Diagram HTTP Reading Notes _ Sixth HTTP header

Source: Internet
Author: User

6.1HTTP message Header

1. HTTP protocol request and Response messages must contain HTTP header

The HTTP header must be included in the request and response messages of the Protocol, and the first content is the information provided by the client and the server to handle requests and responses respectively.

HTTP请求报文: In the request, the HTTP message is made up of methods, URIs, HTTP versions, HTTP header fields, and so on.

HTTP响应报文: In the response, the HTTP message consists of the HTTP version, the status code (number and reason phrase), and the HTTP header field 3.

6.2 HTTP Header Field

1, the request and response will use the header field, the first field is used to provide the browser and server message body size, the language used, authentication information and so on.

2. HTTP header field structure: Consists of the first field name and the value of the field, separated by the colon ":" in the middle. such as Content-Type:text/html ,Keep-Alive:timeout=15,max=100

3, 4 types of HTTP header fields

通用首部字段(General Header Fields): The header used for both the request message and the response message

请求首部字段(Request Header Fields): The header used when sending request messages from the client to the server. Supplemental content, client information, response content-related priority information added to the request

响应首部字段(Response Header Fields): The header to use when returning a response message from the server side to the client. Additional content is added to the response, and additional information is requested from the client

实体首部字段(Entity Header Fields): The header is used for the entity portion of the request message and response message. Additional entity-related information, such as resource content update time

4. end-to-end Header and Hop-by-hop header

The "End-to-end" sub-header in this class forwards the final receive target for the request/response, and must be stored in the response generated by the cache, in addition to the requirement that it must be forwarded.

The "Hop-by-hop" sub-header in this class is only valid for single-pass forwarding, which is not forwarded by the cache or proxy. In HTTP1.1 and later versions to use Hop-by-hop, you need to use the Connection header field.
The following 8 are the header fields

6.3http1.1 General Header Field

The generic header field refers to the header used by both the request message and the response message.

Field function
Cache-control By specifying the instruction of the first Cache-control, you can manipulate the caching mechanism. such as No-cache,public, etc.
Connection There are two main functions that control the header fields that are no longer forwarded to the agent, and manage persistent connections
Data Header field data indicates the creation of HTTP messages and dates
pragma Compatible with versions prior to http1.1
Trailer The first field, Trauker, indicates which header fields are recorded after the body of the message and can be applied when the HTTP1.1 version is encoded in block transfer.
Tranfer-encoding Specifies the encoding method used when transmitting the message body
Upgrade Used to detect whether HTTP protocols and other protocols can communicate using a later version
Via Track the transmission of request response and response messages between the client and server. You can also avoid the occurrence of a request loopback.
Warning Warn the user of some cache-related issues
6.4 Request Header Field

The Request header field is the field used in sending request messages from the client to the server to supplement the requested additional information, the client information, the priority related to the response content, and so on.

Field function
Accept Informs the server that the user agent is able to handle the media type and media type priority. You can use this form of Type/subtype to specify multiple media types at once
Accept-charset Informs the server user agent of the supported character sets and the relative precedence of the character set
Accept-encoding Informs the server user agent of the content encoding supported and the priority order of content encoding (such as gzip, COMPRESSS, etc.)
Accept-language Informs the server user agent of the natural language set and the relative precedence of natural language sets that can be handled
Authorization Informs the server that the authentication information of the user agent (certificate value)
Expect Notifies the server that a specific behavior is expected (error will return status code 417 because the server cannot understand the client's expectations)
From Notifies the server user of the user's e-mail address of the agent.
Host Notifies the server of the Internet hostname and port number where the requested resource is located. The Host header field is the only header information within the HTTP1.1 specification that must be included within the request. The first field host is closely related to the working mechanism of a virtual host that assigns multiple domain names to a single server, which is the meaning of the first field host presence
If-match A conditional request that belongs to If-xxx, and the request is executed only if the server has received a conditional request and is judged to be true.
If-modified-since Notifies the server that the If-modified-since field value is earlier than the update time of the resource, expects to be able to process the request, and returns a status code of 304Not if the requested resource has not been updated after the date of the specified If-modified-since field value Response of Modified
If-none-match In contrast to If-match, the server request is only notified when the field value specified by If-none-match is inconsistent with the ETag (entity tag) of the requesting resource
If-range Notifies the server that if the specified If-range field value is the same as the ETag value of the requested resource or time, it is processed as a range request, whereas the resource is returned.
If-unmodified-since Notifies the server that the requested resource can process the request only after the date time specified in the field value has not been updated, and if an update occurs, the response is treated as 412Precoditrion failed
Max-forwards Send contains the header field by using the Trace or option method, which specifies the maximum number of servers that can be passed in decimal integers. Before the server forwards the request to the next server, the field is reduced by one, and when 0 is no longer forwarded, it returns the response directly
Proxy-authorization When a authentication challenge is received from a proxy server, the client sends a request containing the header field proxy-authorization to inform the server of the information required for authentication
Range For a range request that only needs to get a partial resource, the header field range is included to inform the server of the specified range of resources. When the request is received, a response with a status code of 206PartialContent is returned after the request is processed, and the response and all resources of the status code 200OK are returned when the request cannot be processed.
Referer URI that tells the server to request the original resource
TE Tells the server client how to handle the transmission encoding and relative priority of the response
Uesr-agent Information such as the browser and user agent name that created the request is passed to the browser
6.5 Response Header Field

