Http_header_injection

🌐 🇮🇩 ID 🇺🇸 EN 🇩🇪 DE 🇫🇷 FR 🇪🇸 ES 🇷🇺 RU 🇮🇹 IT 🇵🇱 PL 🇨🇳 ZH 🇯🇵 JA 🇧🇷 PT ↗ Wikipedia

📑 Table of Contents▼

This article has an unclear citation style. The references used may be made clearer with a different or consistent style of citation and footnoting. (March 2024) (Learn how and when to remove this message)

HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header. XSS attacks can be blocked with the use of a browser extension such as NoScript or Malwarebytes Browser Guard.

Sources

edit

References

edit

This World Wide Web–related article is a stub. You can help Wikipedia by adding missing information.

📚 Artikel Terkait di Wikipedia

List of HTTP header fields

HTTP header fields. A core set of fields is standardized by the Internet Engineering Task Force (IETF) in RFC 9110 and 9111. The Field Names, Header Fields

HTTP referer

In HTTP, "Referer" (a misspelling of "Referrer") is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI) from

HTTP request smuggling

interpretation of Content-Length and Transfer-Encoding headers between HTTP server implementations in a HTTP proxy server chain. HRS was first discovered in

List of HTTP status codes

of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads

HTTP 404

In HTTP, the 404 HTTP status code indicates that a web client (i.e. browser) was able to communicate with a server, but the server could not provide the

HTTP 403

required Depth header or issued a Depth header of infinity. Client request: GET /hello.html HTTP/1.1 Host: www.example.org Server response: HTTP/1.1 403 Forbidden

HTTP

allow intermediate HTTP nodes (proxy servers, web caches, etc.) to accomplish their functions, some of the HTTP headers (found in HTTP requests/responses)

Basic access authentication

name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>