HttpResponse::HeaderEncoding Property
Gets or sets an Encoding object that represents the encoding for the current header output stream.
Assembly: System.Web (in System.Web.dll)
| Exception | Condition |
|---|---|
| ArgumentNullException | The encoding value is nullptr. |
| HttpException | The encoding value is Unicode. - or - The headers have already been sent. |
The HeaderEncoding property gives you the ability to disable or change the Encoding object on a response header by using the ASCIIEncoding, UnicodeEncoding, UTF7Encoding, or UTF8Encoding object. The default encoding value is the UTF8Encoding class.
By changing the type of the HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. Header injection attacks can be avoided, in part, by leaving the HeaderEncoding property of a response to the default setting. An attack against a vulnerable application could echo back entrusted data as part of a response header. If the HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.