HTTP protocol header fields

Source: Internet
Author: User
Tags ranges set cookie unsupported

First, the basic article
HTTP (hypertexttransferprotocol) is an abbreviation for Hypertext Transfer Protocol, which is used to transmit data of WWW mode, please refer to RFC2616 for details of HTTP protocol. The HTTP protocol uses the request/response model. The client sends a request to the server that contains the requested method, URI, protocol version, and a mime-like message structure that contains the request modifier, customer information, and content. The server responds with a status line that includes the version of the message protocol, success or error encoding plus the server information, entity meta information, and possible entity content.
Typically HTTP messages include client-to-server request messages and server-to-client response messages. These two types of messages consist of a starting line, one or more header fields, a blank line that is just the end of the head field, and an optional message body. The header fields of HTTP include the general header, the request header, the response header, and the four parts of the entity header. Each header field consists of a domain name, a colon (:), and a domain value of three parts. Domain names are case-insensitive, you can add any number of whitespace before the domain value, and the header field can be expanded to multiple lines, at the beginning of each line, with at least one space or tab.
1. General header Field
The generic header domain contains header domains that both request and response messages support, and the generic header domain contains Cache-control, Connection, Date, Pragma, transfer-encoding, Upgrade, Via. The expansion of the universal header domain requires both parties to support this extension, and if there is an unsupported universal header domain, it will generally be handled as the entity header domain. The following is a brief introduction to several common header domains used in UPnP messages.
Cache-control header Field
CACHE-CONTROL Specifies the caching mechanism that requests and responses follow. Setting Cache-control in a request message or response message does not modify the caching process in another message processing process. The cache directives for the request include No-cache, No-store, Max-age, Max-stale, Min-fresh, only-if-cached, and the instructions in the response message include public, private, No-cache, No-store, No-transform, Must-revalidate, Proxy-revalidate, Max-age. The instructions in each message have the following meanings:
Public indicates that the response can be cached by any buffer.
Private indicates that the entire or partial response message for a single user cannot be shared with the cache. This allows the server to simply describe a partial response message for the user, and this response message is not valid for another user's request.
No-cache indicates that a request or response message cannot be cached
No-store is used to prevent the inadvertent release of important information. Sending in the request message will make the request and response messages do not use the cache.
Max-age indicates that the client can receive a response that is not longer than the specified time (in seconds).
Min-fresh indicates that the client can receive a response that is less than the current time plus a specified time.
Max-stale indicates that the client can receive a response message that exceeds the timeout period. If you specify a value for the Max-stale message, the client can receive a response message that exceeds the specified value for the timeout period.
Date Header Field
The Date header field represents the time the message was sent, and the time description format was defined by RFC822. For example, Date:mon,31dec200104:25:57gmt. The time described by date represents the world standard, which translates into local time and needs to know the time zone in which the user is located.
pragma header field
The pragma header domain is used to contain implementation-specific instructions, most commonly pragma:no-cache. In the http/1.1 protocol, it has the same meaning as Cache-control:no-cache.
2. Request message
The first behavior of the request message is in the following format:
Method sp Request-uri sp http-version CRLF
Method indicates that the field is case-sensitive for Request-uri completion, including options,, POST, PUT, DELETE, TRACE. The method get and head should be supported by all common Web servers, and the implementation of all other methods is optional. The GET method retrieves the information identified by the Request-uri. The head method also retrieves the information identified by the Request-uri, but does not return the body of the message when the response is available. The Post method can request that the server receive entity information contained in the request, and can be used to submit the form, sending messages to newsgroups, BBS, mail groups, and databases.
The SP represents a space.
Request-uri follows the URI format, where the word Cheweishing (*) indicates that the request is not used for a particular resource address, but rather for the server itself.
Http-version represents the supported HTTP version, for example, http/1.1.
The CRLF represents a newline carriage return character.
The request header domain allows the client to pass additional information about the request or about the client to the server. The Request header field may contain the following fields Accept, Accept-charset, accept-encoding, Accept-language, Authorization, from, Host, If-modified-since, If-match, If-none-match, If-range, If-range, If-unmodified-since, Max-forwards, Proxy-authorization, Range, Referer, User-agent. Extensions to the request header domain are supported by both parties, and if an unsupported request header domain exists, it will generally be handled as the entity header domain.
