> For the complete documentation index, see [llms.txt](https://wiki.pentestlist.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.pentestlist.com/offensive-security/web-application/exploitation/injection-attacks/http-headers.md).

# HTTP Headers

## HTTP Header Issues

### Headi

Headi is an automated HTTP header injection tool that will connect to a web server using various headers and monitor the responses for any potential weaknesses.

* <https://github.com/mlcsec/headi>&#x20;

The following command will check for several header related issues on a URL.

`headi -u URL`

## CRLF Vulnerabilities&#x20;

CRLF injection occurs when it is possible to insert CR and LF characters into a web application using user-supplied input. This may force the server, application, or user into interpreting the CRLF as the end of a response and the beginning of another which may lead to HTTP response splitting.

### CRLFuzz

CRLFuzz is a tool to scan for CRLF vulnerabilities.

* <https://github.com/dwisiswant0/crlfuzz>

The following command will check for CRLF issues on a URL.

`./crlfuzz -u <URL>`


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://wiki.pentestlist.com/offensive-security/web-application/exploitation/injection-attacks/http-headers.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.