The HTTP/2 Bomb exploit chains two known denial-of-service (DoS) attack techniques to knock major web servers offline.

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.

A researcher has created a method for testing and identifying how HTTP/HTTPS headers can be abused to sneak malicious code into back-end servers. Daniel Thatcher, researcher and penetration tester at ...

Security headers are easily overlooked in website audits. While some may say that website security is not an SEO-related concern, it does become SEO-related when a site becomes hacked and search ...

When the last version of the Hypertext Transfer Protocol 1.1 (HTTP/1.1) was approved in 1999, fast computers were running 500MHz Pentium III chips, Bill Clinton was president of the United States, and ...

Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in ...

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service (DoS) vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, ...

There's more to RESTful services than just using the HTTP verbs. You should also be leveraging the Location header and status code, for example. When REST was proposed as a way of leveraging the HTTP ...

Google seems to know handle or obey the RateLimit Header Fields for HTTP. Mike Blazer asked John Mueller from Google about this and John said he never heard of it, so he assumes Google Search does not ...

Yesterday, Google announced more changes to the Google mobile search algorithm, which we can expect to roll out shortly. This update is intended to improve the search experience for mobile users by ...