Revision as of 23:03, 16 May 2025 edit TotallyNotPepto (talk \| contribs) 26 edits m Added links Tags: canned edit summary Mobile edit Mobile app edit iOS app edit App section source ← Previous edit		Revision as of 23:11, 16 May 2025 edit undo TotallyNotPepto (talk \| contribs) 26 edits m Added links Tags: canned edit summary Mobile edit Mobile app edit iOS app edit App section source Next edit →
Line 2: {{Citation style\|date=March 2024}} {{HTTP}} '''HTTP header injection''' is a general class of [[web application]] [[security vulnerability]] which occurs when [[Hypertext Transfer Protocol]] ([[HTTP]]) [[list of HTTP headers\|headers]] are dynamically generated based on user input. Header injection in HTTP responses can allow for [[HTTP response splitting]], [[session fixation]] via the Set-[[HTTP cookie\|Cookie]] header, [[cross-site scripting]] (XSS), and malicious redirect attacks via the ___location header. [[XSS]] attacks can be blocked with the use of an [[Browser extension\|extension]] such as [[NoScript]] or Malwarebytes Browser Guard on your [[Web browser\|browser]]. == Sources ==

HTTP header injection: Difference between revisions