You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<p>This rule finds places in the code where header checking is disabled. When header checking is enabled, which is the default, the <code>\r</code> or <code>\n</code> characters found in a response header are encoded to <code>%0d</code> and <code>%0a</code>. This defeats header-injection attacks by making the injected material part of the same header line. If you disable header checking, you open potential attack vectors against your client code.</p>