Note

web proxy http checklist methodology

First-pass triage checklist for multi-hop/proxy targets — map topology first, then smuggling, host routing, and hidden SSRF surfaces.

When the Stack Includes Proxies or Multiple HTTP Hops

A quick triage list for what to think about first when there are proxies or multiple HTTP hops.

Checklist

Think about topology before payloads: docs, dashboards, headers, and router APIs often tell you where the real target is.
Think about HTTP/3, Host routing, request smuggling, TE/CL ambiguity, CRLF, and whether any hop rewrites or normalizes differently.
Think about replay systems, background fetchers, and internal service calls as hidden SSRF surfaces rather than only direct frontend fetches.

Aggregated from the HTTP / Proxy / Infrastructure sections of the 2026 web corpus.