Learn the structure of the HTTP header and the usage of the fields in the header.
HTTP header Field
The header field is used to provide the browser and server with content such as message body size, language used, authentication information, and so on.
The header field corresponds to a single HTTP header that can have multiple values. If the header field repeats, according to the browser logic, some of the first one, and some with the last appear prevail.
4 Types of header fields
- Universal Header Field (General header fields)
- Requested header field (Request header fields)
- Response Header field (Response header fields)
- Entity header field: The header used for the entity portion of the request message and the response message, supplementing the resource content update time with the entity-related information.
Header Field List
In the HTTP communication process, not limited to the fields in the following specifications, there are, Cookie Set-Cookie , and so on Content-Disposition .
end-to-end Header and Hop-by-hop header
The HTTP header field is divided into 2 types depending on the behavior of the cache proxy and the non-cache proxy (also available as generic, request, Response, Entity header fields):
End-to-end header (end-to-end header)
The header in this category is forwarded to the final receive target for the request/response and must be saved in the response generated by the cache, which must be relayed.
Skip Header (Hop-by-hop header)
The header in this category is only valid for single-pass forwarding, which is not forwarded by the cache or proxy. You must provide the Connnection field to use the Hop-by-hop header. They have (except these are all end-to-end headers):
Connection, Keep-alive, Proxy-authenticate, Proxy-authorization, Trailer, TE, transfer-encoding, Upgrade
General header fields:
Cache-control: With this command, the caching mechanism can be manipulated, and the parameters are multi-selected, , delimited.
Indicates whether the command can be cached:
Cache-Control:public, indicating that other users can also take advantage of the cache
Cache-Control:private, only a specific user is cached, and the cache server provides a resource-cached service for that particular user.
no-cacheInstructions:
When requested, the client will not receive a cached response, and the cache server must be forwarded to the source server.
When the response is used, it means that the cache server cannot cache the resource, and the source server does not acknowledge the resource validity that is raised in the cache server request and prevents it from caching the response resource.
Control instructions no-store for executable cache objects
no-storeThe directive implies that the request (and the corresponding response) contains confidential information, so that the cache cannot store any part of the request or response locally.
Specify the cache age and authentication instructions
max-age=60(秒):
When the request is used, it determines the cache time of the cache resource, caches the cache, and forwards the cache server to the source server.
When the response is used, the cache server does not reconfirm the validity of the resource, which represents the resource's valid time.s-maxage=60(秒): Features and Max-age directives are the same, but s-maxage only for public cache servers that are used by multiple users. That is, the server that repeatedly returns a response to the same user does not work. s-maxageafter use, Expires and max-age will be ignored.min-refresh=60(秒): Requires the cache server to return a cache resource that has not been at least a specified time.max-stale=60(秒): Indicates that the cache resource will still be received by the client, even if it expires, but remains within the specified time of the instruction. If no specific value is specified, the cache resource is always valid.only-if-cached: Requires the cache server not to reload the response, nor to confirm the validity of the resource, to return directly. If the cache server does not have the cache, 504 is returned.must-revalidate: The agent will again verify to the source server that the response cache that is about to be returned is still valid. Returns 504 If the agent cannot connect to the source server. must-revalidatedirectives are ignored when used max-stale .
If the cache is stale, it must be re-validated. Instead of trying to return a cache that is not in the freshness period. The difference between No-cache and No-cache is that it completely ignores the concept of freshness. Always force re-validation. Theoretically, must-revalidate is more efficient, But compared to No-cache, it may not always be accurate. Because even if the cache is considered fresh, there is no guarantee that the server side has not been updated. If the cache is a cache proxy server and cannot connect to the original server if it tries to re-authenticate, it is also not allowed to return a stale, The replica in the cache. Instead, a 504 Gateway timeout must be returned.proxy-revalidate: The limit is similar to must-revalidate. The difference is in the scope of the receptor. proxy-revalidate is to exclude the user agent (browser) cache. That is, its rules do not apply to the local cache of the user agent.no-transform: The cache cannot change the media type of the entity principal, either in the request or in the response, and can prevent operations such as caching or proxy compression of pictures.cache-extension: With this directive tag, you can extend the instructions in the Cache-control header field.
