HttpResponse.HeaderEncoding Property


Gets or sets an Encoding object that represents the encoding for the current header output stream.

 property System::Text::Encoding ^ HeaderEncoding { System::Text::Encoding ^ get(); void set(System::Text::Encoding ^ value); };
public System.Text.Encoding HeaderEncoding { get; set; }
member this.HeaderEncoding : System.Text.Encoding with get, set
Public Property HeaderEncoding As Encoding

Property Value


An Encoding that contains information about the character set for the current header.


The encoding value is null.

The encoding value is Unicode.


The headers have already been sent.


The HeaderEncoding property gives you the ability to disable or change the Encoding object on a response header by using the ASCIIEncoding, UnicodeEncoding, UTF7Encoding, or UTF8Encoding object. The default encoding value is the UTF8Encoding class.

By changing the type of the HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. Header injection attacks can be avoided, in part, by leaving the HeaderEncoding property of a response to the default setting. An attack against a vulnerable application could echo back entrusted data as part of a response header. If the HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.

Applies to