A typical request message:
Gethttp://class/download.microtool.de:80/somedata.exe
Host:download.microtool.de
accept:*/*
Pragma:no-cache
Cache-control:no-cache
referer:http://class/download.microtool.de/
User-agent:mozilla/4.04[en] (win95;i; NAV)
range:bytes=554554-
The first line in the previous example indicates that the HTTP client (possibly a browser, downloader) obtains the file under the specified URL through the Get method. The brown portion represents the information for the Request header field, and the green section represents the General header section.
Host Header Field
The host header domain specifies the intenet host and port number of the requesting resource, and must represent the location of the originating server or gateway that requested the URL. The http/1.1 request must contain the host header domain or the system will return with a 400 status code.
Referer header Field
The Referer header domain allows the client to specify the source resource address of the request URI, which allows the server to generate a fallback list that can be used to log in, optimize the cache, and so on. He also allows the abolition or wrong connection to be traced for maintenance purposes. If the requested URI does not have its own URI address, Referer cannot be sent. If you specify a partial URI address, this address should be a relative address.
Range header Field
The Range header field can request one or more child ranges of an entity. For example
Represents the first 500 bytes: bytes=0-499
Represents a second 500 byte: bytes=500-999
Represents the last 500 bytes: bytes=-500
Represents the range after 500 bytes: bytes=500-
First and last byte: Bytes=0-0,-1
Specify several ranges at the same time: bytes=500-600,601-999
However, the server can ignore this request header, and if the unconditional get contains a range request header, the response is returned as a status code of 206 (partialcontent) instead of a (OK).
User-agent header Field
The contents of the User-agent header domain contain the user information that made the request.


3. Response message
The first behavior of the response message is in the following format:
Http-version sp Status-code sp reason-phrase CRLF
Http-version represents the supported HTTP version, for example, http/1.1.
Status-code is a result code of three numbers.
Reason-phrase provides a simple text description for Status-code. Status-code is mainly used for machine automatic identification, reason-phrase is mainly used to help users understand. The first number of Status-code defines the category of the response, and the latter two numbers do not have a role to classify. The first number can take 5 different values:
1XX: Information response class, which indicates receipt of request and continues processing
2XX: Handle the successful response class, indicating that the action was successfully received, understood, and accepted
3XX: Redirect Response class, must accept further processing in order to complete the specified action
4XX: Client error, client request contains syntax error or is not executed correctly
5XX: Server error, servers do not correctly execute a correct request
The Response header field allows the server to pass additional information that cannot be placed on the status line, which primarily describes the server's information and Request-uri further information. The Response header field contains age, location, proxy-authenticate, public, Retry-after, Server, Vary, Warning, and Www-authenticate. The expansion of the response header field is required for both sides of the communication, and if there is an unsupported response header field, it will generally be handled as the Entity header field.
A typical response message:
Http/1.0200ok
Date:mon,31dec200104:25:57gmt
server:apache/1.3.14 (Unix)
Content-type:text/html
Last-modified:tue,17apr200106:46:28gmt
Etag: "a030f020ac7c01:1e9f"
content-length:39725426
content-range:bytes554554-40279979/40279980
The first line in the previous example represents an HTTP service-side response to a GET method. The brown part represents the Response header field information, the green part represents the General header section, and the red part represents the Entity header field information.
Location response Header
The location response header is used to redirect the recipient to a new URI address.
Server response Header
The server response header contains software information for the originating server that processed the request. This field can contain multiple product identifiers and annotations, and product identities are generally sorted by importance.
4. Entity Information
Both the request message and the response message can contain entity information, which generally consists of entity header fields and entities. The Entity header field contains the original information about the entity, including allow, Content-base, content-encoding, Content-language, Content-length, Content-location, CONTENT-MD5, Content-range, Content-type, Etag, Expires, Last-modified, Extension-header. Extension-header allows clients to define new entity headers, but these domains may not be recognized by the recipient. An entity can be a coded stream of bytes encoded by content-encoding or Content-type, whose length is defined by content-length or Content-range.
Content-type Solid Head
The Content-type entity header is used to indicate the media type of the entity to the receiver, specify the entity media type that the head method sends to the receiver, or the request media type that the Get method sends Content-range entity header
Content-range Solid Head
Used to specify the insertion position of a part of the entire entity, and he also indicates the length of the entire entity. When the server returns a partial response to the customer, it must describe the extent of the response coverage and the entire length of the entity. General format:
Content-range:bytes-unit SP First-byte-pos-last-byte-pos/entity-legth
For example, the transfer header is in the form of a 500-byte secondary field: content-range:bytes0-499/1234 If an HTTP message contains this section (for example, a response to a range request or an overlapping request to a range of ranges), Content-range represents the range of the transfer, The content-length represents the number of bytes actually transferred.
