30:
349:(LF) character sequence. The end of the header section is indicated by an empty field line, resulting in the transmission of two consecutive CR-LF pairs. In the past, long lines could be folded into multiple lines; continuation lines are indicated by the presence of a space (SP) or horizontal tab (HT) as the first character on the next line. This folding was deprecated in RFC 7230.
3791:
using If-Modified-Since, If-Unmodified-Since, If-Match, If-None-Match attributes mentioned above). Sending a no-cache value thus instructs a browser or proxy to not use the cache contents merely based on "freshness criteria" of the cache content. Another common way to prevent old content from being shown to the user without validation is
1938:
Requests a web application to override the method specified in the request (typically POST) with the method given in the header field (typically PUT or DELETE). This can be used when a user agent or firewall prevents PUT or DELETE methods from being sent directly (this is either a bug in the software
3805:
The request that a resource should not be cached is no guarantee that it will not be written to disk. In particular, the HTTP/1.1 definition draws a distinction between history stores and caches. If the user navigates back to a previous page a browser may still show you a page that has been stored
3790:
HTTP version 1.0 header field value to a time earlier than the response time. Notice that no-cache is not instructing the browser or proxies about whether or not to cache the content. It just tells the browser and proxies to validate the cache content with the server before using it (this is done by
484:
The standard imposes no limits to the size of each header field name or value, or to the number of fields. However, most servers, clients, and proxy software impose some limits for practical and security reasons. For example, the Apache 2.3 server by default limits the size of each field to 8,190
3786:(intermediate proxies) must not use the response to satisfy subsequent requests without first checking with the originating server (this process is called validation). This header field is part of HTTP version 1.1, and is ignored by some caches and browsers. It may be simulated by setting the
1907:
for identifying the originating protocol of an HTTP request, since a reverse proxy (or a load balancer) may communicate with a web server using HTTP even if the request to the reverse proxy is HTTPS. An alternative form of the header (X-ProxyUser-Ip) is used by Google clients talking to Google
336:
In HTTP version 1.x, header fields are transmitted after the request line (in case of a request HTTP message) or the response line (in case of a response HTTP message), which is the first line of a message. Header fields are colon-separated key-value pairs in clear-text
1488:
This is the address of the previous web page from which a link to the currently requested page was followed. (The word "referrer" has been misspelled in the RFC as well as in most implementations to the point that it has become standard usage and is considered correct
3806:
on disk in the history store. This is correct behavior according to the specification. Many user agents show different behavior in loading pages from the history store or cache depending on whether the protocol is HTTP or HTTPS.
2845:. However, P3P did not take off, most browsers have never fully implemented it, a lot of websites set this field with fake policy text, that was enough to fool browsers the existence of P3P policy and grant permissions for
371:
frames using HPACK (HTTP/2) or QPACK (HTTP/3), which both provide efficient header compression. The request or response line from HTTP/1 has also been replaced by several pseudo-header fields, each beginning with a colon
1177:
Only perform the action if the client supplied entity matches the same entity on the server. This is mainly for methods like PUT to only update a resource if it has not been modified since the user last updated
3813:
HTTP/1.1 header field is also intended for use in requests made by the client. It is a means for the browser to tell the server and any intermediate caches that it wants a fresh version of the resource. The
6216:
6159:
3146:"!" β under construction "?" β dynamic "G" β gateway to multiple parties "N" β not tracking "T" β tracking "C" β tracking with consent "P" β tracking only if consented "D" β disregarding DNT "U" β updated
2060:
The Save-Data client hint request header available in Chrome, Opera, and Yandex browsers lets developers deliver lighter, faster applications to users who opt-in to data saving mode in their browser.
4986:
1981:
Implemented as a misunderstanding of the HTTP specifications. Common because of mistakes in implementations of early HTTP versions. Has exactly the same functionality as standard
Connection field.
2301:
A server uses "Alt-Svc" header (meaning
Alternative Services) to indicate that its resources can also be accessed at a different network location (host or port) or using a different protocol
1965:
Links to an XML file on the
Internet with a full description and details about the device currently connecting. In the example to the right is an XML file for an AT&T Samsung Galaxy S2.
3818:
header field, defined in the HTTP/1.0 spec, has the same purpose. It, however, is only defined for the request header. Its meaning in a response header is not specified. The behavior of
3636:
Provide the duration of the audio or video in seconds. Not supported by current browsers β the header was only supported by Gecko browsers, from which support was removed in 2015.
2377:
An opportunity to raise a "File
Download" dialogue box for a known MIME type with binary format or suggest a filename for dynamic content. Quotes are necessary with special characters.
1148:
header field is a connection-specific header field that includes parameters that govern the HTTP/2 connection, provided in anticipation of the server accepting the request to upgrade.
1514:
The transfer encodings the user agent is willing to accept: the same values as for the response header field
Transfer-Encoding can be used, plus the "trailers" value (related to the "
3822:
in a response is implementation specific. While some user agents do pay attention to this field in responses, the HTTP/1.1 RFC specifically warns against relying on this behavior.
6045:
For meta elements with an http-equiv attribute in the X-UA-Compatible state, the content attribute must have a value that is an ASCII case-insensitive match for the string
3195:
Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server.
1757:
Tells a server which (presumably in the middle of a HTTP -> HTTPS migration) hosts mixed content that the client would prefer redirection to HTTPS and can handle
3518:. Header introduced by Netscape in 1995 and became a de facto standard supported by most web browsers. Eventually standardized in the HTML Living Standard in 2017.
432:
but this convention was deprecated in June 2012 because of the inconveniences it caused when non-standard fields became standard. An earlier restriction on use of
1878:
HTTP request header, since the host name and/or port of the reverse proxy (load balancer) may differ from the origin server handling the request. Superseded by
2968:
If an entity is temporarily unavailable, this instructs the client to try again later. Value could be a specified period of time (in seconds) or a HTTP-date.
