Content deleted Content added
m Fixed grammar Tags: canned edit summary Mobile edit Mobile app edit iOS app edit App section source |
avoid redirect |
||
(2 intermediate revisions by one other user not shown) | |||
Line 2:
{{Citation style|date=March 2024}}
{{HTTP}}
'''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] ([[HTTP]]) [[list of HTTP headers|headers]] are dynamically generated based on user input. [[Header (computing)|Header]] injection in HTTP responses can allow for [[HTTP response splitting]], [[session fixation]] via the Set-[[HTTP cookie|Cookie]] header, [[cross-site scripting]] (XSS), and malicious redirect attacks via the ___location header. [[XSS]] attacks can be blocked with the use of an [[Browser extension|extension]] such as [[NoScript]] or Malwarebytes Browser Guard on your [[Web browser|browser]].
== Sources ==
|