Application Security Terminology


HTTP Response Smuggling

HTTP Response Smuggling is a technique that attackers use to "smuggle" HTTP responses from a server to a client through an intermediary HTTP device that expects (or allows) a single response from the server.

HTTP Response Smuggling exploits the discrepancies between what an anti- HTTP Response Splitting mechanism (or a proxy server) would consider to be the HTTP response stream, and the response stream as parsed by a proxy server (or a browser).


HTTP Response Smuggling can be used to enhance the basic HTTP Response Splitting technique in order to get around anti-HTTP response splitting measures. It can also be used to spoof responses received by the browser. Both of these are possible when the browser uses a proxy server to access both sites.