I'm building a WAF and I'm trying to gather most vulnerable exploits, based on your experience what are the protocols that are forgotten by web admins to catch...

Just block port 80. Complete protection.

@YourMom haha seems logic

Path traversal, limits for header files, not thinking about HTTP limitations like content length and such. Enforce minimal http/1.1 is a good idea. http2.0 can be done by the webserver / reverse proxy. If i had to personally write something like that, i would generate with perplexity search mode a application that will check for all those things within the software you want to check. Ensure that it's autonomous. If done well, it can be used on several languages and such. By letting gpt-nano-4.1 doing things, you will have speed and a huge context window. Just checking certain stuff is very easy for even such model. But you maybe have to look up how to make it fully autonomous. I would limit it to report only. For automatic fixing i would use a second application. It's smart to do json as output that you can easily share with other applications. Make it readable by indenting enabled.

YOur question in general is good idea to ask perplexity with research mode on.

What you're asking for is waf rulesets. Have a look at nginx modsecure's owasp ruleset. They have it all. Perhaps consider parsing their rules and reusing the already hefty knowledge base?

As for the most common ones -- do consult with owasp. Some llm might summarize it for you, like retoor said