In-depth explanation of HTTP head usage

Source: Internet
Author: User
Tags unsupported

HyperTextTransferProtocol is short for Hypertext Transfer Protocol. It is used to transmit WWW Data. For details about HTTP, see rfc2616. The HTTP protocol uses the request/response model. The client sends a request to the server. The request header contains the request method, URI, Protocol version, and message structure similar to MIME containing the request modifier, customer information, and content. The server responds with a status line. The corresponding content includes the version of the Message Protocol, and the server information, entity metadata, and possible entity content are added to the success or error code.

Generally, HTTP messages include the request message sent from the client to the server and the response message sent from the server to the client. These two types of messages are composed of a starting line, one or more header fields, an empty line that is only the end of the header field, and an optional message body. The HTTP header includes four parts: Common headers, request headers, response headers, and object headers. Each header field consists of a domain name, a colon (:), and a domain value. The domain name is case-insensitive. You can add any number of space characters before the Domain value. The header field can be expanded to multiple rows. At least one space or Tab character is used at the beginning of each line.
Common header fields
The general header domain includes the header domains supported by both request and response messages. The general header domain includes Cache-Control, Connection, Date, Pragma, Transfer-Encoding, Upgrade, and. The extension of the common header domain requires both parties to support this extension. If a common header domain is not supported, it is generally processed as the object header domain. The following describes some general header fields used in UPnP messages.
Cache-Control header field
Cache-Control specifies the Cache mechanism that requests and responses follow. Setting Cache-Control in a request message or response message does not modify the Cache processing process of another message. The cache commands in the request include no-cache, no-store, max-age, max-stale, min-fresh, only-if-cached, commands in the Response Message include public, private, no-cache, no-store, no-transform, must-revalidate, proxy-revalidate, and max-age. The instructions in each message are as follows:
Public indicates that the response can be cached in any cache area.
Private indicates that the whole or part of the response message of a single user cannot be processed by the shared cache. This allows the server to only describe part of the user's response message, which is invalid for requests of other users.
No-cache indicates that the request or response message cannot be cached.
No-store is used to prevent the unintentional release of important information. Sending a request message does not cache the request and response messages.
Max-age indicates that the client can receive responses with a lifetime not greater than the specified time (in seconds.
Min-fresh indicates that the client can receive a response whose response time is earlier than the current time plus the specified time.
Max-stale indicates that the client can receive response messages beyond the timeout period. If the value of the max-stale message is specified, the client can receive response messages that exceed the timeout period.
Date header field
The Date header field indicates the message sending time. The description format of the time is defined by rfc822. For example, Date: Mon, 31Dec200104: 25: 57GMT. The time described in Date indicates the world standard time. You need to know the time zone of the user to convert the local time.
Pragma header domain
The Pragma header field is used to contain specific instructions. The most common method is Pragma: no-cache. The meaning of HTTP/1.1 is the same as that of Cache-Control: no-cache.
Request Message
The format of the first action of the request message is as follows:
MethodSPRequest-URISPHTTP-VersionCRLFMethod indicates the method for completing Request-URI. This field is case sensitive, including OPTIONS, GET, HEAD, POST, PUT, DELETE, and TRACE. Methods GET and HEAD should be supported by all common WEB servers, and implementation of all other methods is optional. The GET method retrieves the information identified by Request-URI. The HEAD method also retrieves the information identified by Request-URI, but does not return the message body during the response. The POST method can request the server to receive entity information contained in the request. It can be used to submit forms and send messages to newsgroups, BBS, contact groups, and databases.

