Http11Probe

2 min read Original article ↗

Open Source

HTTP/1.1 Compliance Platform

An open testing platform that probes HTTP/1.1 servers against RFC 9110/9112 requirements, smuggling vectors, and malformed input handling. Add your framework, get compliance results automatically.

What It Does

Http11Probe sends a suite of crafted HTTP requests to each server and checks whether the response matches the exact expected behavior from the RFCs. Every server is tested identically, producing a side-by-side compliance comparison.

Compliance

RFC 9110/9112 protocol requirements — line endings, request-line format, header syntax, Host validation, Content-Length parsing.

Smuggling

CL/TE ambiguity, duplicate Content-Length, obfuscated Transfer-Encoding, pipeline injection vectors.

Robustness

Binary garbage, oversized fields, too many headers, control characters, integer overflow, incomplete requests.

Normalization

Header normalization behavior — underscore-to-hyphen, space before colon, tab in name, case folding on Transfer-Encoding.

Caching

Conditional request support — ETag, Last-Modified, If-None-Match precedence, weak comparison, edge cases.

Cookies

Cookie header parsing resilience — oversized values, NUL bytes, control characters, malformed pairs, multiple headers.

Contribute to the Project

Http11Probe is open source and built for contributions. Add your HTTP server to the leaderboard, or write new test cases to expand coverage.

Every new framework added makes the comparison more useful for the entire community, and every new test strengthens the compliance bar for all servers on the platform. If you’ve found an edge case that isn’t covered, or you maintain a framework that isn’t listed yet, your contribution directly improves HTTP security and interoperability for everyone.