It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups.