In cache.c, Cache_parse_multiple_fields() doesn't properly skip to the end of the line after finding a match, meaning you can trick it into thinking a single field is actually multiple fields. You can test it by running this command, assuming you have netcat installed: printf $'HTTP/1.0 200\r\nWarning: .Warning: x\r\n\r\n' | nc -Nl 8080 You can then direct Dillo to <http://localhost:8080/>. Dillo's output is then: HTTP warning: .Warning: x HTTP warning: x With this patch, the second line is not produced. (I also fixed a comment that uses the wrong name for a variable; I hope you don't mind.) Sorry the patch isn't in the usual .patch format, I'm new to git. diff --git a/src/cache.c b/src/cache.c index 154bef5c..5bd8a5dc 100644 --- a/src/cache.c +++ b/src/cache.c @@ -287,7 +287,7 @@ static int Cache_bufsize(CacheEntry_t *e) * Inject full page content directly into the cache. * Used for "about:splash". May be used for "about:cache" too. * - * The @param data_ds buffer is copied into the entry buffer, so it is + * @param buf is copied into the entry buffer, so it is the * responsibility of the caller to free it. */ void a_Cache_entry_inject(const DilloUrl *Url, @@ -765,9 +765,8 @@ static Dlist *Cache_parse_multiple_fields(const char *header, j--; field = dStrndup(header + i, j); dList_append(fields, field); - } else { - while (header[i] != '\n') i++; } + while (header[i] != '\n') i++; } if (dList_length(fields) == 0) {