Last-modified Solid Head
Last-modified Entity header Specifies the last revision time to save content on the server.
5. HTTP Header Reference (Microsoft)
Both HTTP requests and HTTP responses use headers to send information about HTTP messages. The header consists of a series of rows, each containing a name, followed by a colon, a space, and a value. Fields can be sorted in any order. Some header fields can be used for both request headers and response headers, while others can be used only for one of them.
Many request header fields allow clients to specify multiple acceptable options in the Value section, and sometimes they can even rank preferences for those options. Multiple items are separated by commas. For example, a client can send a request header that contains "content-encoding:gzip, Compress," which indicates that various compression types can be accepted. If the response body of the server uses gzip encoding, its response header will contain "Content-encoding:gzip".
Some fields can appear multiple times in a single header. For example, a header can have more than one "Warning" field.
The following table lists the HTTP 1.1 header fields. Note: Some header fields are MIME fields. The MIME field is defined in RFC 2045 of the Internet Engineering Task Force (IETF) document, but can also be used with the HTTP 1.1 protocol. For more information about the MIME and HTTP 1.1 specifications, see the Ieif page.
General header Fields
The General header field can be used to request messages and response messages.
Name Example Value
Cache-control "max-age=10"
Connection "Close"
Date "Tue, Jul 18:23:51 GMT"
Pragma "No-cache"
Trailer "Date"
Transfer-encoding "chunked"
Upgrade "shttp/1.3"
Via "http/1.1 Proxy1, http/1.1 Proxy2"
Warning "Disconnected operation"
Request Header Field
The Request header field is used only for request messages.
Name Example Value
Accept "text/html, image/*"
Accept-charset "Iso8859-5"
Accept-encoding "gzip, compress"
Accept-language "En, fr"
Authorization [Credentials]
Content-encoding "gzip"
Expect "100-continue"
from "[Email protected]"
Host "www.microsoft.com"
If-match "entity_tag001"
If-modified-since "Tue, one Jul 18:23:51 GMT"
If-none-match "entity_tag001"
If-range "entity_tag001" or "Tue, one Jul 18:23:51 GMT"
If-unmodified-since "Tue, one Jul 18:23:51 GMT"
Max-forwards "3"
Proxy-authorization [Credentials]
Range "bytes=100-599"
Referer "Http://www.microsoft.com/resources.asp"
TE "Trailers"
User-agent "mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) "

>> the specific meaning of the request header field
Accept: The MIME type acceptable to the browser.
Accept-charset: The acceptable character set of the browser.
Accept-encoding: The way the browser can decode data encoding, such as gzip.
Accept-language: The type of language the browser wishes to use when the server is able to provide more than one language version.
Authorization: Authorization information, which typically occurs in an answer to the Www-authenticate header sent to the server.
Connection: Indicates whether a persistent connection is required. If the servlet sees the value here as "keep-alive", or sees the request using an HTTP 1.1 (HTTP 1.1 is persistent by default), it can take advantage of the persistent connection, when the page contains multiple elements (such as applets, pictures), Significantly reduce the time it takes to download. To do this, the servlet needs to send a content-length header in the answer, and the simplest implementation is to write the content to Bytearrayoutputstream first and then calculate its size before formally writing the content.
Content-length: Represents the length of the request message body.
Cookie: Set cookie, which is one of the most important request header information
From: The email address of the requesting sender, used by some special Web client, is not used by the browser.
Host: The hosts and ports in the initial URL.
If-modified-since: Returns a 304 "not Modified" answer only if the requested content has been modified after the specified date.
Pragma: Specifying a value of "no-cache" means that the server must return a refreshed document, even if it is a proxy server and has a local copy of the page.
Referer: Contains a URL from which the user accesses the currently requested page from the page represented by the URL.
User-agent: Browser type, this value is useful if the content returned by the servlet is related to the browser type.
UA-PIXELS,UA-COLOR,UA-OS,UA-CPU: A nonstandard request header sent by some versions of Internet Explorer to indicate screen size, color depth, operating system, and CPU type.
Response Header Field
The Response header field is used only for response messages.
Name Example Value
Accept-ranges "None"
Age "2147483648 (2^31)"
ETag "B38B9-17DD-367C5DCD"
Last-modified "Tue, one Jul 18:23:51 GMT"
Location "Http://localhost/redirecttarget.asp"
proxy-authenticate [Challenge]
Retry-after "Tue, Jul 18:23:51 GMT" or "60"
Server "microsoft-iis/5.0"
Vary "Date"
www-authenticate [Challenge]
Entity header Field
The Entity header field can be used to request a message or a response message. The Entity header field contains information about the body of the message entity, such as the encoding format used.
