We are using AES encryption to encrypt and decrypt data that is sent between browser and the server. AES encryption needs a secret key,which is hard coded and known by the client and the server.
Apart from the shared secret key, AES encryption also needs an initialisation vector( IV), which is unique and generated every time when a new request is sent either from the client or the server.
Is it ok for sharing this uniquely generated vector in every request in the http header between browser and server ? Are there any security risks in doing so?