Connection:
Two functions:
- Control header fields that are no longer forwarded to the agent
Within the response that the client sends the request and the server returns, use the Connection header field to control the header field (Hop-by-hop header) that is no longer forwarded to the agent.
- Managing Persistent connections
Connection:close, Connection:Keep-Alive indicating that the server wants to disconnect or maintain a persistent connection.
Date: Indicates the day and time of the HTTP message
- Pragma: A
Progma:no-cache legacy field that requires the cache server not to return cached resources only in requests sent by the client.
- Trailer: Describes which header fields are recorded after the body of the message. Can be applied when the chunked transfer encoding.
- Transfer-encoding: Specifies the encoding method used when transmitting the message body. Only valid for chunked transfer encoding.
- Upgrade: When using this field, additional designations are required to detect whether a higher version of the communication can be
Connection:Upgrade used, and a completely different communication protocol may be specified.
- Via: The transmission path of the request and response messages between the client and the server can be traced to avoid the sending of the request loopback. When a message passes through an agent or gateway, it is first appended to the server's information in the header field via, and then forwarded.
- Warning: Warns the user of some cache-related issues.
Request Header Field
- Accept: Notifies the server that the user agent can handle the media type and the relative priority of the media type. You can use
type/subtype this form to specify multiple media types at once.
- Accept-charset: Notifies the server user agent of the relative precedence of the character set and character set that are supported. Multiple character sets can be specified at one time.
- Accept-encoding: Informs the server user agent of the priority order of content encoding and content encoding supported. You can specify multiple content encodings at once.
gzip,,, compress deflate , identity .
- Accept-language: Informs the server user agent of the natural language set that can be handled, as well as the priority level. You can specify more than one at a time.
- Authorization:
- Expect: Notifies the server of a specific behavior that is expected to occur. The 417 expectation Failed is returned when an error occurs because the server is unable to understand the client's expectations to respond.
- From: The e-mail address of the user who told the server to use the user agent.
Host: The virtual host is running on the same IP, using host to differentiate. The header field that must be included in the request.
The request header, such as if-xxx, can be a conditional request. After the server receives the attached request, the request is executed only if the specified condition is determined to be true.
- If-match: It tells the server to match the entity tag (ETAG) value used by the resource, at which point the server cannot use the weak ETag value. The server compares the field value of the If-match with the ETag value of the resource, executes the request only if both are consistent, and returns 412 precondition Failed. You can use
* the specified If-match value, and the server ignores the ETag value and processes the request as long as the resource exists.
- If-none-match: Contrary to the if-match effect. The request can be processed only if the If-none-match value is inconsistent with the ETag value.
- If-modified-since: The server updates the resource after the If-modified-since value, processes the request, or returns 304 not Modified if it has not been updated. Used to confirm the validity of local resources owned by the agent or client.
- If-range: Notifies the server that the specified If-range value (etag value or time) is consistent with the ETag value or time of the requested resource, and the resource is returned as a range request. Common with the range request header.
- If-unmodified-since: The opposite of if-modified-since. The requested resource specified cannot process the request until the date time specified within the field value has not been updated. Conversely, return 412 precondition Failed.
Max-forwards: When sending a max-forwards request containing the header field via the trace or options method, the decimal integer, once per forwarding, with a value of 0 minus one, is no longer forwarded and returns the response directly.
- Proxy-authorization: When a authentication challenge is received from a proxy server, the client uses the header to inform the server of the information required for authentication.
- Range: Gets the range request for a partial resource. When successfully processed, returns the 206 Partial content response, which returns a $ OK when unable to process.
- Referer: Tells the URI of the original resource requested by the server.