6236:
4714:
6220:
6163:
5864:
4207:
4870:
2077:) request header indicates whether the user consents to a website or service selling or sharing their personal information with third parties.
6344:
5963:
1845:
for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer. Superseded by
4762:
5036:
3725:
Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content. Also used to activate
6326:
1800:
Requests a web application to disable their tracking of a user. This is
Mozilla's version of the X-Do-Not-Track header field (since
3079:
The
Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with
1553:
The
Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with
1518:" transfer method) to notify the server it expects to receive additional fields in the trailer after the last, zero-sized, chunk.
459:. For example, a browser may indicate that it accepts information in German or English, with German as preferred by setting the
419:
Header field names are case-insensitive. This is in contrast to HTTP method names (GET, POST, etc.), which are case-sensitive.
6260:
5800:
5066:
5011:
1939:
component, which ought to be fixed, or an intentional configuration, in which case bypassing it may be the wrong thing to do).
6028:
308:
by the server and client applications. They define how information sent/received through the connection are encoded (as in
3507:
6062:
413:
5912:
3061:
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
1069:
6182:
409:
405:
3802:
is intended to instruct a browser application to make a best effort not to write it to disk (i.e not to cache it).
1096:
320:) or their anonymity thereof (VPN or proxy masking, user-agent spoofing), how the server should handle data (as in
4849:
1952:
Allows easier parsing of the MakeModel/Firmware that is usually found in the User-Agent String of AT&T Devices
6349:
3670:
Specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application (version details are often in
385:
6006:
5839:
2324:
Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds
4943:
4896:
3056:
2693:
Gives the date/time after which the response is considered stale (in "HTTP-date" format as defined by RFC 9110)
276:
5499:
444:
A few fields can contain comments (i.e. in User-Agent, Server, Via fields), which can be ignored by software.
3614:
response header specifies origins that are allowed to see values of attributes retrieved via features of the
2162:
1341:
693:
401:
2853:
P3P: CP="This is not a P3P policy! See https://en.wikipedia.org/Special:CentralAutoLogin/P3P for more info."
1265:
If the entity is unchanged, send me the part(s) that I am missing; otherwise, send me the entire new entity.
309:
219:
2768:
Used to express a typed relationship with another resource, where the relation type is defined by RFC 5988
4693:
721:
214:
4827:
4211:
3144:
Tracking Status header, value suggested to be sent in response to a DNT(do-not-track), possible values:
6145:
4551:
4111:
3615:
3597:
of the HTTP response. Normal HTTP responses use a separate "Status-Line" instead, defined by RFC 9110.
2892:
Indicates which Prefer tokens were honored by the server and applied to the processing of the request.
2867:
Implementation-specific fields that may have various effects anywhere along the request-response chain.
2019:
1373:
Implementation-specific fields that may have various effects anywhere along the request-response chain.
1100:
39:
6237:"Why does ASP.NET framework add the 'X-Powered-By:ASP.NET' HTTP Header in responses? - Stack Overflow"
6202:
5679:
4874:
4748:
360:
3841:
3113:
1813:
1587:
1515:
338:
293:
164:
5622:
5449:
5396:
5343:
5290:
5220:
4463:
4097:
3972:
1400:
Allows client to request that certain behaviors be employed by a server while processing a request.
5116:
3590:
3388:
2940:
2074:
250:
5194:"Save Data API Living Document Draft Community Group Report 2.1.1. Save-Data Request Header Field"
5193:
296:
sent and received by both the client program and server on every HTTP request and response. These
5704:
4784:
3371:
3080:
2936:
1812:
also have support for this field. On March 7, 2011, a draft proposal was submitted to IETF. The
1554:
1105:
Mandatory since HTTP/1.1. If the request is generated directly in HTTP/2, it should not be used.
791:
245:
5636:
5955:
5546:
5500:
Indicate the canonical version of a URL by responding with the Link rel="canonical" HTTP header
5040:
4965:"Checking known AT&T, Verizon, Sprint, Bell Canada & Vodacom Unique Identifier beacons"
4170:
3493:
Permissions-Policy: fullscreen=(), camera=(), microphone=(), geolocation=(), interest-cohort=()
1998:
240:
4653:
4576:
4514:
4345:
4293:
4133:
3861:
3795:. This instructs the user agent that the content is stale and should be validated before use.
2743:
The last modified date for the requested object (in "HTTP-date" format as defined by RFC 9110)
5609:
5436:
5383:
5330:
5277:
4450:
4084:
3959:
3831:
305:
235:
6083:
5463:
4616:
4477:
4023:
3986:
2947:
Public-Key-Pins: max-age=2592000; pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=";
1036:
Disclose original information of a client connecting to a web server through an HTTP proxy.
6103:
5566:
5483:
4636:
4596:
4534:
4497:
4405:
4385:
4365:
4313:
4190:
4153:
4043:
4006:
3914:
3881:
3754:
2045:
Correlates HTTP requests between a client and server. Superseded by the traceparent header
1805:
1778:
982:
The date and time at which the message was originated (in "HTTP-date" format as defined by
6327:
Internet
Explorer and Custom HTTP Headers - EricLaw's IEInternals - Site Home - MSDN Blogs
6155:
5985:
5044:
2613:
The date and time that the message was sent (in "HTTP-date" format as defined by RFC 9110)
8:
5933:
5143:
4735:
1809:
660:
552:
456:
5091:
4918:
4679:
3653:
from MIME-sniffing a response away from the declared content-type. This also applies to
6212:
5886:
5258:
4940:"Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls"
4939:
3285:
Indicates the authentication scheme that should be used to access the requested entity.
2846:
1774:
428:
Non-standard header fields were conventionally marked by prefixing the field name with
297:
269:
6208:"Why does ASP.NET framework add the 'X-Powered-By:ASP.NET' HTTP Header in responses?"