The first field is the field used by the server to return the response message to the client, additional information to supplement the response, server information, and additional requirements for the client.

Field function
Accept-ranges Tells the client server whether the processing party is a request to specify a resource for a portion of the server that can be processed when the scope request is bytes, and vice versa specifies that it is none
Age Tells the client how long ago the source server created the response. The unit value of the field is in seconds. If the server that created the response is a cache server, the age value refers to the value of the cache after the response is re-initiated for authentication to completion time, and the agent must add the header field when creating the response.
Etag Informs the client entity identity. It is a way to uniquely identify a resource as a string. The server assigns a corresponding ETag value for each resource. (Strong etag, no matter how subtle changes in the entity will change the value, the weak etag is only used to indicate whether the resource hi is the same)
Location The response receiver can be booted to a resource that differs from the request URI location. Typically mates with 3xx, providing a redirected URI.
Proxy-authenticate This field sends the authentication information required by the proxy server to the client.
Retry-after Tells the client how long it should send the request again. Use the main mate status Code 503 Service unavailable or 3xxRedirect response
Server Informs the client about the HTTP server application installed on the current server, as well as the version number and optional options that are enabled at the time of installation
Vary The field can control the cache. The source server communicates a command to the proxy server about the local cache usage method
Www-authenticate For HTTP access authentication
6.6 Entity Header Field

The

Entity header field is the header used in the entity portion of the request message and response message, and is used to supplement the information related to entity information such as the update time of the content.

/tr> The The td> Notify client resource expiration date
field role
allow to notify Guest The client can support Request-uri to specify all HTTP methods for the resource. When the server receives an unsupported HTTP method, it returns
content-encoding with the status code 405 method not allowed as a response to the client server to the entity's The main part chooses the content encoding method. Content encoding refers to compression that is performed without losing entity information. There are 4 main ways to gzip, compress, deflate, identity
content-language Tell the client that the entity body uses the natural language
content-length indicates the small size (in bytes) of the entity body part
content-loacation gives the URI corresponding to the body part of the message
content-md5 is a string of values generated by the MD5 algorithm, which is designed to check that the message body remains intact during transmission and that the transmission arrives.
content-range tells the client which part of the entity returned as a response conforms to the scope request. In bytes
content-type Description Media type of objects within entity body
Expires
last-modified indicates resource final modification time
6.7 Header field for cookie service

1, 机制 : The working mechanism of cookies is user identification and state management. Web sites in order to manage user status, some data is temporarily written to the user's computer via a Web browser. Then, when a user accesses a Web site, they can then retrieve the previously sent cookie by means of a communication

2. 类型 :

Field function Header Type
Set-cookie Start the cookie information used by state management Response Header Field
Cookies Cookie information received by the server Request Header Field

3, Set-cookie

When the server is ready to start managing the state of the client, a variety of information is notified beforehand

4. Cookies

The first field cookie informs the server that when the client wants to get HTTP status management support, it will include the cookie received from the server in the request package. When you receive multiple cookies, you can also send them as multiple cookies

6.8 Other header fields

HTTP header fields are self-expandable, so various nonstandard header fields appear on Web server and browser applications

Field function
X-frame-option is the HTTP response header that controls the display of site content on the frame label of other Web sites, primarily to prevent click Hijacking (clickjacking) attacks
x-xss-protected belongs to the HTTP response header, a strategy for cross-site scripting attacks (XSS) that controls browser XSS protection switches
Dnt is the HTTP request header, is the short name of Do no track, meaning that the refusal of personal information is collected, is a way to express the accurate advertising tracking
P3p The HTTP response header, using P3P (the Platform for Priavcy Preferences, online privacy preference platform) technology, can make personal privacy on Web sites a form that is only understandable to the user for the purpose of protecting users ' privacy

Diagram HTTP Reading Notes _ Sixth HTTP header

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.