HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)

Observed honeypot traffic included a non-standard X-Vercel-Set-Bypass-Cookie header (value 'samesite-none-secure') likely intended to set a bypass cookie on Vercel deployments to relax protections; the header differs from documented Vercel bypass options and may enable persistence of a protection bypass or exposure of secrets. The request was proxied and the author did not confirm active exploitation, noting only that the header's undocumented value is suspicious and merits further investigation.