# HTTP Headers

## HTTP Header Issues

### Headi

Headi is an automated HTTP header injection tool that will connect to a web server using various headers and monitor the responses for any potential weaknesses.

* <https://github.com/mlcsec/headi>&#x20;

The following command will check for several header related issues on a URL.

`headi -u URL`

## CRLF Vulnerabilities&#x20;

CRLF injection occurs when it is possible to insert CR and LF characters into a web application using user-supplied input. This may force the server, application, or user into interpreting the CRLF as the end of a response and the beginning of another which may lead to HTTP response splitting.

### CRLFuzz

CRLFuzz is a tool to scan for CRLF vulnerabilities.

* <https://github.com/dwisiswant0/crlfuzz>

The following command will check for CRLF issues on a URL.

`./crlfuzz -u <URL>`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.pentestlist.com/offensive-security/web-application/exploitation/injection-attacks/http-headers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.