3650:
2465:
2122:
1901:
1868:
1839:
1801:
1621:
845:
5262:
416:. Additional field names and permissible values may be defined by each application.
6093:
5588:
5556:
5473:
5415:
5362:
5309:
5250:
4626:
4586:
4524:
4487:
4431:
4395:
4355:
4303:
4244:
4180:
4143:
4065:
4033:
3996:
3940:
3904:
3871:
3296:
3267:
3242:
3217:
3181:
3130:
3109:
3094:
3045:
3017:
2992:
2954:
2922:
2878:
2821:
2779:
2754:
2729:
2704:
2679:
2649:
2624:
2599:
2570:
2537:
2504:
2479:
2450:
2439:
The natural language or languages of the intended audience for the enclosed content
2425:
2411:
2388:
2363:
2349:
Control options for the current connection and list of hop-by-hop response fields.
2335:
2287:
2259:
2230:
2202:
2177:
2135:
2002:
1970:
1715:
1690:
1665:
1635:
1604:
1583:
1568:
1539:
1500:
1465:
1436:
1411:
1386:
1359:
1326:
1315:
Limit the number of times the message can be forwarded through proxies or gateways.
1301:
1276:
1251:
1218:
1189:
1159:
1122:
1077:
1050:
1022:
997:
964:
929:
892:
859:
830:
816:
801:
766:
735:
674:
645:
631:
616:
591:
566:
534:
389:
44:
1103:
number may be omitted if the port is the standard port for the service requested.
780:
Control options for the current connection and list of hop-by-hop request fields.
6120:
5246:
2796:
1833:
1290:
Only send the response if the entity has not been modified since a specific time.
1092:
342:
313:
155:
6315:
6308:
6301:
6294:
6287:
6280:
6273:
6266:
6106:
6087:
5826:
5569:
5550:
5486:
5467:
5358:
4639:
4620:
4599:
4580:
4537:
4518:
4500:
4481:
4408:
4389:
4368:
4349:
4316:
4297:
4238:
4193:
4174:
4156:
4137:
4046:
4027:
4009:
3990:
3917:
3898:
3884:
3865:
3300:
3275:
3271:
3246:
3221:
3185:
3134:
3098:
3049:
3021:
2996:
2958:
2926:
2882:
2825:
2783:
2758:
2733:
2708:
2683:
2653:
2628:
2603:
2574:
2549:
2545:
2541:
2508:
2483:
2454:
2429:
2400:
2396:
2392:
2367:
2339:
2291:
2263:
2234:
2206:
2181:
2139:
1723:
1719:
1694:
1669:
1639:
1628:
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0
1608:
1572:
1543:
1504:
1469:
1440:
1415:
1390:
1363:
1330:
1305:
1280:
1255:
1222:
1193:
1167:
1163:
1130:
1126:
1081:
1054:
1026:
1001:
983:
972:
968:
933:
904:
900:
896:
863:
834:
805:
770:
739:
678:
649:
620:
595:
570:
538:
397:
393:
4423:
3162:
2666:
1646:
3618:, which would otherwise be reported as zero due to cross-origin restrictions.
6338:
5775:"Define the HTTP Refresh header by annevk Β· Pull Request #2892 Β· whatwg/html"
4919:"The Proxy-Connection: header is a mistake in how some web browsers use HTTP"
3654:
2790:
2319:
746:
262:
140:
5730:
5524:
6215:
at Stack
Exchange, which is licensed in a way that permits reuse under the
6158:
at Stack Exchange, which is licensed in a way that permits reuse under the
5774:
3726:
3503:
3310:
2217:
1925:
Non-standard header field used by Microsoft applications and load-balancers
1795:
1476:
1451:
321:
150:
145:
112:
107:
102:
97:
92:
82:
77:
72:
63:
6007:"Defining Document Compatibility: Specifying Document Compatibility Modes"
4806:
4715:"Web Tracking Protection: Minimum Standards and Opportunities to Innovate"
3594:
3032:
2245:
1140:
A request that upgrades from HTTP/1.1 to HTTP/2 MUST include exactly one
944:
452:
130:
87:
3524:
6321:
6150:
6029:"HTML Living Standard 4.2.5.3 Pragma directives, X-UA-Compatible state"
5168:
3783:
3695:
Specifies the component that is responsible for a particular redirect.
1615:
915:
548:
485:
bytes, and there can be at most 100 header fields in a single request.
317:
6207:
5887:"Clean up duration tracking and use mirroring for cross-thread access"
5584:
5305:
3932:
1011:
Indicates that particular server behaviors are required by the client.
6124:
6098:
5593:
5561:
5478:
5420:
5411:
5367:
5314:
5254:
5070:
4631:
4591:
4529:
4492:
4435:
4400:
4360:
4308:
4249:
4185:
4148:
4069:
4061:
4038:
4001:
3944:
3909:
3876:
3836:
3108:
The form of encoding used to safely transfer the entity to the user.
2660:
2585:
1582:
The form of encoding used to safely transfer the entity to the user.
1237:
755:
be obeyed by all caching mechanisms along the request-response chain.
346:
325:
135:
4507:
3536:
Instructs the user agent to store reporting endpoints for an origin.
312:), the session verification and identification of the client (as in
301:
198:
193:
188:
183:
178:
173:
4964:
4807:"How do I adjust my SSL site to work with GeekISP's loadbalancer?"
3867:
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
3231:
Informs the client of proxies through which the response was sent.
3396:
1874:
for identifying the original host requested by the client in the
1679:
Informs the server of proxies through which the request was sent.
1530:
1450:
Request only part of an entity. Bytes are numbered from 0. See
5144:"Correlation IDs for microservices architectures - Peter Hilton"
2303:
When using HTTP/2, servers should instead send an ALTSVC frame.
5015:
4059:
3256:
A general warning about possible problems with the entity body.
