The following HTTP protocol back-end applications or front-end user agents are known to be incompatible with Apache HTTP Server's protocol implementation of HTTP/1.1 or h2, in many cases the configuration option <code>HttpProtocolOptions Unsafe</code> will work around these defective applications, at a cost of enabling malicious cache poisoning behavior for all content on the configured server.
Until neatly formatted, it is simply a list of the bug reports. Editorial assistance is welcome;
Trailing whitespace after HTTP/1.1 token in HTTP request line;
Invalid whitespace in X-RHN-Auth-User-Id header of RedHat Satellite 5/Spacewalk prior to version 2.7;
JBoss mod_cluster invalid IPv6 Host: header addressing (Missing square bracket delimiters);
Multiple examples, principally on Windows - underscore within Host: header server names not permitted (example);