HTTP Basics (vi)
Vi. HTTP Header
1. HTTP Request message: Consists of methods, URIs, HTTP versions, HTTP header fields, and so on. HTTP response messages are made up of HTTP versions, status codes, and HTTP header fields. The HTTP header field is used primarily for the delivery of additional information (e.g., message body size, language used, authentication information, etc.).
2. HTTP header field typeGeneral header field: The header used by both the request message and the response message. Request Header field: The header to use when sending request messages from the client to the server side. Response Header field (Response header fields): The header to use when returning a response message from the server side to the client. Entity header field: The header used for the entity portion of the request message and response message. The http/1.1 header field describes the previous
3, the HTTP header field classification:(1) End-to-end header (end-to-end header) The header in this category is forwarded to the final acceptance target for the request/response, and must be saved in the response generated by the cache, in addition to the requirement that it must be forwarded. (2) Skip header (hop-by-hop header) The header in this category is only valid for single-pass forwarding, and will not be forwarded by the cache or proxy. There are 8 fields that belong to the hop header, respectively:
4. http/1.1 General header Field(1)
Cache-controlThis field is used to manipulate the behavior of the cache. The parameters of the directive are optional, separated by "," between multiple instructions. Cache Request directives:
| Instructions |
Parameters |
Description |
| No-cache |
No |
Force re-authentication to the source server |
| No-store |
No |
Do not cache any content for requests or responses |
| Max-age = [sec] |
Necessary |
Accept a response that has expired |
| Max-stale = [sec] |
can be omitted |
Accept a response that has expired |
| Min-fresh = [sec] |
Necessary |
Expect the response to remain in effect for a specified period of time |
| No-transform |
No |
Agent cannot change media type |
| Only-if-cached |
No |
Getting resources from the cache |
| Cache-extrension |
- |
New directive token (token) |
Cache response Directives
| Instructions |
Parameters |
Description |
| Public |
No |
A cache that can provide responses to any party |
| Private |
can be omitted |
Return a response only to a specific user |
| No-cache |
can be omitted |
The validity of the cache must be confirmed before |
| No-store |
No |
Do not cache any content for requests or responses |
| No-transform |
No |
Agent cannot change media type |
| Must-revaildate |
No |
Cacheable but must be confirmed to the source server again |
| Proxy-revalidate |
No |
Requires the intermediate Swap cache server to confirm the response validity of the cache |
| Max-age = [sec] |
Necessary |
Response Maximum Age value |
| S-maxage = [sec] |
Necessary |
Maximum age value for public cache server response |
| Cache-extension |
- |
New directive token (token) |
(2)
ConnectionFunction: Controls the header fields that are no longer forwarded to the agent;
| Instructions |
Parameters |
Description |
| Header field names that are not forwarded |
No |
Control header fields that are no longer forwarded to the agent |
| Close |
No |
Client disconnects from server side |
| Keep-alive |
No |
Maintain a persistent connection on an older version of the HTTP protocol |
(3)
DateFunction: Indicates the date and time when the HTTP message was created (4)
PragmaThis is a historical legacy field of a previous version of http/1.1, defined only as backward compatibility with http/1.0: Pragma:no-cache (5)
TrailerFunction: Specify which header fields are recorded after the body of the message in advance. (6)
transfer-encodingFunction: Specifies the encoding method to be used when transmitting the message body http/1.1 transmission encoding method is only valid for chunked transmission encoding (7)
UpgradeRole: Used to detect whether the HTTP protocol and other protocols can communicate using a higher version. Additional Connection:upgrade (8) are required when using Upgrade
ViaFunction: tracks the transmission path of the request and response messages between the client and the server. The Via header is used with the regular round trace method. (9)
WarningRole: Notifies the user of some cache-related issues. Warning Header format: warning:[warning code] [warning Host: Port number] "[Warning content]" ([datetime])
| Warning Code |
Warning Content |
Description |
| 110 |
Response is stale (response expired) |
The agent returns an expired resource |
| 111 |
Revalidation failed (re-authentication failed) |
Agent re-verifies resource validity failure (reasons such as Server unreachable) |
| 112 |
Disconnection operation (disconnected operation) |
Agent and Internet connection were deliberately cut off |
| 113 |
Heuristic expiration (tentative expiration) |
The response has a trial period of more than 24 hours (the valid cache is set to a time greater than 24 hours) |
| 199 |
Miscellaneous warning (Miscellaneous warning) |
Any warning content |
| 214 |
Transformation applied (conversion used) |
Agent performs certain processing on content encoding or media type, etc. |
| 299 |
Miscellaneous persistent Warning (persistent miscellaneous warning) |
Any warning content |
5. request header Field(0), Concept: The Request header field is the field used to relax request messages from the Client network server side, to supplement the requested additional information, client information, the priority related to the response content, and so on. (1)
AcceptRole: Notifies the server of the relative priority of the media type and the media type that the user can handle. When the server provides multiple content, the media type with the highest weight value is returned first. (2)
Accept-charsetRole: Notifies the server user agent of the relative precedence of the character set and character set that are supported. Multiple character sets can be specified at once. (3)
accept-encodingRole: Informs the server user agent of the content encoding and priority order of the content encoding supported. (4)
Accept-languageRole: Informs the server user agent of the natural language set that can be proxied, and the relative precedence of natural language sets. You can specify more than one natural language set at a time. (5)
anthorizationRole: Inform the server, user agent authentication information (certificate value) (6)
ExpectRole: Notifies the server of a particular behavior that is expected to occur. If the server is unable to understand the client's expectation to respond and an error occurs, a status code of 417Expectation Failed (7) is returned.
