6.1HTTP message Header
1. HTTP protocol request and Response messages must contain HTTP header
The HTTP header must be included in the request and response messages of the Protocol, and the first content is the information provided by the client and the server to handle requests and responses respectively.
HTTP请求报文
: In the request, the HTTP message is made up of methods, URIs, HTTP versions, HTTP header fields, and so on.
HTTP响应报文
: In the response, the HTTP message consists of the HTTP version, the status code (number and reason phrase), and the HTTP header field 3.
6.2 HTTP Header Field
1, the request and response will use the header field, the first field is used to provide the browser and server message body size, the language used, authentication information and so on.
2. HTTP header field structure: Consists of the first field name and the value of the field, separated by the colon ":" in the middle. such as Content-Type:text/html
,Keep-Alive:timeout=15,max=100
3, 4 types of HTTP header fields
通用首部字段(General Header Fields)
: The header used for both the request message and the response message
请求首部字段(Request Header Fields)
: The header used when sending request messages from the client to the server. Supplemental content, client information, response content-related priority information added to the request
响应首部字段(Response Header Fields)
: The header to use when returning a response message from the server side to the client. Additional content is added to the response, and additional information is requested from the client
实体首部字段(Entity Header Fields)
: The header is used for the entity portion of the request message and response message. Additional entity-related information, such as resource content update time
4. end-to-end Header and Hop-by-hop header
The "End-to-end" sub-header in this class forwards the final receive target for the request/response, and must be stored in the response generated by the cache, in addition to the requirement that it must be forwarded.
The "Hop-by-hop" sub-header in this class is only valid for single-pass forwarding, which is not forwarded by the cache or proxy. In HTTP1.1 and later versions to use Hop-by-hop, you need to use the Connection header field.
The following 8 are the header fields
6.3http1.1 General Header Field
The generic header field refers to the header used by both the request message and the response message.
Field |
function |
Cache-control |
By specifying the instruction of the first Cache-control, you can manipulate the caching mechanism. such as No-cache,public, etc. |
Connection |
There are two main functions that control the header fields that are no longer forwarded to the agent, and manage persistent connections |
Data |
Header field data indicates the creation of HTTP messages and dates |
pragma |
Compatible with versions prior to http1.1 |
Trailer |
The first field, Trauker, indicates which header fields are recorded after the body of the message and can be applied when the HTTP1.1 version is encoded in block transfer. |
Tranfer-encoding |
Specifies the encoding method used when transmitting the message body |
Upgrade |
Used to detect whether HTTP protocols and other protocols can communicate using a later version |
Via |
Track the transmission of request response and response messages between the client and server. You can also avoid the occurrence of a request loopback. |
Warning |
Warn the user of some cache-related issues |
6.4 Request Header Field
The Request header field is the field used in sending request messages from the client to the server to supplement the requested additional information, the client information, the priority related to the response content, and so on.
Field |
function |
Accept |
Informs the server that the user agent is able to handle the media type and media type priority. You can use this form of Type/subtype to specify multiple media types at once |
Accept-charset |
Informs the server user agent of the supported character sets and the relative precedence of the character set |
Accept-encoding |
Informs the server user agent of the content encoding supported and the priority order of content encoding (such as gzip, COMPRESSS, etc.) |
Accept-language |
Informs the server user agent of the natural language set and the relative precedence of natural language sets that can be handled |
Authorization |
Informs the server that the authentication information of the user agent (certificate value) |
Expect |
Notifies the server that a specific behavior is expected (error will return status code 417 because the server cannot understand the client's expectations) |
From |
Notifies the server user of the user's e-mail address of the agent. |
Host |
Notifies the server of the Internet hostname and port number where the requested resource is located. The Host header field is the only header information within the HTTP1.1 specification that must be included within the request. The first field host is closely related to the working mechanism of a virtual host that assigns multiple domain names to a single server, which is the meaning of the first field host presence |
If-match |
A conditional request that belongs to If-xxx, and the request is executed only if the server has received a conditional request and is judged to be true. |
If-modified-since |
Notifies the server that the If-modified-since field value is earlier than the update time of the resource, expects to be able to process the request, and returns a status code of 304Not if the requested resource has not been updated after the date of the specified If-modified-since field value Response of Modified |
If-none-match |
In contrast to If-match, the server request is only notified when the field value specified by If-none-match is inconsistent with the ETag (entity tag) of the requesting resource |
If-range |
Notifies the server that if the specified If-range field value is the same as the ETag value of the requested resource or time, it is processed as a range request, whereas the resource is returned. |
If-unmodified-since |
Notifies the server that the requested resource can process the request only after the date time specified in the field value has not been updated, and if an update occurs, the response is treated as 412Precoditrion failed |
Max-forwards |
Send contains the header field by using the Trace or option method, which specifies the maximum number of servers that can be passed in decimal integers. Before the server forwards the request to the next server, the field is reduced by one, and when 0 is no longer forwarded, it returns the response directly |
Proxy-authorization |
When a authentication challenge is received from a proxy server, the client sends a request containing the header field proxy-authorization to inform the server of the information required for authentication |
Range |
For a range request that only needs to get a partial resource, the header field range is included to inform the server of the specified range of resources. When the request is received, a response with a status code of 206PartialContent is returned after the request is processed, and the response and all resources of the status code 200OK are returned when the request cannot be processed. |
Referer |
URI that tells the server to request the original resource |
TE |
Tells the server client how to handle the transmission encoding and relative priority of the response |
Uesr-agent |
Information such as the browser and user agent name that created the request is passed to the browser |
6.5 Response Header Field
The first field is the field used by the server to return the response message to the client, additional information to supplement the response, server information, and additional requirements for the client.