2519:
1816:
Tracking Protection Working Group is producing a specification.
1704:
A general warning about possible problems with the entity body.
874:
425:
makes some restrictions on specific header fields (see below).
422:
356:
352:
4269:
3489:
To allow or disable different features or APIs of the browser.
3065:
Strict-Transport-Security: max-age=16070400; includeSubDomains
4828:"Helping to Secure Communication: Client to Front-End Server"
4391:
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
918:
of the body of the request (used with POST and PUT requests).
49:
6217:
Creative Commons Attribution-ShareAlike 3.0 Unported License
6160:
Creative Commons Attribution-ShareAlike 3.0 Unported License
5657:
4987:"Verizon, AT&T tracking their users with 'supercookies'"
2665:
An identifier for a specific version of a resource, often a
29:
4427:
3936:
2191:
Specifies which patch document formats this server supports
984:
RFC 9110: HTTP Semantics, section 5.6.7 "Date/Time Formats"
54:
21:
4782:
4736:
Do Not Track: A Universal Third-Party Web Tracking Opt Out
4654:"Upgrade Insecure Requests - W3C Candidate Recommendation"
2216:
What partial content range types this server supports via
5752:
2838:
2832:
2559:
Where in a full body message this partial message belongs
2523:
2273:
Valid methods for a specified resource. To be used for a
1481:
878:
5512:
5356:
5303:
2638:
Specifies the delta-encoding entity tag of the response.
5357:
Nottingham, M.; McManus, P.; Reschke, J. (April 2016).
5304:
Nottingham, M.; McManus, P.; Reschke, J. (April 2016).
1429:
Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
5067:"Angular Cross Site Request Forgery (XSRF) Protection"
3712:
Correlates HTTP requests between a client and server.
3345:
4340:
4338:
4336:
4334:
4332:
4330:
4328:
4326:
4288:
4286:
3510:
to a different URL, after a given number of seconds (
2381:
Content-Disposition: attachment; filename="fname.ext"
1733:
659:
List of acceptable human languages for response. See
3174:
Upgrade: h2c, HTTPS/1.3, IRC/6.9, RTA/x11, websocket
3103:
1658:
Upgrade: h2c, HTTPS/1.3, IRC/6.9, RTA/x11, websocket
1425:
Authorization credentials for connecting to a proxy.
1345:
1040:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43
328:) of the document being downloaded, amongst others.
3280:
3038:
Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1
2405:
2308:
Alt-Svc: http/1.1="http2.example.com:8001"; ma=7200
5934:"Hosting - Google Chrome Extensions - Google Code"
4763:"SquidFaq/ConfiguringSquid - Squid Web Proxy Wiki"
4323:
4283:
3716:X-Request-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5
2144:
2051:X-Request-ID: f058ebd6-02f7-4d3f-942e-904344e8cde5
1759:Content-Security-Policy: upgrade-insecure-requests
1294:If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT
810:
523:Acceptable instance-manipulations for the request.
6177:
6175:
5947:
4380:
4378:
3729:in Internet Explorer. In HTML Standard, only the
2459:
1244:If-None-Match: "737060cd8c284d8af7ad3082f209582d"
1064:The email address of the user making the request.
728:Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
6336:
6322:HTTP/1.1 headers from a web server point of view
5493:
5218:
4916:
4850:"OpenSocial Core API Server Specification 2.5.1"
4421:
4060:Internet Engineering Task Force (June 1, 2012).
3395:Expect-CT: max-age=604800, enforce, report-uri="
2554:
2211:
1971:http://wap.samsungmobile.com/uaprof/SGH-I777.xml
1211:If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
839:
683:
324:), the age (the time it has resided in a shared
3167:Ask the client to upgrade to another protocol.
2806:Location: http://www.w3.org/pub/WWW/People.html
2718:Instance-manipulations applied to the response.
2579:
2186:
2005:; also known as "perma-cookie" or "supercookie"
1651:Ask the server to upgrade to another protocol.
922:Content-Type: application/x-www-form-urlencoded
6229:
6172:
5244:
5037:"Django Cross Site Request Forgery protection"
4804:
4611:
4609:
4582:Hypertext Transfer Protocol Version 2 (HTTP/2)
4375:
2161:Specifying which web sites can participate in
2033:X-Csrf-Token: i8XNjC4b8KVok4uw5RftR38Wgp2BFwql
909:
609:Accept-Datetime: Thu, 31 May 2007 20:35:00 GMT
6261:Headers: Permanent Message Header Field Names
6121:"How to prevent caching in Internet Explorer"
6060:
5910:
4760:
3768:
1857:X-Forwarded-For: 129.78.138.66, 129.78.64.103
1785:); also identifies Android apps using WebView
1352:Origin: http://www.example-social-network.com
1099:number on which the server is listening. The
551:that is/are acceptable for the response. See
270:
5953:
4785:"mod_proxy - Apache HTTP Server Version 2.2"
3649:The only defined value, "nosniff", prevents
2747:Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
1613:
1269:If-Range: "737060cd8c284d8af7ad3082f209582d"
1236:to be returned if content is unchanged, see
1182:If-Match: "737060cd8c284d8af7ad3082f209582d"
1043:Forwarded: for=192.0.2.43, for=198.51.100.17
384:A core set of fields is standardized by the
5582:
5012:"SAP Cross-Site Request Forgery Protection"
4606:
3930:
3235:Via: 1.0 fred, 1.1 example.com (Apache/1.1)
2911:Request authentication to access the proxy.
2799:, or when a new resource has been created.
2493:An alternate location for the returned data
2410:The type of encoding used on the data. See
2093:
1683:Via: 1.0 fred, 1.1 example.com (Apache/1.1)
815:The type of encoding used on the data. See
4680:"The "X-Requested-With" Header β Stoutner"
4233:
4231:
4229:
3408:Used to configure network request logging.
