Probe Results

Glyph11 is an HTTP/1.1 parsing library currently in development and is included here only as a reference implementation. Its results should not be compared directly with production-grade servers.

HTTP/1.1 compliance comparison across frameworks. Each test sends a specific malformed or ambiguous request and checks the server’s response against the exact expected status code. Updated on each manual probe run on main.

Summary

Loading probe data...

Pass — the server gave the correct response. For most tests this means rejecting a malformed request with 400 or closing the connection. For body handling tests it means successfully reading the request body and returning 2xx.

Warn — the server’s response is technically valid per the RFC, but a stricter alternative exists. For example, accepting a GET request with a body is allowed, but rejecting it is safer because GET-with-body is a known smuggling vector. Warnings appear when the RFC uses “MAY” or “SHOULD” language rather than “MUST”, giving the server a choice — the lenient option is compliant but the strict option is more secure.

Fail — the server gave the wrong response. It either accepted a request it should have rejected, or rejected one it should have accepted.

Unscored — tests marked with * in the detail tables. These cover RFC language that uses “MAY” or permits multiple valid behaviors, so there is no single correct answer to score against. They are still run and displayed for visibility, but do not count toward the pass/fail score.

These results are from CI runs (ubuntu-latest). Click on the Compliance, Smuggling, or Malformed Input tabs above for detailed results per category.