Name Example Value
Allow "GET, HEAD"
Content-encoding "gzip"
Content-language "en"
Content-length "8445"
Content-location "Http://localhost/page.asp"
CONTENT-MD5 [Md5-digest]
Content-range "bytes 2543-4532/7898"
Content-type "Text/html"
Expires "Tue, one Jul 18:23:51 GMT"
Last-modified "Tue, one Jul 18:23:51 GMT"
>> the specific meaning of the Entity header field
Which request methods (such as Get, post, and so on) are supported by the Allow server.
The encoding (Encode) method of the Content-encoding document. The content type specified by the Content-type header can be obtained only after decoding. Using gzip to compress documents can significantly reduce the download time of HTML documents. Java's gzipoutputstream can be easily gzip compressed, but only on Unix Netscape and IE 4, ie 5 on Windows.
Content-length represents the content length. This data is only required if the browser is using a persistent HTTP connection.
Content-type indicates what MIME type the subsequent document belongs to. The servlet defaults to Text/plain, but it usually needs to be explicitly specified as text/html.
Date the current GMT time. You can use Setdateheader to set this header to avoid the hassle of converting the time format.
When should Expires think that the document has expired so that it does not cache it?
Last-modified The last modification time of the document. The customer can provide a date through the If-modified-since request header, which is treated as a conditional get, and only documents that have been modified later than the specified time are returned, otherwise a 304 (not Modified) state is returned.
Location indicates where the customer should go to extract the document. Location is usually not set directly, but by HttpServletResponse's Sendredirect method, which sets the status code to 302.
Refresh indicates how much time the browser should refresh the document, in seconds. In addition to refreshing the current document, you can also pass SetHeader ("Refresh", "5; Url=http://host/path ") lets the browser read the specified page.
Note that this functionality is usually implemented by setting the <meta http-equiv= "Refresh" c> of the head area of the HTML page, because automatic refresh or redirection is important for HTML writers who cannot use CGI or servlets. For Servlets, however, it is more convenient to set the refresh header directly.
Note that the meaning of refresh is "refresh this page after n seconds or visit the specified page" instead of "refresh this page every n seconds or visit the specified page". Therefore, continuous refresh requires a refresh header to be sent each time, and sending a 204 status code prevents the browser from continuing to refresh, whether it is using the refresh header or the <meta http-equiv= "Refresh" ... >
Note that the refresh header is not part of the HTTP 1.1 formal specification, but rather an extension, but both Netscape and IE support it.
Request Header Example
The following is a simple example of an HTTP request.
Get/articles/news/today.asp http/1.1
Accept: */*
Accept-language:en-us
Connection:keep-alive
Host:localhost
Referer:http://localhost/links.asp
user-agent:mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Accept-encoding:gzip, deflate
The request has a request line, which includes a method (GET), a resource path (/articles/news/today.asp), and an HTTP version (http/1.1). Because the request has no body, the content behind all the request lines is part of the header. Immediately after the head is a blank line, indicating that the header has ended.
Response Header Example
A WEB server can respond to a previous request in several ways. Assuming the file is accessible and the user has permission to view the file, the response resembles the following:
http/1.1 OK
server:microsoft-iis/5.0
Date:thu, Jul 05:46:53 GMT
content-length:2291
Content-type:text/html
SET-COOKIE:ASPSESSIONIDQQGGGNCG=LKLDFFKCINFLDMFHCBCBMFLJ; path=/
Cache-control:private
...
The first line of the response is called the status line. It contains the HTTP version, the status code (200), and the reason phrase used in the response. The example contains a header with five fields, followed by a blank line (carriage return and line feed), followed by the first two lines of the response body.
For a complete, detailed description of the HTTP header, see the HTTP specification for http://www.w3.org/Protocols/.

Appendix: Meaning of the HTTP protocol status code
Status Code status information meaning
Continue the initial request has been accepted and the customer should continue to send the remainder of the request. (HTTP 1.1 new)
The 101 switching protocols server translates the client's request to another protocol (HTTP 1.1 new
All OK, the answer document for Get and post requests is followed.
The 201 Created Server has created the document, and the location header gives its URL.
202 Accepted has accepted the request, but the processing has not been completed.
203 Non-authoritative Information The document has returned normally, but some of the answer headers may be incorrect because a copy of the document (HTTP 1.1 new) is being used.
