HTTP header injection

Source: Wikipedia, the free encyclopedia.

HTTP header injection is a general class of

headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting
(XSS), and malicious redirect attacks via the location header.


See also