How to escape a line break literal in the HTTP header?

Question

In the HTTP header, line breaks are tokens to separate fields in the header.

But, if I wan't to send a line break literal in a custom field how should I escape it?

Answer 1

If you are designing your own custom extension field, you may use BASE64 or quoted-printable to escape(and unescape) the value.

Answer 2

The actual answer to this question is that there is no standard for encoding line breaks.

You can use any Binary-to-text encoding such as URL-Encoding or Base64, but obviously that's only going to work if both sender and receiver implement the same method.

---

RFC 2616 did allow to 'fold' (i.e. wrap) header values over multiple lines, but the line breaks were treated as a single space character and not part of the parsed field value.

However, that specification has been obsoleted by RFC 7230 which forbids folding:

Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold).
This specification deprecates such line folding except within the message/http media type (Section 8.3.1).
A sender MUST NOT generate a message that includes line folding

A standard for line breaks in HTTP Header field values is not – and never was – established.

Answer 3

According to RFC2616 4.2 Message Headers:

Header fields can be extended over multiple lines by preceding each extra line with at least one SP or HT.

where SP means a space character (0x20) and HT means a horizontal tab character (0x09).

Answer 4

The idea is, that HTTP is ASCII-only and newlines and such are not allowed. If both sender and receiver can interpret YOUR encoding then you can encode whatever you want, however you want. That's how DNS international names are handled with the Host header (it's called PUNYCODE).

Short answer is: You don't, unless you control both sender and receiver.