204 No Content There is no new document, the browser should continue to display the original document.
205 Reset content is not new, but the browser should reset what it displays. Used to force the browser to clear the form input (HTTP 1.1 new).
The 206 Partial Content client sends a GET request with a range header that the server has completed (HTTP 1.1 new).
Multiple Choices customer requested documents can be found in multiple locations that have been listed in the returned document. If the server wants to make a preference, it should be indicated in the location answer header.
301 Moved Permanently The document requested by the customer elsewhere, the new URL is given in the location header, and the browser should automatically access the new URL.
302 Found is similar to 301, but the new URL should be treated as a temporary replacement, not a permanent. Note that the corresponding status information in HTTP1.0 is "Moved temporatily", and when the status code appears, the browser can automatically access the new URL, so it is a useful status code. Note that this status code can sometimes be used with 301 substitutions. For example, if the browser mistakenly requests Http://host/~user (the trailing slash is missing), some servers return 301, and some return 302. Strictly speaking, we can only assume that the browser will automatically redirect only if the original request is get. See 307.
303 See other is similar to 301/302, except that if the original request is the Post,location header the specified redirect target document should be fetched via get (HTTP 1.1 new).
304 Not Modified client has buffered documents and issued a conditional request (typically providing a if-modified-since header indicating that the customer only wants to update the document than the specified date). The server tells the customer that the original buffered document can continue to be used.
305 Use proxy The document requested by the client should be extracted from the agent server indicated by the location header (HTTP 1.1 is new).
307 Temporary Redirect and 302 (Found) are the same. Many browsers incorrectly respond to a 302 response for redirection, even if the original request is post, even though it can actually be redirected only if the answer to the POST request is 303. For this reason, HTTP 1.1 has been added in 307 to allow for more cleanup of the region in several status codes: When a 303 response occurs, the browser can follow the redirected get and post requests, and if the 307 answer, the browser can only follow the redirect to the GET request. (HTTP 1.1 new)
A syntax error has occurred in the request requests.
401 Unauthorized customer attempts to access password-protected pages without authorization. A www-authenticate header is included in the answer, and the browser displays the user name/Password dialog box, and then makes a request again after filling in the appropriate authorization header.
403 Forbidden resource is not available. The server understands the customer's request, but refuses to process it. This is usually caused by the permissions set on the file or directory on the server.
404 Not Found Could not find the resource at the specified location. This is also a common answer,
The 405 method not allowed request methods (GET, POST, HEAD, DELETE, PUT, trace, etc.) do not apply to the specified resource. (HTTP 1.1 new)
406 not acceptable the specified resource has been found, but its MIME type is incompatible with the client specified in the Accpet header (HTTP 1.1 new).
407 Proxy authentication Required is similar to 401, which means that the client must be authorized by the proxy server first. (HTTP 1.1 new)
408 Request Timeout The customer has not made any requests during the waiting time of the server license. Customers can repeat the same request at a later time. (HTTP 1.1 new)
409 Conflict is usually associated with a put request. The request cannot succeed because the request conflicts with the current state of the resource. (HTTP 1.1 new)
410 Gone The requested document is no longer available, and the server does not know which address to redirect to. It differs from 404 in that returning 407 means that the document has permanently left the specified location, and 404 indicates that the document is unavailable for unknown reasons. (HTTP 1.1 new)
411 Length Required The server cannot process the request unless the client sends a content-length header. (HTTP 1.1 new)
412 Precondition Failed Some of the prerequisites specified in the request header failed (HTTP 1.1 new).
413 Request Entity Too Large the size of the target document exceeds the size that the server is currently willing to handle. If the server thinks it can process the request later, it should provide a Retry-after header (HTTP 1.1 new).
414 Request Uri Too Long URI is too lengthy (HTTP 1.1 new).
416 requested range not satisfiable server does not meet the Range header specified by the customer in the request. (HTTP 1.1 new)
The Internal server Error server encountered unexpected conditions and was unable to complete the customer's request.
The 501 not implemented server does not support the functionality required to implement the request. For example, a customer sends a put request that is not supported by the server.
502 Bad Gateway server as a gateway or proxy, the server returned an illegal reply in order to complete the request to access the next server.
503 Service Unavailable Server failed to answer due to maintenance or heavy load.
504 Gateway Timeout is used by a server acting as a proxy or gateway, indicating that it is not able to get answers from remote servers in a timely manner. (HTTP 1.1 new)
505 HTTP version not supported server does not support HTTP versions as specified in the request

HTTP protocol header fields

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.