fromRole: Notifies the server of the e-mail address of the user who is using the user agent. (8)
HostRole: Notifies the server of the Internet host name and port number where the requested resource is located. (9)
If-match (conditional request)Role: After the server receives the attached request, the request is executed only if the specified condition is true. Returns a response of 412Precondition failed if inconsistent. (10)
if-modified-sinceRole: Informs the server that if the If-modified-since field value is earlier than the resource's update time, you want to be able to process the request. Returns a 304Not Modified response if the resource is not updated in the time after the If-modified-since field value. (11)
If-none-matchThe If-match function is the opposite of the header field. (12)
If-rangeFunction: tells the server to process as a range request if the specified If-range field value matches the ETag value or time of the requested resource. Otherwise, all resources are returned. If-unmodified-since effect is opposite to if-modified-since. (14)
Max-forwardsFunction: Specifies the maximum number of servers that can be passed in decimal integers. Before the server forwards the request to the next server, the Max-forwards is re-assigned only after minus 1. When the Max-forwards value is 0 o'clock, it is no longer forwarded, but the response is returned directly. (15)
proxy-authorizationRole: Inform the server of the information required for authentication. (16)
RangeRole: This field informs the specified range of server resources for a range request that requires only a partial resource. (17)
RefererFunction: Tells the URI of the original resource requested by the server. (18)
TEFunction: Tells the server client how to handle the transmission encoding and relative priority of the response. (19)
user-agentRole: Communicates information such as the browser that created the request and the name of the user agent to the server.
6. response Header Field(0) Concept: The field that is used in the response message is returned by the server side to the client, additional information to supplement the response, server information, and additional requirements for the client. (1)
accept-rangesRole: Tells the client server whether the scope request can be processed to specify a resource to get a portion of the server. (2)
AgeRole: Tells the client how long ago the source server created the response. Unit is seconds. (3)
ETagFunction: Informs the client entity of the indicator. is a way for a resource to be uniquely identified as a string. The server assigns a corresponding ETag value for each resource. The ETag value also needs to be updated when the resource is updated. (4)
LocationRole: Directs the appropriate receiver to a resource that is different from the request URI location. (5)
proxy-authenticateRole: The authentication information required by the proxy server is sent to the client. (6)
Retry-afterRole: Tells the client how long it should send the request again. (7)
ServerRole: Informs the client about the HTTP server application installed on the current server. (8)
VaryRole: Control the cache. (9)
www-authenticateRole: Used for HTTP access authentication. Informs the client that the authentication scheme (basic/digest) and the Challenge (Challenge) with the parameter hint are specified for the access request URI
7. entity header Field(0) Concept: Contains the header used in the entity part of the request message and the response message, which is used to supplement the update time of the content and other entity-related information. (1)
content-encodingRole: Informs the client server about the content encoding used by the body part of the entity. Content encoding: Refers to the compression that is performed without losing the entity information. (2)
Content-languageFunction: Informs the client that the entity body uses the natural language. (3)
Content-lengthFunction: Indicates the size of the entity body part, in bytes. You can no longer use content-length when you transfer content encoding to an entity principal. (4)
content-locationFunction: gives the URI corresponding to the body part of the message. (5)
CONTENT-MD5Function: Check whether the message body is complete in the transfer process, and confirm the transmission arrives. (6)
Content-rangeFunction: tells the client which part of the entity returned as the corresponding return is eligible for the scope request. The unit is in bytes. (7)
Content-typeRole: Describes the media type of the object within the entity body. (8)
ExpiresRole: A date that informs the client that the resource is invalid. (9)
last-modifiedRole: Indicates the time when the resource was eventually modified.
8. The first field for the cookie service(0) Concept: Cookie that manages state between server and client (1) Set-cookieset-cookie Field Properties
| Property |
Description |
| Name=value |
Give the cookie a name and its value (required) |
| Expires=date |
The expiration date of the cookie (default to the browser if it is not explicitly specified) |
| Path=path |
Use the file directory on the server as the applicable object for the cookie (default to the file directory where the document is located, if not specified) |
| domain= Domain Name |
The domain name of the object to which the cookie applies (default is the domain name of the server that created the cookie, if not specified) |
| Secure |
Cookies are sent only on HTTPS secure communication |
| HttpOnly |
Restricted so that cookies cannot be accessed by JavaScript scripts |
Expires Property Function: Specifies the validity period of the cookie that the browser can send. Path property: The file directory that is used to limit the sending range of the specified cookie. Domain property: The name specified through the domain property is consistent with the end match. The secure attribute acts to restrict Web pages to send Cookiehttponly properties only when a Htttps secure connection is used: To make JavaScript scripts unable to obtain cookies in order to prevent cross-site scripting attacks (cross-site SCRIOTING,XSS) information theft of cookies.
9. Other header fields(1)
x-frame-optionsRole: Used to control the display of site content within the frame tag of other Web sites. There are two field values that can be specified in this field: Deny (Deny), Sameorigin (license only for pages matching under homologous domain name) (2)
x-xss-protectionRole: This is a countermeasure for cross-site scripting attacks that control the browser's XSS protection mechanism switch. Field values are divided into: 0 (setting XSS filtering to an invalid state), 1 (setting XSS filtering to a valid state) (3)
DNT ( don't track)Role: The refusal of personal information to be collected is a means of refusing to be tracked by a precise ad. Field values are divided into: 0 (consent to be traced), 1 (refusal to be traced) (4)
P3P (The Platform for Privacy Preferences, online Privacy preferences platform)Role: can make personal privacy into a form that is only understandable to the program, in order to achieve the purpose of protecting the user's privacy.
HTTP Basics (vi)
