The HttpResponse.HeaderEncoding property gives you the ability to disable or change the System.Text.Encoding object on a response header by using the System.Text.ASCIIEncoding, System.Text.UnicodeEncoding, System.Text.UTF7Encoding, or System.Text.UTF8Encoding object. The default encoding value is the System.Text.UTF8Encoding class.

By changing the type of the HttpResponse.HeaderEncoding property, you can potentially increase the risk of certain malicious attacks or cause sensitive data to be sent through the response header. Header injection attacks can be avoided, in part, by leaving the HttpResponse.HeaderEncoding property of a response to the default setting. An attack against a vulnerable application could echo back entrusted data as part of a response header. If the HttpResponse.HeaderEncoding is disabled because of a requirement for continuation lines in a header or if any header is constructed based on the result of untrusted data, the header data should be validated before sending to the response stream.