3074:
2981:Retry-After: Fri, 07 Nov 2014 23:59:59 GMT
1493:Referer: http://en.wikipedia.org/Main_Page
697:
493:
277:
263:
6097:
5592:
5560:
5477:
5419:
5366:
5313:
4984:
4630:
4590:
4528:
4491:
4399:
4359:
4307:
4248:
4184:
4147:
4037:
4000:
3908:
3875:
2896:Preference-Applied: return=representation
949:
447:Many field values may contain a quality (
4694:"Try out the "Do Not Track" HTTP header"
4424:"Forwarded HTTP Extension: Introduction"
4422:Petersson, A.; Nilsson, M. (June 2014).
2939:, announces hash of website's authentic
2672:ETag: "737060cd8c284d8af7ad3082f209582d"
2195:Accept-Patch: text/example;charset=utf-8
2001:of a unique ID identifying customers of
1853:X-Forwarded-For: client1, proxy1, proxy2
1335:
543:
363:, where headers are encoded in a single
6183:"What is the X-REQUEST-ID http header?"
6151:"What is the X-REQUEST-ID http header?"
6113:
5525:"Public Key Pinning Extension for HTTP"
5409:
4264:
4262:
4260:
4226:
3516:or when a new resource has been created
3329:- non-standard, allow from any location
3027:
1886:X-Forwarded-Host: en.wikipedia.org:8080
1445:
1207:to be returned if content is unchanged.
881:sum of the content of the request body.
410:Repository of Provisional Registrations
6337:
6269:: IETF HTTP State Management Mechanism
6223:. All relevant terms must be followed.
6166:. All relevant terms must be followed.
6063:"IE8 Security Part IV: The XSS Filter"
5954:van Kesteren, Anne (August 26, 2016).
5359:"HTTP Alternative Services, section 3"
5198:Web Platform Incubator Community Group
5141:
3933:"HPACK: Header Compression for HTTP/2"
3924:
3891:
2697:Expires: Thu, 01 Dec 1994 16:00:00 GMT
2592:Content-Type: text/html; charset=utf-8
2563:Content-Range: bytes 21010-47021/47022
1086:
5913:"IE8 Security Part VI: Beta 2 Update"
3525:http://www.w3.org/pub/WWW/People.html
3116:, compress, deflate, gzip, identity.
2530:Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==
1590:, compress, deflate, gzip, identity.
1377:
885:Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==
475:Accept-Language: de; q=1.0, en; q=0.5
5986:"X-Redirect-By HTTP response header"
5966:from the original on August 26, 2016
4749:Tracking Preference Expression (DNT)
4257:
3626:Timing-Allow-Origin: <origin>*
2772:Link: </feed>; rel="alternate"
1509:
6345:Hypertext Transfer Protocol headers
6235:
6181:
5911:Eric Lawrence (September 3, 2008).
5865:"Configuring servers for Ogg media"
5585:"HTTP Header Field X-Frame-Options"
4917:de Boyne Pollard, Jonathan (2007).
4346:"Connection-Specific Header Fields"
3773:
3428:"name_of_reporting_group"
3346:Common non-standard response fields
3321:- no rendering if origin mismatch,
2617:Date: Tue, 15 Nov 1994 08:12:31 GMT
2464:The length of the response body in
1956:X-Att-Deviceid: GT-P7320/P7320XXLPG
1091:The domain name of the server (for
990:Date: Tue, 15 Nov 1994 08:12:31 GMT
947:previously sent by the server with
580:Character sets that are acceptable.
13:
5219:MDN contributors (March 3, 2023).
4210:. Httpd.apache.org. Archived from
3931:Peon, R.; Ruellan, H. (May 2015).
3260:Warning: 199 Miscellaneous warning
2526:sum of the content of the response
2088:
1890:X-Forwarded-Host: en.wikipedia.org
1734:Common non-standard request fields
1708:Warning: 199 Miscellaneous warning
844:The length of the request body in
704:Access-Control-Request-Method: GET
654:
630:List of acceptable encodings. See
625:
600:
14:
6361:
6254:
6205:, this article uses content from
6148:, this article uses content from
5637:"Content Security Policy Level 2"
5245:Dusseault, L.; Snell, J. (2010).
4805:Dave Steinberg (April 10, 2007).
3325:- allow from specified location,
2244:The age the object has been in a
2149:Access-Control-Allow-Credentials,
2041:X-Correlation-ID, Correlation-ID
1768:
488:
331:
199:451 Unavailable for Legal Reasons
4783:The Apache Software Foundation.
3378:X-WebKit-CSP: default-src 'self'
3305:
2022:. Alternative header names are:
1789:X-Requested-With: XMLHttpRequest
751:Used to specify directives that
455:, specifying a weight to use in
28:
6076:
6054:
6021:
5999:
5978:
5926:
5904:
5879:
5857:
5832:
5819:
5793:
5767:
5745:
5723:
5697:
5672:
5650:
5629:
5576:
5555:. June 2022. sec. 10.2.3.
5539:
5517:
5505:
5456:
5403:
5350:
5297:
5238:
5212:
5186:
5161:
5142:Hilton, Peter (July 12, 2017).
5135:
5109:
5084:
5059:
5029:
5004:
4978:
4957:
4932:
4910:
4889:
4863:
4842:
4820:
4798:
4776:
4754:
4741:
4728:
4707:
4686:
4672:
4646:
4569:
4544:
4470:
4415:
4270:"Cross-Origin Resource Sharing"
4200:
4179:. June 2022. sec. 12.4.2.
3761:X-XSS-Protection: 1; mode=block
3709:X-Request-ID, X-Correlation-ID
3661:X-Content-Type-Options: nosniff
3539:
3411:
3317:- no rendering within a frame,
720:Authentication credentials for
439:
386:Internet Engineering Task Force
207:Security access control methods
6061:Eric Lawrence (July 2, 2008).
5583:Ross, D.; Gondrom, T. (2013).
