HTTP request message and Response Message

Source: Internet
Author: User
Tags set cookie

HTTP packets are divided into request messages and response messages ).

I,Packet Components

An HTTP packet consists of three parts:

(1) start line)

(2) Header)

(3) Body)


HTTP/1.0 200 OK // start line Content-Type: text/plain // header Content-Length: 19 // header Hi I'm a message! Subject

1.1 request message and Response Message format

Request Message format:

<method> <request-UTL> <version>

Response Message format:

<version> <status><reason-phrase>

Note that the request message and Response Message are different from the starting line.

The following is a brief description of each part in the format.

1. method get

The action that the client wants the server to perform on the resource. Is a separate word, such as get, Head, or post.

2. request URL

The complete URL of all request resources or URL path components is named. If you directly talk to the server, as long as the URL path component is the absolute path of the resource, there is usually no problem-the server can assume that it is the host/port of the URL.

3. Version: HTTP/1.1

The HTTP Version Used by the message, in the following format:

HTTP/<major>. <minor>

Both the major version number (Major) and minor version number (minor) are integers.

4. Status Code)

These three numbers describe what happens in the request process. The first digit of each status code is used to describe the general category of the status ("success", "error", etc ). 200

5. Reason phrase (reason-phrase)

The Readable version of the numeric Status Code, which contains all text before the row termination sequence. The reason phrase is only for humans. It cannot be explained. The client still uses the status code to determine whether the request/response is successful!

For example, the HTTP/1.0 200 not OK client still processes the request successfully. Because the status code is 200. The reason phrase is just a description, which is useful for custom extension status codes.

6. Header)

There can be zero or multiple headers. Each header contains a name followed by a colon (:), an optional space, a value followed by a CRLF. The header is composedEmpty row(CRLF) indicates the end of the first list and the start of the entity.

7. entity-body)

The entity body contains a data block composed of any data. Not all reports contain the entity. For example, a GET request does not contain entities.

II,Start line

1. Request Line

The starting line of the request message, or the request line. Contains a method and a request URL. This method describes the operations that the server should perform, and the request URL describes the resource to which the method is to be executed. The request line also contains the HTTP Version to tell the server which HTTP Version the client uses. For example:

GET/INFO/123.html HTTP/1.1 // The get URL is/INFO/123.html. the HTTP protocol version is 1.1.

1.1 Method

The following is a list of request message methods.

Whether the method description includes the subject
Get get a document from the server no
Head: only obtain the first part of the document from the server. No
The post sends the data to be processed to the server.
Put stores the Request body on the server
Trace the packets that may be sent to the server by the Proxy Server
Options determines which methods can be executed on the server.
Delete: delete a document from the server. No

1.2 request-URL

Skip this step. You will also know it.

Version 1.3)

The version number appears in the starting line of the request and response message in the form of HTTP/x. y. It provides an HTTP application with a way to notify the other party of the Protocol version it complies. The version number indicates the maximum HTTP Version supported by the application. Note that the version number is not processed as a decimal number. Therefore, when comparing HTTP versions, each number must be compared separately to determine which version is later. For example, HTTP/2.22 is higher than HTTP/2.3 Because 22 is bigger than 3.

1.4 Status Code)

The method is used to tell the server what to do, and the status code is used to tell the client what happened.

The following lists common status codes.

Overall range defined range category
100-199 100-101 message prompt
200-299 200-206 success
300-399 300-305 redirection
400-499 400-415 client Error
500-599 500-505 Server Error

The following describes the most common status codes. 200-OK-success. All data in the request is in the response body. 401-unauthorized (unauthorized)-enter the user name and password. 404-not found (not found)-the server cannot find the resource corresponding to the requested URL.

1.5 cause phrase

The cause phrase is the last component in the response start line. It provides a text explanation for the status code. For example, in HTTP/1.0 200 OK, OK is the reason phrase. The cause phrase and Status Code appear in pairs. The reason phrase is the readable version of the status code. The application developer sends it to the user to indicate what happened during the request. The client determines the server status based on the status code, which has no relationship with the reason phrase.

Iii. Header

The HTTP header field adds additional information to the request and Response Message. Essentially, they are only lists of some name/value pairs. For example, the following header will assign 19 values to the Content-Length header field:

Content-Length: 19

1. First Classification

The HTTP specification defines several header fields. Applications can also freely invent their own headers. The HTTP header can be divided into the following types.

(1) General header: either in the request message or in the Response Message.

These are general headers that can be used by both the client and server. It can provide some useful general functions between clients, servers, and other applications. Like a hacker, they provide useful information for messages regardless of their type. For example, whether a request message or a response message is constructed, the creation date and time of the message are the same. Therefore, the header that provides such information is common for both types of messages. The following table lists General Information headers.

