HttpResponse::HeaderEncoding Property
Gets or sets an Encoding object that represents the encoding for the current header output stream.
Assembly: System.Web (in System.Web.dll)
| Exception | Condition |
|---|---|
| ArgumentNullException | The encoding value is null. |
| HttpException |
The HeaderEncoding property gives you the ability to disable or change the Encoding object on a response header by using the ASCIIEncoding, UnicodeEncoding, UTF7Encoding, or UTF8Encoding object. The default encoding value is the UTF8Encoding class.
By changing the type of the HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. Header injection attacks can be avoided, in part, by leaving the HeaderEncoding property of a response to the default setting. An attack against a vulnerable application could echo back entrusted data as part of a response header. If the HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.
Available since 2.0