header-injection
CommunityPrevent HTTP header injection.
Authorthejefflarson
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Protects against HTTP response header injection where user input containing CRLF characters is included in response headers, allowing attackers to inject arbitrary headers or split the HTTP response.
Core Features & Use Cases
- Strips CRLF sequences from user-derived header values before they are set in responses.
- Sanitizes forwarded and request-derived headers to prevent header-based data leakage.
- Enforces safe encoding for Content-Disposition filenames and Location headers to prevent injection.
- Provides verification guidance to ensure all header-setting code paths are protected.
Quick Start
Scan your codebase for all places that set response headers from user input and apply the sanitization guidance.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: header-injection Download link: https://github.com/thejefflarson/soundcheck/archive/main.zip#header-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.