General information headers:

Header description
Connection allows the client and server to specify options related to the request/response connection
Date indicates the time when the message was created.
Mime-version indicates the MIME Version Used by the sender.
If the packet uses chunked Transfer Encoding, you can use this header to list the first set in the trailer part of the packet slippers.
Transfer-encoding informs the receiving end of the encoding method used for packets to ensure reliable transmission of packets.
Update provides the new version or protocol that the sender may want to "Upgrade ".
Via displays the intermediate nodes (proxies and gateways) through which packets pass)

General cache header:

Header description
Cache-control is used to transmit cache instructions with messages
Pragma is another method for transmitting instructions along with messages, but it is not dedicated to caching

(2) Request Header: provide more information about the request.

The request header is meaningful in the request message. It is used to describe who is sending the request, where the request comes from, or the client's preferences and capabilities. The server can try to provide a better response to the client based on the client information provided by the request header.

Request Information header:
Header description
Client-IP provides the IP address of the machine running the client
From provides the e-mail address of the client user.
Host indicates the host name and port number of the server that receives the request.
Referer provides the URL of the document containing the current request URI
UA-color provides information about the display color of the client display.
The UA-CPU gives the client CPU type or manufacturer
US-disp provides information related to client display (screen) capabilities
US-OS provides the pixel information of the client display.
UA-pixels provides the pixel information of the client display.
The User-Agent notifies the server (User-Agent) User Agent of the Application name that initiated the request. Isn't it actually a browser?

The accept header provides clients with a way to inform the server of their preferences and capabilities, including what they want, what they can use, and what they don't want most. In this way, the server can make a more informed decision on the content to be sent based on the additional information. The accept header will benefit both ends of the connection. The client will get what they want, and the server will not waste its time and bandwidth to send things that the client cannot use.

Accept header:
Header description
Accept tells the server which media types can be sent
Accept-charset indicates which character sets can be sent by the server
Accept-encoding tells the server which encoding methods can be sent
Accept-language indicates which languages can be sent by the server
Te tells the server which extended Transfer Encoding can be used

Condition request header:

Sometimes the client wants to add some restrictions to the request. For example, if the client already has a copy, you need to request the server to transfer the file only when the file on the server is different from the copy on the client. By using the conditional request header, the client can add this restriction, requiring the server to ensure that a request is true before responding to the request.

Condition request header:
Header description
Reverse CT allows the client to list the server actions required by a request
If-match if the object tag matches the current OBJECT tag of the document
If-modified-since: this request is restricted unless the resource has been modified after a specified date.
If-range allows conditional requests to a certain range of documents.
If-unmodified-since: this request is restricted unless the resource has not been modified after a specified date.
Range if the server supports range requests, the specified range of the requested resource is

Security request header:

HTTP itself supports a simple mechanism for querying/responding to requests. This mechanism requires the client to authenticate itself before obtaining specific resources, so that transactions can be slightly safer.

Security request header:
Header description
Authorization contains the data that the client provides to the server for authentication.
The cookie client uses it to send a token to the server-it is not the real security header, but it implies the security function.
Cookie2 is used to describe the cookie version supported by the requester.

Proxy request header:

With the widespread application of Internet proxy, several headers have been defined to help them better work.

Proxy request header:
Header description
Max-forword: the maximum number of times a request is forwarded to another proxy or gateway in the path to the source server-used together with the TRACE Method
Proxy-authorization is the same as Authorization header, but this header is used for authentication with the proxy
Proxy-connection is the same as the connection header, but this header is used when the proxy establishes a connection.

(3) Response Header: provide more information about the response.

The response packet is composed of its own response header set. The Response Header provides some additional information for the client, such as who is sending the response, the responder's function, and some special commands related to the response. These headers help the customer to handle the response and initiate better requests in the future.

Response Information header:
Header description
Age (from initial creation) response duration
List of request methods supported by the public server for its resources
Name and version of the server application software
Title is the title given by the source of the HTML document.
Warning provides more detailed warning packets than the cause phrase.

Negotiation header: If a resource has multiple representation methods-for example, if a file is translated in French or German on the server, HTTP/1.1 can provide the server and client with the ability to negotiate resources.

Negotiation header:
Header description
Accept-ranges indicates the type of range that the server accepts for this resource.
The list of other headers viewed by the vary server may change the response. That is to say, this is a list of headers. The server selects the most suitable resource version based on the header content and sends it to the client.

Security Response Header:

We have already seen the first security request. In essence, this is the response side of the HTTP question/response authentication mechanism.

Security Response Header:
Header description
Proxy-Authenticate: list of questions from the proxy to the client
Set-cookie is not a real security header, but it implies a security function. You can set a token on the client so that the server can identify the client.
The Set-Cookie2 is similar to set-Cookie.
WWW-Authenticate: Question list of the client from the server

D. entity header: Describes the length and content of a subject, or the resource itself.

There are many headers that can be used to describe the load of HTTP packets. Because both request and response texts may contain entity parts, these headers may appear in both types of packets. The entity header provides a large amount of information about the entity and its content, from the information about the object type to various valid request methods that can be used for resources. In short, the entity header can tell the recipient of the message what it is processing.

