When implementing the WebSocket Client today, we found that the protocol requires the client mask payload

For the purpose of laziness, I intend to write the Masking key directly. But after careful consideration, since the Masking key needs to be put into the Frame, it indicates that it should be dynamic, but why should it be designed in this way?

Section 5.3 of RFC 6455 says:

The unpredictability of the masking key is essential to prevent authors of malicious applications from selecting the bytes that appear on the wire.

It's really for safety

RFC 6455 is kind 10.3. Attacks On Infrastructure (Masking) The implementation of the attack is explained in detail:)