5117:"The Value of Correlation IDs"
4944:Electronic Frontier Foundation
4761:Amos Jeffries (July 2, 2010).
4523:. June 2022. sec. 8.3.1.
4515:"Request Pseudo-Header Fields"
4354:. June 2022. sec. 8.2.2.
4302:. June 2022. sec. 7.6.1.
4163:
4142:. June 2022. sec. 5.6.5.
4126:
4104:
4053:
4016:
3979:
3870:. June 2014. sec. 3.2.4.
3854:
3778:If a web server responds with
3741:X-UA-Compatible: IE=EmulateIE7
3657:, when downloading extensions.
3446:"include_subdomains"
3397:https://example.example/report
3118:Must not be used with HTTP/2.
2837:This field is supposed to set
2812:Location: /pub/WWW/People.html
2351:Must not be used with HTTP/2.
2168:Access-Control-Allow-Origin: *
2151:Access-Control-Expose-Headers,
1983:Must not be used with HTTP/2.
1943:X-HTTP-Method-Override: DELETE
1781:send this field with value of
1592:Must not be used with HTTP/2.
957:Cookie: $ Version=1; Skin=new;
782:Must not be used with HTTP/2.
688:Access-Control-Request-Headers
686:Access-Control-Request-Method,
638:Accept-Encoding: gzip, deflate
479:
451:) key-value pair separated by
379:
1:
4577:"HTTP2-Settings Header Field"
3847:
3665:
2163:cross-origin resource sharing
2155:Access-Control-Allow-Methods,
1404:Prefer: return=representation
1342:cross-origin resource sharing
694:cross-origin resource sharing
300:are usually invisible to the
6092:. June 2022. sec. 5.4.
5472:. June 2022. sec. 8.5.
4625:. June 2022. sec. 5.5.
4486:. June 2022. sec. 7.2.
4032:. June 2022. sec. 9.1.
3995:. June 2022. sec. 5.1.
3782:then a web browser or other
3593:header field specifying the
3470:"failure_fraction"
3458:"success_fraction"
3387:Notify to prefer to enforce
2843:P3P:CP="your_compact_policy"
2497:Content-Location: /index.htm
2157:Access-Control-Allow-Headers
2147:Access-Control-Allow-Origin,
1988:Proxy-Connection: keep-alive
1764:Upgrade-Insecure-Requests: 1
1653:Must not be used in HTTP/2.
220:Digest access authentication
7:
5306:"HTTP Alternative Services"
4208:"core - Apache HTTP Server"
3825:
3169:Must not be used in HTTP/2
3010:Server: Apache/2.4.1 (Unix)
2328:Cache-Control: max-age=3600
1110:Host: en.wikipedia.org:8080
605:Acceptable version in time.
436:was lifted in March 2013.
215:Basic access authentication
10:
6366:
6311:: Forwarded HTTP Extension
4394:. June 2014. sec. B.
3769:Effects of selected fields
3640:X-Content-Duration: 42.666
3497:
3366:X-Content-Security-Policy,
3123:Transfer-Encoding: chunked
2688:
2020:cross-site request forgery
1597:Transfer-Encoding: chunked
304:and are only processed or
5844:Mozilla Developer Network
5805:Mozilla Developer Network
5709:Mozilla Developer Network
5684:Mozilla Developer Network
5658:"Content Security Policy"
4114:. Iana.org. June 11, 2014
3842:List of HTTP status codes
3745:X-UA-Compatible: Chrome=1
3110:Currently defined methods
3057:Strict-Transport-Security
2915:Proxy-Authenticate: Basic
1753:Upgrade-Insecure-Requests
1584:Currently defined methods
1108:
6318:: Prefer Header for HTTP
3793:Cache-Control: max-age=0
3737:X-UA-Compatible: IE=edge
3699:X-Redirect-By: WordPress
3556:"csp-endpoint"
3389:Certificate Transparency
3364:Content-Security-Policy,
2094:Standard response fields
1916:X-Forwarded-Proto: https
1827:(Do Not Track Disabled)
1773:Mainly used to identify
1524:is supported in HTTP/2.
1340:Initiates a request for
692:Initiates a request for
341:format, terminated by a
251:HTTP parameter pollution
228:Security vulnerabilities
4386:"Changes from RFC 2616"
3811:Cache-Control: no-cache
3800:Cache-Control: no-store
3780:Cache-Control: no-cache
3703:X-Redirect-By: Polylang
3686:X-Powered-By: PHP/5.4.0
3372:Content Security Policy
3289:WWW-Authenticate: Basic
3081:chunked transfer coding
2937:HTTP Public Key Pinning
2841:policy, in the form of
2153:Access-Control-Max-Age,
2128:Accept-CH: UA, Platform
1908:servers. Superseded by
1822:(Do Not Track Enabled)
1555:chunked transfer coding
1152:HTTP2-Settings: token64
759:Cache-Control: no-cache
494:Standard request fields
246:HTTP response splitting
6350:Internet-related lists
5617:Cite journal requires
5444:Cite journal requires
5391:Cite journal requires
5338:Cite journal requires
5285:Cite journal requires
5041:Django (web framework)
4458:Cite journal requires
4092:Cite journal requires
3967:Cite journal requires
3646:X-Content-Type-Options
3622:Timing-Allow-Origin: *
3514:meaning immediately);
2931:
2418:Content-Encoding: gzip
2275:405 Method not allowed
2075:Global Privacy Control
1999:deep packet inspection
1935:X-Http-Method-Override
1114:Host: en.wikipedia.org
823:Content-Encoding: gzip
787:Connection: keep-alive
667:Accept-Language: en-US
412:are maintained by the
241:HTTP request smuggling
5840:"Timing-Allow-Origin"
5502:Retrieved: 2012-02-09
4478:"Host and :authority"
3832:HTTP header injection
3574:"endpoints"
3502:Tells the browser to
3422:"report_to"
3333:X-Frame-Options: deny
3208:Vary: Accept-Language
3087:Trailer: Max-Forwards
3006:A name for the server
1779:JavaScript frameworks
1561:Trailer: Max-Forwards
584:Accept-Charset: utf-8
236:HTTP header injection
174:301 Moved Permanently
165:Response status codes
6219:, but not under the
6162:, but not under the
6127:. September 22, 2011
5731:"Permissions Policy"
5410:Reschke, J. (2011).
