Header injection is a cybersecurity vulnerability where attackers manipulate HTTP headers by injecting malicious data into them. This can occur when user input is improperly validated or sanitized before being included in HTTP response headers. Common exploits include HTTP response splitting, cross-site scripting (XSS), and session fixation. Attackers may use header injection to alter the behavior of web applications, steal sensitive information, or launch further attacks. Preventing header injection requires proper validation and sanitization of all user-supplied input, especially when constructing HTTP headers. Developers should use secure frameworks and avoid directly inserting untrusted data into headers.