'''HTTP Parameter Pollution''' or HPP in short is a vulnerability that occurs due to passing of multiple parameters having same name. There is no RFC standard on what should be done when passed multiple parameters. This vulnerability was first discovered in 2009. <!-- by whom, if anyone knows they can update -->. <ref name="owasp_hpp">{{cite web|url= https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution|title=WSTG - Latest:Testing for HTTP Parameter Pollution}}</ref>. HPP could be used for cross channel pollution, bypassing CSRF protection and WAF input validation checks.<ref>{{cite web|url=http://www.madlab.it/slides/BHEU2011/whitepaper-bhEU2011.pdf|title=HTTP Parameter Pollution Vulnerabilities in Web Applications|date=2011}}</ref>
