Which attack involves sending partial HTTP requests that leave the server waiting for completion?

Slowloris works by tying up a web server’s available connections with incomplete HTTP requests. It opens many connections to the target and sends only partial requests, then periodically sends additional header data to keep each connection alive and waiting for the rest of the request. Because the server must hold those connections open until the request is completed or timeouts occur, the pool of available connections fills up, preventing legitimate users from connecting and causing a denial of service. This behavior is distinctive: the attack relies on partial requests and anticipation of completion to exhaust resources rather than flooding with finished requests or using reflectors.