Description
This web application is configured with the httpRuntime property enableHeaderChecking set to false. When configured this way, it will disable ASP.NET's detection of header injection attacks. When this property is true, which is the default, the \r or \n characters found in a response header are encoded to %0d and %0a. This defeats header-injection attacks by making the injected material part of the same header line.
Remediation
It's recommended to set httpRuntime property enableHeaderChecking set to true.
<httpRuntime enableHeaderChecking="true" >