- TE: Tells the server that the client can handle the transmission encoding and relative priority. is similar to the accept-encoding function, but is used for transmission encoding.
You can also specify the chunked transfer encoding that accompanies the trailer field, which you only need TE:trailers to indicate.
- User-agent: Information such as the browser and user agent name that created the request is communicated to the server.
Response Header Field
- accept-ranges: Used to tell the client server whether the scope request can be processed to specify a resource to get a portion of the server. Two values:
accept-ranges:bytes and accept-ranges:none .
- Age: The unit is seconds. Indicates how long ago the source server created the response, and if it is a cache server, the cached response is again initiated to authenticate to the time value of the authentication completion. The response created by the agent must be prefixed with age. The
- Etag:etag can tell the client entity identity. It is a way for a resource to be uniquely identified as a string, and the server assigns a corresponding ETag value for each resource.
Strong ETag value: Minor changes to an entity change its value
weak ETag value: only to prompt for the same resource, only if a fundamental change, the ETag value will change, will be appended to the beginning of the field value W/.
- Location: Directs the response receiver to a resource that is different from the request URI. Basically it will be used with the 3xx:redirection redirect piece. Almost all browsers, after receiving a location response, are forced to attempt access to the redirected resources that have been prompted.
- proxy-authenticate: Sends the authentication information required by the proxy server to the client.
- Retry-after: Tells the client how long after the request should be sent again, primarily with 503 Service unavalible or 3xx redirection. Field values can specify a specific datetime, or the number of seconds after a response is created.
- Server: Tells the client about the HTTP server application that is installed on the current server, including the software app name, possible version number, and options that are enabled at the time of installation.
- Vary: The header can control the cache. The source server communicates a command to the proxy server about how the local cache is used. After the
receives the response from the proxy server that the source server returned contains the vary specified item, only the cache of the same vary header is returned when the request is received again, and the other must be retrieved from the source server.
- www-authenticate: For HTTP access authentication. Informs the client of the authentication scheme and the challenge with parameter hints that are applicable to the resource specified by the access request URI. The status Code 401 unauthorized response, there must be this header field.
Entity Header Field
The Entity header field is the header used in the entity portion of the request message and response message, and is used to supplement the entity-related information such as the update time of the content.
entity: The payload data is transmitted as a request or response, and its contents consist of the entity header and the entity body.
- Allow:
All HTTP methods used to inform the client of the ability to support Request-uir specified resources. When the server receives an unsupported HTTP method, it returns a status code 405 method not allowed, and all the supported HTTP methods are written to the header field allow.
- Content-encoding:
Tells the client server how to encode the content of the body of the entity.
- Content-language:
Informs the client that the entity body uses the natural language.
- Content-length:
Indicates the size (in bytes) of the entity body part. You can no longer use the Content-length header field when you transfer content encoding to an entity principal.
- Content-location:
A URI corresponding to the body part of the message is given, which indicates the URI of the returned resource.
- CONTENT-MD5:
is a string of values generated by the MD5 algorithm, which is designed to check whether the message body remains intact during transmission, and to confirm that the transmission arrives.
- Content-range:
Content-Range:bytes5001-10000/10000
Tells the client which part of the entity returned as a response conforms to the scope request. In bytes, which represents the current sending part and the entire entity size.
- Content-type:
Describes the media type of an object within an entity body.
- Expires:
The date on which the resource expires is communicated to the client.
After the cache server receives a response that contains the header field expires, the cache responds to the request, which is valid until the Expires field value is specified for the time. Exceeding yes, resources are requested from the source server.
When the source server does not want the cache server to cache the resource, it writes the same time value in the Expries field as the header field date.
When Cache-control specifies the max-age directive, it is handled with limited processing.
- Last-modified
Indicates when the resource was last modified.
the header field for the cookie service
Reference:
You should understand some of the concepts associated with Web caching.
Diagram http Chapter Sixth: HTTP header
