The Header type currently doesn't support multiple values for a single header. We need to support requests that include the same header multiple times, possibly with different casings. Examples:

// different casing
Content-Type: application/json
ConTent-tyPE: application/json
// same casing, same or different value
content-type: application/json
content-type: application/json
content-type: application/problem+json

Attackers will throw anything at a web server to break it / break in. That means a web server will see requests that are not valid w.r.t. to RFCs. In this case, the web server might see multiple entries for the same header, with differences in the header name and / or the header value, as shown in the examples above. go-ftw must be able to send such requests in order to test that a WAF can defend against them.

Acceptance criteria

• it must be possible to specify headers as in the examples above in a test case (YAML)
• it must be possible to add multiple values to a specific header name
• retrieving headers must return a map, as a key can map multiple versions of a header
• Header must not be an alias for map[string]string. Users must be forced to use the methods to ensure proper state of the object