Carriage Return Line Feed
CRLF injection abuses the carriage return and line feed characters that mark line endings in protocols like HTTP. By smuggling these characters into input that ends up in headers or logs, attackers can split responses, forge log entries, or set malicious headers. It matters as a building block for response splitting and cache poisoning attacks, and is prevented by sanitizing control characters.