MySQL injected into the Heavenly book HTTP header introduction

Source: Internet
Author: User

Background-5 HTTP Header Introduction

We can see a lot of items when we grab the bag using the grab Bag tool, and we'll explain each item in detail below.

HTTP Header Explanation

1, accept: Tell the Web server to accept what the media type, */* represents any type, type/* represents all sub-types under the type, Type/sub-type.

2. Accept-charset: The character set that the browser affirms itself to receive

Accept-encoding: The browser declares itself to receive the encoding method, usually specifies the compression method, whether compression is supported, what compression method is supported (Gzip,deflate)

Accept-language:: Browser affirms the language you receive

The difference between language and character set: Chinese is language, Chinese has many character sets, such as BIG5,GB2312,GBK and so on.

3. The Accept-ranges:web server indicates whether it accepts requests to obtain part of an entity (such as a part of a file). Bytes: Accept, none: Indicates not accepted.

4. Age: When the proxy server responds to a request with its own cached entity, it is used to indicate how long the entity has been from the time it was produced to the present.

5. Authorization: When the client receives the Www-authenticate response from the Web server, it uses the header to respond to its own authentication information to the Web server.

6, Cache-control: Request: No-cache (do not cache the entity, request now from the Web server to fetch)

Max-age: (Accept only the age value is less than the Max-age value, and there are no expired objects)

Max-stale: (Can accept past objects, but the expiration time must be less than Max-stale value)

Min-fresh: (accepts cached objects whose freshness life is greater than the sum of its current age and Min-fresh values)

Response: Public (can respond to any user with Cached content)

Private (only cached content can be used to respond to the user who previously requested the content)

No-cache (can be cached, but only after the Web server has verified that it is valid to be returned to the client)

Max-age: (The expiration time of the object contained in this response)

All:no-store (cache not allowed)

7, Connection: Request: Close (Tell the Web server or proxy server, after completing the response of this request, disconnect, do not wait for subsequent requests for this connection).

KeepAlive (tells the Web server or proxy server, after completing the response of this request, remains connected, waiting for subsequent requests for this connection).

Response: Close (the connection is closed).

KeepAlive (connection is maintained, waiting for subsequent requests for this connection).

Keep-alive: If the browser requests to remain connected, the header indicates how long (in seconds) you want the WEB server to remain connected. Example: keep-alive:300

8. The Content-encoding:web server indicates what compression method (Gzip,deflate) is used to compress the object in the response. Example: Content-encoding:gzip

9. The Content-language:web server tells the browser the language of the object it responds to.

10. The Content-length:web server tells the browser the length of the object it responds to. Example: content-length:26012

11. The Content-range:web server indicates which part of the entire object the response contains. Example: Content-range:bytes 21010-47021/47022

12. The Content-type:web server tells the browser what type of object it responds to. Example: Content-type:application/xml

13, ETag: is an object (such as the URL) of the flag value, in terms of an object, such as an HTML file, if modified, its etag will not be modified, so the role of the etag is similar to the role of last-modified, mainly for the WEB The server determines whether an object has changed. For example, when a previous request for an HTML file, the ETag was obtained, and when the file is requested, the browser will send the previously obtained ETag value to the Web server, and then the Web server will compare the ETag with the file's current etag, and then know that the file has not changed The

14. The Expired:web server indicates when the entity will expire and, for expired objects, can be used to respond to customer requests only after it has verified its validity with the Web server. It's http/1.0 's head. Example: Expires:sat, 10:02:12 GMT

15. Host: The client specifies the domain/IP address and port number of the Web server that you want to access. Example: Host:rss.sina.com.cn

16, If-match: If the object's ETag does not change, it means that the object does not change, only to perform the requested action.

17. If-none-match: If the ETag of an object changes, it also means that the object has changed to perform the requested action.

18. If-modified-since: If the requested object is modified after the time specified by the header, the requested action (such as the return object) is executed, otherwise the code 304 is returned, telling the browser that the object has not been modified. Example: If-modified-since:thu, APR 09:14:42 GMT

19. If-unmodified-since: If the requested object is not modified after the time specified in the header, the requested action (such as returning an object) is performed.

20. If-range: The browser tells the WEB server that if the object I requested does not change, give me the missing part, and if the object changes, give me the whole object. The browser can tell the WEB server whether the object has changed by sending the ETag of the requested object or the last modification time it knows. Always used with the Range header.

21, the Last-modified:web server considers the last modification time of the object, such as the last modification time of the file, the last generation time of the dynamic page, etc. For example: Last-modified:tue, May 02:42:43 GMT

22. The Location:web server tells the browser that the object you are trying to access has been moved to a different location to fetch it at the location specified by the header. Example: Location:http://i0.sinaimg.cn/dy/deco/2008/0528/sinahome_0803_ws_005_text_0.gif

23, Pramga: The main use of pramga:no-cache, equivalent to Cache-control:no-cache. Example: Pragma:no-cache

24. Proxy-authenticate: The proxy server responds to the browser and requires it to provide proxy authentication information. Proxy-authorization: The browser responds to the proxy server's authentication request and provides its own identity information.

25. Range: The browser (such as Flashget multi-threaded download) tells the WEB server what part of the object you want to take. Example: range:bytes=1173546-

26. Referer: The browser indicates to the Web server which page/url obtained/clicked on the URL/url in the current request. Example: referer:http://www.sina.com/

27, Server:web server indicates what software and version of the information. Example: server:apache/2.0.61 (Unix)

28. User-agent: The browser indicates its identity (which browser). For example: user-agent:mozilla/5.0 (Windows; U Windows NT 5.1; ZH-CN; rv:1.8.1.14) gecko/20080404 firefox/2, 0, 0, 14

29. Transfer-encoding:web server indicates how to encode the response message body (not the object inside the message body), such as whether it is chunked (chunked). Example: transfer-encoding:chunked

30. The Vary:web server uses the contents of the header to tell the Cache server under what conditions the object returned by this response responds to subsequent requests. If the source Web server receives the first request message, the header of its response message is: Content-encoding:gzip; Vary:content-encoding then the cache server parses the header of the subsequent request message and checks if its accept-encoding is consistent with the Vary header value of the previous response, that is, whether the same content encoding method is used, which prevents the cache The server responds to the compressed entity in its own Cache to a browser that does not have the ability to decompress. Example: vary:accept-encoding

31. Via: Lists the proxies from the client to the OCS or in the opposite direction, and what protocol (and version) they are using to send the request. When the client request arrives at the first proxy server, the server adds via header in its own request and fills in its own information, and when the next proxy receives a request from the first proxy server, it copies the Via header of the request from the previous proxy server in its own request. and add their own information to the back, and so on, when OCS receives the last Proxy server request, check Via header, know the route that the request passes. Example: via:1.0 236.d0707195.sina.com.cn:80 (SQUID/2.6.STABLE13)

Recommended Use tools

In the process of grasping and changing the package, we recommend several related tools

Live HTTP headers (Firefox plugin)

Tamper data (Firefox plugin)

MySQL injected into the Heavenly book HTTP header introduction

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.