HTTP request smuggling is a technique that exploits differences between HTTP clients and servers in how they handle requests. This allows an attacker to smuggle additional HTTP requests inside a single request in order to poison caches, evade firewalls and intrusion detection systems, or conduct other attacks. The whitepaper provides examples of how HTTP request smuggling can be used for web cache poisoning, firewall/IPS/IDS evasion, and differences between forward and backward smuggling attacks.