Simon Willison’s Weblog

Response Splitting Risk. Important reminder that you should always ensure strings used in HTTP headers don’t contain newlines.

Posted 19th October 2008 at 11:58 pm

Recent articles

The last six months in LLMs, illustrated by pelicans on bicycles - 6th June 2025
Tips on prompting ChatGPT for UK technology secretary Peter Kyle - 3rd June 2025
How often do LLMs snitch? Recreating Theo's SnitchBench with LLM - 31st May 2025

responsesplitting 1 http 96 rails 72 rubyonrails 3 security 519

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe