How to prevent HTTP Response Splitting

Escaping/validation/filtering the values of the given headers

The main security condition is not to pass the \r, \n symbols in the headers. To do this, you can use several approaches

  • Escaping: URL-encoding in the case of headings Location, Set-Cookie.
  • Validation: if the header value contains one of \r, \n symbols, then give the user an error and stop the query execution logic.
  • Filtering is the safest option when \r, \n symbols are cut from the header values.

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Quiz →