Standard HTTP headers are commonly used by web servers to process client requests. While performing a web application penetration test, it's recommended to understand the workings of the web application and how the web application server processes request headers (standard and non-standard). Having a better understanding of the web application can help us define some pretty decent fuzz vectors that would greatly increase the probability of finding logical flaws in the web application. In this topic, we'll be going through some custom test cases to understand how to fuzz a web application.