Field |
function |
Accept-ranges |
Tells the client server whether the processing party is a request to specify a resource for a portion of the server that can be processed when the scope request is bytes, and vice versa specifies that it is none |
Age |
Tells the client how long ago the source server created the response. The unit value of the field is in seconds. If the server that created the response is a cache server, the age value refers to the value of the cache after the response is re-initiated for authentication to completion time, and the agent must add the header field when creating the response. |
Etag |
Informs the client entity identity. It is a way to uniquely identify a resource as a string. The server assigns a corresponding ETag value for each resource. (Strong etag, no matter how subtle changes in the entity will change the value, the weak etag is only used to indicate whether the resource hi is the same) |
Location |
The response receiver can be booted to a resource that differs from the request URI location. Typically mates with 3xx, providing a redirected URI. |
Proxy-authenticate |
This field sends the authentication information required by the proxy server to the client. |
Retry-after |
Tells the client how long it should send the request again. Use the main mate status Code 503 Service unavailable or 3xxRedirect response |
Server |
Informs the client about the HTTP server application installed on the current server, as well as the version number and optional options that are enabled at the time of installation |
Vary |
The field can control the cache. The source server communicates a command to the proxy server about the local cache usage method |
Www-authenticate |
For HTTP access authentication |
6.6 Entity Header Field
The
Entity header field is the header used in the entity portion of the request message and response message, and is used to supplement the information related to entity information such as the update time of the content.
field |
role |
allow |
to notify Guest The client can support Request-uri to specify all HTTP methods for the resource. When the server receives an unsupported HTTP method, it returns |
content-encoding |
with the status code 405 method not allowed as a response to the client server to the entity's The main part chooses the content encoding method. Content encoding refers to compression that is performed without losing entity information. There are 4 main ways to gzip, compress, deflate, identity |
content-language |
Tell the client that the entity body uses the natural language | /tr>
content-length |
indicates the small size (in bytes) of the entity body part |
content-loacation | The
gives the URI corresponding to the body part of the message |
The
content-md5 |
is a string of values generated by the MD5 algorithm, which is designed to check that the message body remains intact during transmission and that the transmission arrives. |
content-range |
tells the client which part of the entity returned as a response conforms to the scope request. In bytes |
content-type |
Description Media type of objects within entity body |
Expires | td> Notify client resource expiration date
last-modified |
indicates resource final modification time |
6.7 Header field for cookie service
1, 机制
: The working mechanism of cookies is user identification and state management. Web sites in order to manage user status, some data is temporarily written to the user's computer via a Web browser. Then, when a user accesses a Web site, they can then retrieve the previously sent cookie by means of a communication
2. 类型
:
Field |
function |
Header Type |
Set-cookie |
Start the cookie information used by state management |
Response Header Field |
Cookies |
Cookie information received by the server |
Request Header Field |
3, Set-cookie
When the server is ready to start managing the state of the client, a variety of information is notified beforehand
4. Cookies
The first field cookie informs the server that when the client wants to get HTTP status management support, it will include the cookie received from the server in the request package. When you receive multiple cookies, you can also send them as multiple cookies
6.8 Other header fields
HTTP header fields are self-expandable, so various nonstandard header fields appear on Web server and browser applications
Field |
function |
X-frame-option |
is the HTTP response header that controls the display of site content on the frame label of other Web sites, primarily to prevent click Hijacking (clickjacking) attacks |
x-xss-protected |
belongs to the HTTP response header, a strategy for cross-site scripting attacks (XSS) that controls browser XSS protection switches |
Dnt |
is the HTTP request header, is the short name of Do no track, meaning that the refusal of personal information is collected, is a way to express the accurate advertising tracking |
P3p |
The HTTP response header, using P3P (the Platform for Priavcy Preferences, online privacy preference platform) technology, can make personal privacy on Web sites a form that is only understandable to the user for the purpose of protecting users ' privacy |
Diagram HTTP Reading Notes _ Sixth HTTP header