SP indicates space. Request-URI follows the URI format. When this field is asterisk (*), the Request is not used for a specific resource address, but for the server itself. HTTP-Version indicates the supported HTTP Version. For example, HTTP/1.1. CRLF indicates a line feed. The request header field allows the client to transmit request or additional information about the client to the server. The request header field may contain the following fields: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, From, Host, If-Modified-Since, If-Match, and If-None. -Match, If-Range, If-Range, If-Unmodified-Since, Max-Forwards, Proxy-Authorization, Range, Referer, and User-Agent. Both parties need to support the expansion of the Request Header domain. If an unsupported Request Header domain exists, it is generally processed as an object header domain.
Typical request message:
GET 80/somedata.exe
Accept :*/*
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/4.04 [en] (Win95; I; Nav)
Value Range: bytes = 554554-
In the preceding example, the first line indicates that the HTTP client (which may be a browser or a download program) obtains the file under the specified URL through the GET method. The brown part indicates the information of the request header field, and the green part indicates the general header part.
Host Header domain
The Host Header specifies the Intenet Host and port number of the requested resource, which must represent the location of the original server or gateway of the request url. The HTTP/1.1 request must contain the Host Header domain; otherwise, the system returns the status code 400.
Referer header field
The Referer header field allows the client to specify the source resource address of the request uri, which allows the server to generate a rollback linked list for login and cache Optimization. He also allows abolished or erroneous connections to be tracked for maintenance purposes. If the requested uri does not have its own uri address, the Referer cannot be sent. If some uri addresses are specified, this address is a relative address.
Range Header
The Range header field can request one or more sub-ranges of an object. For example,
Indicates the first 500 bytes: bytes = 0-499
Indicates the second 500 bytes: bytes = 500-999
Indicates the last 500 bytes: bytes =-500
Indicates the range after 500 bytes: bytes = 500-
First and last bytes: bytes = 0-0,-1
Specify the following ranges: bytes = 500-600,601-999.
However, the server can ignore this request header. If the unconditional GET contains the Range request header, the response will be returned with the status code 206 (PartialContent) instead of 200 (OK ).
User-Agent header domain
The content of the User-Agent header contains the User information that sends the request.
Response Message
The format of the first response message is as follows:
HTTP-Version indicates the supported HTTP Version. For example, HTTP/1.1. Status-Code is the result Code of three numbers. Reason-Phrase provides a simple text description for Status-Code. Status-Code is mainly used for automatic machine identification, and Reason-Phrase is mainly used to help users understand. The first digit of Status-Code defines the category of the response. The last two digits do not have a category. The first number may have 5 different values:
1xx: Information Response class, indicating that the request is received and processed continuously
2xx: Successful response class, indicating that the action is successfully received, understood, and accepted
3xx: redirect response class. To complete the specified action, you must accept further processing.
4xx: client error. The client request contains a syntax error or cannot be correctly executed.
5xx: server error. The server cannot correctly execute a correct request.
The response header field allows the server to transmit additional information that cannot be placed in the status line. These fields mainly describe the server information and further Request-URI information. The Response Header includes Age, Location, Proxy-Authenticate, Public, Retry-After, Server, Vary, Warning, and WWW-Authenticate. The expansion of the Response Header domain requires both parties to support the communication. If an unsupported Response Header domain exists, it is generally processed as an entity header domain.
Typical response message:
Date: Mon, 31Dec200104: 25: 57GMT
Server: Apache/1.3.14 (Unix)
Content-type: text/html
Last-modified: Tue, 17Apr200106: 46: 28GMT
Etag: "a030f020ac7c01: 1e9f"
Content-length: 39725426
Content-range: bytes554554-40279979/40279980
The first line in the preceding example indicates that the HTTP server responds to a GET method. The brown part indicates the information of the response header field, the green part indicates the general header part, and the red part indicates the information of the object header field.
Location Response Header
The Location response header is used to redirect the receiver to a new URI address.
Server Response Header
The Server response header contains the software information of the original Server that processes the request. This domain can contain multiple product identifiers and comments. Product identifiers are generally sorted by importance.
Request messages and response messages can both contain entity information. entity information is generally composed of entity header fields and entities. The object header contains the original information about the object, object headers include Allow, Content-Base, Content-Encoding, Content-Language, Content-Length, Content-Location, Content-MD5, Content-Range, Content-Type, Etag, Expires, Last -Modified and extension-header. Extension-header allows the client to define new object headers, but these fields may not be recognized by the recipient. An object can be an encoded byte stream. Its Encoding method is defined by Content-Encoding or Content-Type. Its Length is defined by Content-Length or Content-Range.
Content-Type object header
The Content-Type object header is used to indicate the media Type of the object to the receiver, specify the object media Type sent by the HEAD Method to the receiver, or request media Type Content-Range object header sent by the GET method.
The Content-Range object header is used to specify the insertion position of a part of the entire object. It also indicates the length of the entire object. When the server returns a partial response to the customer, it must describe the response coverage and the length of the entire object. General format:
Content-Range: bytes-unitSPfirst-byte-pos-last-byte-pos/entity-Lety
For example, if an http message contains Content-Range: bytes0-500 (for example, content-Range indicates the transfer Range, and Content-Length indicates the number of bytes actually transmitted.
Last-modified Object Header
The Last-modified object header specifies the Last revision time of the content saved on the server.

