security - Open Redirect or Header Manipulation issues from Fortify scan on asp.net -

we did fortify scan on our asp.net application. found there many header manipulation issues. issues pointing response.redirect(). please have @ below code encoded parameters. below code counted header manipulation issue.

            int icount = 0;             foreach (string name in request.querystring.keys)             {                 icount++;                 if (icount > 1)                 {                     url += "&";                 }                 url += name;                 if (request.params[name]!=null)                 {                     url += "=" + antixss.urlencode(request.params[name]);                 }             }             response.redirect(server.urlpathencode(page.root) + "\test.aspx?" + url); 

can body let me know else required change here resolve issue?

take off server.urlpathencode(page.root) portion , use server.transfer() instead of response.redirect().

server.transfer() transfers user page on same site , poses little no danger of accidentally directing site.

response.redirect() when want redirect site.

also, fortify doesn't tend request.params[] due possible ambiguity. careful attacker may able, on servers, send utf-7 or non-printing version of name 1 of request variables , let name of variable contain actual xss injection, or overwrite get-request value cookie of same name. make sure both name , value htmlencoded, , consider using request.querystring[parametername] instead of request.params[parametername] avoid more issues fortify.

hopefully gets past fortify issues!