pub fn null_byte_inject(header_name: &str) -> StringExpand description
Inject a null byte into the header name at the midpoint.
Some C-based WAF implementations (modSecurity, native nginx modules)
use null-terminated string operations internally. A null byte in the
header name causes the WAF to see a truncated name (e.g., Content
instead of Content-Type\x00), while the upstream server may parse
the full name.