Response Header aaaaaaaaaaaaaaaaaaaaaaaaa Description
Allow Which request methods (such as GET and POST) are supported by the server ).
Content-Encoding The document encoding (Encode) method. The Content Type specified by the Content-Type header can be obtained only after decoding. Gzip compression can significantly reduce the download time of HTML documents. Java GZIPOutputStream can be easily compressed by gzip, but it is supported only by Netscape on Unix and IE 4 and IE 5 on Windows. Therefore, Servlet should view the Accept-Encoding header (request. getHeader ("Accept-Encoding") checks whether the browser supports gzip, returns the gzip-compressed HTML page for a browser that supports gzip, and returns a common page for other browsers.
Content-Length Content Length. This data is required only when the browser uses a persistent HTTP connection. If you want to take advantage of persistent connections, you can write the output document to ByteArrayOutputStram, view its size, put the value in the Content-Length header, and finally use byteArrayStream. writeTo (response. content sent by getOutputStream.
Content-Type The MIME type of the subsequent documents. Servlet is text/plain by default, but it must be explicitly specified as text/html. Because Content-Type is often set, HttpServletResponse provides a dedicated method setContentTyep.
Date The current GMT time. You can use setDateHeader to set this header to avoid the trouble of converting the time format.
Expires When should I think the document has expired and no longer cache it?
Last-Modified The last modification time of the document. You can use the If-Modified-Since request header to provide a date. This request is considered as a condition GET. Only documents whose modification time is later than the specified time will be returned, otherwise, a 304 (Not Modified) status is returned. Last-Modified can also be set using the setDateHeader method.
Location Indicates where the customer should extract documents. Location is usually not set directly, but through the sendRedirect method of HttpServletResponse. This method also sets the status code to 302.
Refresh Indicates the time after which the browser should refresh the document, in seconds. In addition to refreshing the current document, you can also use setHeader ("Refresh", "5; URL = http: // host/path") to allow the browser to read the specified page.
Note that this feature is typically implemented by setting <META HTTP-EQUIV = "Refresh" CONTENT = "5; URL = http: // host/path"> In the HEAD area of the HTML page, because, automatic refresh or redirection is important for HTML writers who cannot use CGI or Servlet. However, for Servlet, it is more convenient to directly set the Refresh header.

Note that Refresh indicates "Refresh the page after N seconds or access the specified page", rather than "Refresh the page or access the specified page every N seconds ". Therefore, continuous refreshing requires that a Refresh header be sent each time, and sending the 204 status code can prevent the browser from refreshing, whether it's using the Refresh header or <META HTTP-EQUIV = "Refresh"...>.

Note that the Refresh header is not part of the official HTTP 1.1 Specification but an extension, but is supported by both Netscape and IE.

Server The name of the server. Servlet generally does not set this value, but is set by the Web server.
Set-Cookie Set the Cookie associated with the page. Servlet should not use response. setHeader ("Set-Cookie",...), but should use the dedicated method addCookie provided by HttpServletResponse. For more information about Cookie settings, see the following section.
WWW-Authenticate What type of Authorization information should the customer provide in the Authorization header? This header is required in the Response containing the 401 (Unauthorized) status row. For example, response. setHeader ("WWW-Authenticate", "BASIC realm = \" executives \"").
Note that Servlet generally does not handle this problem, but allows the Web server to control access to password-protected pages (for example,. htaccess ).

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.