Entity information header:
Header description
Allow lists the request methods that can be executed on this object.
Location tells the client where the object is actually located. It is used to direct the receiving end to the resource location.

Content Header:

The Content Header provides specific information related to the object content, describes its type, size, and other useful information required to process it. For example, a Web browser can view the returned content type and learn how to display objects.

Content Header:
Header description
Basic URL used by content-base to parse relative URLs in the subject
Any encoding method of content-encoding to the subject
Content-language: the natural language most suitable for understanding the subject
Length or size of Content-Length subject
The actual location of the content-Location Resource
MD5 verification of Content-MD5 subject
Content-range indicates the byte range in the entire resource.
Object Model of the Content-Type subject

Entity cache header:

The general cache header describes how or when to cache the data. The cache header of an object provides information related to the cached object, for example, verifying that cached resource copies are still valid, and better estimate the clues required for proper invalidation of cached resources.

Entity cache Header
Header description
Entity tag related to the object
The expires object is not valid. You must obtain the date and time of the object from the original source.
Last-modified the Last modified Date and time of the object

E. Expansion header: A New header not defined in the specification.

Each HTTP header has a simple Syntax: The name is followed by a colon (:), followed by an optional space, followed by the field value. The last line is a carriage return.

2. The first continuation line

Dividing a long first line into multiple lines can improve readability. There must be at least one space or tab before each line ).

HTTP/1.0 200 OK
Content-Type: image/GIF
Content-Length: 8572
Server: Test Server
Version 1.0:

In the preceding example, the response packet contains a server header whose value is divided into multiple continuation rows. The complete value of the header is test Server Version 1.0.

Iii. Entity

The third part of HTTP is the optional entity part, and the entity body is the load of HTTP packets. The content to be transmitted over HTTP.

HTTP packets can carry many types of digital data, such as images, videos, HTML documents, software applications, credit card transactions, and emails.

In practice, we use a browser to open the Baidu homepage and parse the HTTP packets:

Open Baidu request message:

GET/HTTP/1.1 // The Request Method is get, and the HTTP protocol is 1.1 HOST: // The URL is www. baidu. comuser-AGENT: Mozilla/5.0 (Windows NT 6.1; RV: 19.0) Gecko/20100101 Firefox/19.0 // user proxy, that is, the browser displays the browser's detailed information accept: text/html, application/XHTML + XML, application/XML; q = 0.9 ,*/*; Q = 0.8 // the file type text/html that can be sent by the server means the HTML text document type, and the following query documents go to accept-language: ZH-CN, ZH; Q = 0.8, en-US; q = 0.5, en; q = 0.3 // The language ZH-CN that the server can send is Chinese. The following query documents go to accept-encoding: gzip. , Deflate // The encoding format that the server can send is gzip. If the encoding format does not comply with the browser, the cookie cannot be interpreted: baiduid = af6c417b14e94898933e5f858c63f889: fg = 1; bdrefer = % 7 burl % 3A % 22 HTTP % 3A //; h_ps_pssid = 2097_1464_2133_1944_1788 // cookie. The server stores information on the client, each request sends the cookie stored on the client to the server. Connection: keep-alive // connection, keep-alive keep status cache-control: max-age = 0 // when the cache indicating cache-control Max-age> 0 is sent along with the message, Max-age is extracted from the browser cache directly <= 0 and an HTTP request is sent to the server for confirmation., if the resource has been modified or not, 200 is returned. If the resource does not exist, 304 is returned.

Open Baidu Response Message:

HTTP/1.1 200 OK // HTTP Version 1.1 Status Code 200 cause phrase okdate: Tue, 02 Apr 2013 04:27:50 GMT // response time date Server: BWS/1.0 // name and version of the server application software BWS/1.0content-length: 4271 // The length of the response body content is 4271 bytes Content-Type: text/html; charset = UTF-8 // response type is HTML text, encoding type is utf-8Cache-Control: Private // cache indication expires: Tue, 02 Apr 2013 04:27:50 GMT // entity is not valid, to obtain the object's date and time again from the original source, content-encoding: gzip // The encoding method for the object is gzipset-COOKIE: h_ps_pssid = 2097_1464_2133_1944_1788; Path = /; domain = // set cookie, path, and domain to Cookie Information (scope of action, etc.) connection: keep-alive // The status is to keep the connection

The response is awesome, that is, the source code of the page:

<! Doctype HTML> <! -- Status OK --> <HTML> Because the content is large, the following part is omitted.

Next let's take a look at the request message to submit the form: Open the login window of Baidu, fill in the information, and then submit the request message post information:

callback    parent.bdPass.api.login._postCallbackcharset    utf-8codestring    index    0isPhone    falseloginType    1mem_pass    onpassword    123ppui_logintime    13905safeflg    0staticpage    d0de247f344d33dbb9692491dc5574cdtpl    mnu    username    [email protected]verifycode    

We can see that the account and password used to submit the form are all transferred to the server in the object of the request message.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.