CRLFinjektio

CRLFinjektio, or CRLF injection, is a web security vulnerability that arises when untrusted input is reflected into HTTP response headers without proper encoding or validation. CR and LF refer to carriage return and line feed characters, which can terminate a header and start a new one. When these characters are inadvertently accepted in header values or names, an attacker may craft additional headers or even alter the response body.

The mechanism typically involves user-supplied data that ends up in header-bearing contexts, such as the Location

Impact varies with the context and server behavior. In some cases, an attacker can influence how a

Mitigation focuses on strict input handling and safe header construction. Best practices include validating and sanitizing