Securing web servers and proxies is critical for enterprise networks. Such Internet-facing systems make up a significant portion of the remote attack surface and, thus, serve as prime targets. HTTP Request Smuggling (HRS) is a vulnerability that arises when web servers and proxies interpret the length of a single HTTP request differently. In this study, empirical testing was used to find parsing behaviors that could lead to HRS in six popular proxies and six servers. A literature study was conducted to compile a corpus containing requests adopting all known HRS techniques and different variations. A test harness was built to enable the automatic sending of requests and recording of responses. The responses were then manually analyzed to identify behaviors vulnerable to HRS. In total, 19 vulnerable behaviors were found, and by combining the proxies with the servers, two almost full and four full attacks could be performed. At least one behavior that went against the HTTP specification was found in every system tested. However, not all of these behaviors enabled HRS. In conclusion, most proxies had strict parsing and did not accept requests that could lead to HRS. The servers, however, were not so strict.