5096:devcenter.heroku.com
4877:on February 16, 2012
3755:Cross-site scripting
3607:Timing-Allow-Origin
3069:Permanent: standard
3042:Permanent: standard
2701:Permanent: standard
2443:Content-Language: da
2223:Accept-Ranges: bytes
1458:Range: bytes=500-999
1356:Permanent: standard
1015:Expect: 100-continue
961:Permanent: standard
467:higher than that of
5169:"W3C Trace Context"
5123:. December 23, 2016
5047:on January 20, 2015
4991:The Washington Post
4585:. sec. 3.2.1.
4294:"Connection header"
4024:"Methods: Overview"
3616:Resource Timing API
3612:Timing-Allow-Origin
3562:"max_age"
3434:"max_age"
2889:Preference-Applied
2847:third party cookies
2472:Content-Length: 348
2374:Content-Disposition
2173:Permanent: standard
1929:Front-End-Https: on
1422:Proxy-Authorization
1287:If-Unmodified-Since
852:Content-Length: 348
792:Connection: Upgrade
722:HTTP authentication
709:Permanent: standard
661:Content negotiation
553:Content negotiation
499:
457:content negotiation
5513:P3P Work Suspended
5464:"Content-Language"
5092:"HTTP Request IDs"
4751:, January 26, 2012
3633:X-Content-Duration
3486:Permissions-Policy
2908:Proxy-Authenticate
1624:of the user agent.
1579:Transfer-Encoding
1144:header field. The
498:
290:HTTP header fields
4660:. October 8, 2015
4552:"Message Headers"
4112:"Message Headers"
3798:The header field
3766:
3765:
3733:value is defined.
3651:Internet Explorer
3550:"group"
3343:
3342:
3105:Transfer-Encoding
2642:Delta-Base: "abc"
2356:Connection: close
2123:HTTP Client Hints
2086:
2085:
1897:X-Forwarded-Proto
1729:
1728:
1622:user agent string
1348:response fields).
1344:(asks server for
1200:If-Modified-Since
559:Accept: text/html
367:and zero or more
287:
286:
6357:
6276:: HTTP Semantics
6248:
6247:
6245:
6243:
6233:
6194:
6193:
6191:
6189:
6179:
6137:
6136:
6134:
6132:
6117:
6111:
6110:
6101:
6099:10.17487/RFC9111
6080:
6074:
6073:
6071:
6069:
6058:
6052:
6051:
6048:
6042:
6040:
6035:. March 12, 2021
6025:
6019:
6018:
6016:
6014:
6003:
5997:
5996:
5994:
5992:
5982:
5976:
5975:
5973:
5971:
5956:"Fetch standard"
5951:
5945:
5944:
5942:
5940:
5930:
5924:
5923:
5921:
5919:
5908:
5902:
5901:
5899:
5897:
5891:Bugzilla@Mozilla
5883:
5877:
5876:
5874:
5872:
5861:
5855:
5854:
5852:
5850:
5836:
5830:
5829:: HTTP Semantics
5823:
5817:
5816:
5814:
5812:
5801:"CSP: report-to"
5797:
5791:
5790:
5788:
5786:
5781:. August 9, 2017
5771:
5765:
5764:
5762:
5760:
5749:
5743:
5742:
5740:
5738:
5727:
5721:
5720:
5718:
5716:
5701:
5695:
5694:
5692:
5690:
5676:
5670:
5669:
5667:
5665:
5654:
5648:
5647:
5645:
5643:
5633:
5627:
5626:
5620:
5615:
5613:
5605:
5603:
5601:
5596:
5594:10.17487/RFC7034
5580:
5574:
5573:
5564:
5562:10.17487/RFC9110
5543:
5537:
5536:
5534:
5532:
5521:
5515:
5509:
5503:
5497:
5491:
5490:
5481:
5479:10.17487/RFC9110
5460:
5454:
5453:
5447:
5442:
5440:
5432:
5430:
5428:
5423:
5421:10.17487/RFC6266
5407:
5401:
5400:
5394:
5389:
5387:
5379:
5377:
5375:
5370:
5368:10.17487/RFC7838
5354:
5348:
5347:
5341:
5336:
5334:
5326:
5324:
5322:
5317:
5315:10.17487/RFC7838
5301:
5295:
5294:
5288:
5283:
5281:
5273:
5271:
5269:
5255:10.17487/RFC5789
5242:
5236:
5235:
5233:
5231:
5216:
5210:
5209:
5207:
5205:
5190:
5184:
5183:
5181:
5179:
5165:
5159:
5158:
5156:
5154:
5139:
5133:
5132:
5130:
5128:
5113:
5107:
5106:
5104:
5102:
5088:
5082:
5081:
5079:
5077:
5063:
5057:
5056:
5054:
5052:
5043:. Archived from
5033:
5027:
5026:
5024:
5022:
5008:
5002:
5001:
4999:
4997:
4982:
4976:
4975:
4973:
4971:
4961:
4955:
4954:
4952:
4950:
4936:
4930:
4929:
4927:
4925:
4914:
4908:
4907:
4905:
4903:
4893:
4887:
4886:
4884:
4882:
4873:. Archived from
4867:
4861:
4860:
4858:
4856:
4846:
4840:
4839:
4837:
4835:
4824:
4818:
4817:
4815:
4813:
4802:
4796:
4795:
