The title gives this one away, the header(...) function in PHP will issue a warning (and keep executing) without adding the header to the response if the header contains a Carriage Return (\r), New-Line (\n) or Null-byte (\x00). That functionality may not be new to you as its purpose is to kill response splitting attacks, but @OctagonNetworks presents a fresh twist on this, probably not the first to have the thought but it was a neat idea to me. Take the functionality and use it to your advantage in an attack by being able to drop a header. They use the example of dropping a Content-Disposition header which can prevent the browser from rending the page though I could see this knowledge coming in handy during other chains too. Its just a neat trick to keep in your back-pocket when testing.