== How to fix it

As a best practice, applications that construct response headers using user-provided data should always implement rigorous validation or sanitation of this data.

Also, note that most high-level and modern web development frameworks integrate a built-in protection measure and are thus immune to response splitting attacks. Using such a framework should be considered.