Why would I choose to deny "unknown http headers" at my firewall?

Why would I choose to deny "unknown http headers" at my firewall?  We have an application that sends, what else, Microsoft proprietary AJAX http headers.  Our customer's firewall is swatting those down.  One of our developers is telling us just have the customer disable that setting.  Unfortunately I don't have the brand and model of the firewall.  Is there the potential for abuse with unknown headers (generally speaking)?  Or is this a redundant filter?  Why would you use them?  Can anyone point me to papers that describe attacks using this kind of header?
jerry_corneliusAsked:
Who is Participating?
 
Freya28Commented:
it is a security issue.  i hope this link helps explain
https://www.kb.cert.org/vuls/id/867593
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.