack of this type exploits web applications that generate web
						content, such as links in a HTML page, based on unvalidated or improperly
						validated data submitted by other actors. XSS in HTTP Headers attacks target
						the HTTP headers which are hidden from most users and may not be validated
						by web applications.