To solve this challenge, we need an understanding of references in headers.

We will use this reference throughout the challenge.

Q1. Only people who use the official PicoBrowser are allowed on this site!

Change the user-agent to PicoBrowser.

Q2. I don’t trust users visiting from another site.

The Referer header allows a server to identify referring pages that people are visiting from or where requested resources are being used.

Add the Referer to the header.

Q3. Sorry, this site only worked in 2018.

It’s easy. Let’s add Date to the header.

Q4. I don’t trust users who can be tracked.

We can do this by setting DNT (Do Not Track) to 1.

However, this feature is deprecated and no longer recommended.

Q5. This website is only for people from Sweden.

We can set X-Forwarded-For to Sweden’s IP address.

The X-Forwarded-For (XFF) request header is a de-facto standard header for identifying the originating IP address of a client connecting to a web server through a proxy server.

I googled Sweden’s IP range and used a random one.

Q6. You’re in Sweden but you don’t speak Swedish?

The Accept-Language request HTTP header indicates the natural language and locale that the client prefers.

Then, finally, we are in!

I like this challenge because It’s a good practice to learn about header references.