HTTP header injection

Source: Wikipedia, the free encyclopedia.

HTTP header injection is a general class of

headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. HTTP header injection is a relatively new area for web-based attacks, and has primarily been pioneered by Amit Klein in his work on request/response smuggling/splitting.[1]


See also


  1. ^ Linhart, Klein, Heled, and Orrin: HTTP Request Smuggling, 2005, Watchfire Corporation. Retrieved on 22 December 2015