HTTP header fields are a list of strings sent and received by both the node plan and server on every HTTP request and reply. These headers are normally invisible to the end-user and are only action or logged by the server and customer applications. They define how information sent/received through the joining are encoded ( as in Content-Encoding ), the session confirmation and identification of the node ( as in browser cookies, IP address, user-agent ) or their anonymity thereof ( VPN or proxy mask, user-agent spoof ), how the server should handle data ( as in Do-Not-Track ), the age ( the meter it has resided in a shared cache ) of the document being downloaded, amongst others .

General format [edit ]

In HTTP translation 1.x, header fields are transmitted after the request agate line ( in case of a request HTTP message ) or the reaction line ( in sheath of a answer HTTP message ), which is the foremost line of a message. Header fields are colon-separated key-value pairs in clear-text string format, terminated by a passenger car hark back ( CR ) and trace feed ( LF ) character sequence. The end of the header section is indicated by an empty field tune, resulting in the transmittance of two back-to-back CR-LF pairs. In the past, retentive lines could be folded into multiple lines ; sequel lines are indicated by the presence of a space ( SP ) or horizontal yellow journalism ( HT ) as the first character on the adjacent channel. This fold is now deprecated. [ 1 ] HTTP/2 [ 2 ] and HTTP/3 rather use a binary protocol, where headers are encoded in a unmarried HEADERS and zero or more CONTINUATION frames using HPACK [ 3 ] ( HTTP/2 ) or QPACK ( HTTP/3 ), which both provide effective heading compression. The request or reception line from HTTP/1 has besides been replaced by several pseudo-header fields, each beginning with a colon ( : ).

Field names [edit ]

A core set of fields is standardized by the Internet Engineering Task Force ( IETF ) in RFCs 7230, 7231, 7232, 7233, 7234, and 7235. The Field Names, Header Fields and Repository of Provisional Registrations are maintained by the IANA. Additional field names and permissible values may be defined by each application. Header field names are case-insensitive. [ 4 ] This is in contrast to HTTP method acting names ( GET, POST, etc. ), which are case-sensitive. [ 5 ] [ 6 ] HTTP/2 makes some restrictions on specific header fields ( see below ). Non-standard header fields were conventionally marked by prefixing the plain name with X- but this convention was deprecated in June 2012 because of the inconveniences it caused when non-standard fields became standard. [ 7 ] An earlier restriction on use of Downgraded- was lifted in March 2013. [ 8 ]

field values [edit ]

A few fields can contain comments ( i.e. in User-Agent, Server, Via fields ), which can be ignored by software. [ 9 ] many discipline values may contain a timbre ( q ) key-value match separated by equals sign, specifying a system of weights to use in contentedness negotiation. [ 10 ] For case, a browser may indicate that it accepts information in German or English, with german as preferred by setting the q respect for de higher than that of en, as follows : Accept-Language: de; q=1.0, en; q=0.5

Size limits [edit ]

The standard imposes no limits to the size of each header field mention or value, or to the phone number of fields. however, most servers, clients, and proxy software impose some limits for practical and security reasons. For case, the Apache 2.3 server by nonpayment limits the size of each airfield to 8,190 bytes, and there can be at most 100 header fields in a individual request. [ 11 ]

Request fields [edit ]

Standard request fields [edit ]

common non-standard request fields [edit ]

Response fields [edit ]

Standard response fields [edit ]

coarse non-standard response fields [edit ]

Effects of selected fields [edit ]

Avoiding caching [edit ]

If a web server responds with Cache-Control: no-cache then a web browser or other caching organization ( intermediate proxies ) must not use the reaction to satisfy subsequent requests without first base checking with the originating server ( this summons is called validation ). This header field is share of HTTP version 1.1, and is ignored by some caches and browsers. It may be simulated by setting the Expires HTTP interpretation 1.0 heading field rate to a clock earlier than the reply fourth dimension. Notice that no-cache is not instructing the browser or proxies about whether or not to cache the content. It fair tells the browser and proxies to validate the cache subject with the server before using it ( this is done by using If-Modified-Since, If-Unmodified-Since, If-Match, If-None-Match attributes mentioned above ). Sending a no-cache value therefore instructs a browser or proxy to not use the hoard contents merely based on “ freshness criterion ” of the hoard contented. Another common way to prevent old capacity from being shown to the exploiter without establishment is Cache-Control: max-age=0. This instructs the user agent that the content is stale and should be validated before consumption. The header field Cache-Control: no-store is intended to instruct a browser application to make a best attempt not to write it to disk ( i.e not to cache it ). The request that a resource should not be cached is no guarantee that it will not be written to disk. In particular, the HTTP/1.1 definition draws a distinction between history stores and caches. If the drug user navigates back to a previous page a browser may hush show you a page that has been stored on magnetic disk in the history memory. This is right behavior according to the specification. many exploiter agents show different demeanor in loading pages from the history shop or cache depending on whether the protocol is HTTP or HTTPS. The Cache-Control: no-cache HTTP/1.1 header battlefield is besides intended for consumption in requests made by the customer. It is a entail for the browser to tell the server and any intermediate caches that it wants a fresh version of the resource. The Pragma: no-cache header field, defined in the HTTP/1.0 specification, has the lapp purpose. It, however, is only defined for the request header. Its think of in a response header is not specified. [ 75 ] The behavior of Pragma: no-cache in a response is execution particular. While some user agents do pay attention to this field in responses, [ 76 ] the HTTP/1.1 RFC specifically warns against relying on this demeanor.

See besides [edit ]

References [edit ]

As of this edit, this article uses content from “ What is the X-REQUEST-ID hypertext transfer protocol header ? ” , authored by Stefan Kögl at Stack Exchange, which is licensed in a way that permits reuse under the Creative Commons Attribution-ShareAlike 3.0 Unported License, but not under the GFDL. All relevant terms must be followed.
As of this edit, this article uses content from “ Why does ASP.NET model add the ‘X-Powered-By : ASP.NET ‘ HTTP Header in responses ? ” , authored by Adrian Grigore at Stack Exchange, which is licensed in a way that permits reuse under the Creative Commons Attribution-ShareAlike 3.0 Unported License, but not under the GFDL. All relevant terms must be followed.

reference :
Category : Website hosting

Leave a Reply

Your email address will not be published.