4793:
4791:
4780:
4774:
4773:
4771:
4769:
4758:
4752:
4745:
4739:
4732:
4726:
4725:
4723:
4721:
4711:
4705:
4704:
4702:
4700:
4690:
4684:
4683:
4676:
4670:
4669:
4667:
4665:
4650:
4644:
4643:
4634:
4632:10.17487/RFC9111
4617:"Warning header"
4613:
4604:
4603:
4594:
4592:10.17487/RFC7540
4573:
4567:
4566:
4564:
4562:
4548:
4542:
4541:
4532:
4530:10.17487/RFC9113
4511:
4505:
4504:
4495:
4493:10.17487/RFC9110
4474:
4468:
4467:
4461:
4456:
4454:
4446:
4444:
4442:
4436:10.17487/RFC7239
4419:
4413:
4412:
4403:
4401:10.17487/RFC7231
4382:
4373:
4372:
4363:
4361:10.17487/RFC9113
4342:
4321:
4320:
4311:
4309:10.17487/RFC9110
4290:
4281:
4280:
4278:
4276:
4266:
4255:
4254:
4252:
4250:10.17487/RFC3229
4235:
4224:
4223:
4221:
4219:
4204:
4198:
4197:
4188:
4186:10.17487/RFC9110
4171:"Quality Values"
4167:
4161:
4160:
4151:
4149:10.17487/RFC9110
4130:
4124:
4123:
4121:
4119:
4108:
4102:
4101:
4095:
4090:
4088:
4080:
4078:
4076:
4070:10.17487/RFC6648
4057:
4051:
4050:
4041:
4039:10.17487/RFC9110
4020:
4014:
4013:
4004:
4002:10.17487/RFC9110
3983:
3977:
3976:
3970:
3965:
3963:
3955:
3953:
3951:
3945:10.17487/RFC7541
3928:
3922:
3921:
3912:
3910:10.17487/RFC9113
3895:
3889:
3888:
3879:
3877:10.17487/RFC7230
3858:
3821:
3820:Pragma: no-cache
3817:
3816:Pragma: no-cache
3812:
3801:
3794:
3789:
3781:
3774:Avoiding caching
3762:
3751:X-XSS-Protection
3746:
3742:
3738:
3732:
3717:
3704:
3700:
3687:
3681:
3680:X-AspNet-Version
3677:
3673:
3662:
3641:
3627:
3623:
3613:
3602:
3582:
3581:
3578:
3575:
3572:
3569:
3566:
3563:
3560:
3557:
3554:
3551:
3548:
3545:
3542:
3528:
3527:
3522:Refresh: 5; url=
3517:
3513:
3494:
3481:
3480:
3477:
3474:
3471:
3468:
3465:
3462:
3459:
3456:
3453:
3450:
3447:
3444:
3441:
3438:
3435:
3432:
3429:
3426:
3423:
3420:
3417:
3414:
3400:
3379:
3350:
3349:
3334:
3328:
3324:
3320:
3316:
3290:
3282:WWW-Authenticate
3261:
3236:
3209:
3203:
3175:
3152:
3124:
3088:
3066:
3039:
3011:
2982:
2976:
2975:Retry-After: 120
2948:
2916:
2897:
2872:
2871:Pragma: no-cache
2854:
2844:
2813:
2807:
2773:
2748:
2723:
2698:
2673:
2643:
2618:
2593:
2564:
2531:
2522:-encoded binary
2498:
2490:Content-Location
2473:
2444:
2436:Content-Language
2419:
2412:HTTP compression
2407:Content-Encoding
2382:
2357:
2329:
2309:
2281:
2280:Allow: GET, HEAD
2253:
2224:
2196:
2174:
2169:
2158:
2129:
2098:
2097:
2082:
2065:
2052:
2034:
2029:
2025:
2018:Used to prevent
2010:
2003:Verizon Wireless
1989:
1978:Proxy-Connection
1973:
1957:
1944:
1930:
1917:
1891:
1887:
1877:
1864:X-Forwarded-Host
1858:
1854:
1826:
1821:
1790:
1784:
1770:X-Requested-With
1765:
1760:
1754:
1738:
1737:
1709:
1684:
1659:
1629:
1598:
1562:
1533:
1523:
1494:
1459:
1430:
1405:
1380:
1378:Pragma: no-cache
1353:
1346:Access-Control-*
1320:
1319:Max-Forwards: 10
1295:
1270:
1245:
1234:304 Not Modified
1212:
1205:304 Not Modified
1183:
1153:
1147:
1143:
1115:
1111:
1071:
1044:
1041:
1016:
991:
958:
952:
923:
886:
877:-encoded binary
853:
824:
817:HTTP compression
812:Content-Encoding
794:
788:
760:
729:
710:
705:
689:
668:
639:
632:HTTP compression
610:
585:
560:
528:
500:
497:
476:
470:
466:
435:
431:
375:
370:
366:
310:Content-Encoding
279:
272:
265:
32:
18:
17:
6365:
6364:
6360:
6359:
6358:
6356:
6355:
6354:
6335:
6334:
6332:
6257:
6252:
6251:
6241:
6239:
6234:
6230:
6198:
6197:
6187:
6185:
6180:
6173:
6141:
6140:
6130:
6128:
6119:
6118:
6114:
6082:
6081:
6077:
6067:
6065:
6059:
6055:
6046:
6038:
6036:
6027:
6026:
6022:
6012:
6010:
6009:. April 1, 2011
6005:
6004:
6000:
5990:
5988:
5984:
5983:
5979:
5969:
5967:
5952:
5948:
5938:
5936:
5932:
5931:
5927:
5917:
5915:
5909:
5905:
5895:
5893:
5885:
5884:
5880:
5870:
5868:
5863:
5862:
5858:
5848:
5846:
5838:
5837:
5833:
5824:
5820:
5810:
5808:
5799:
5798:
5794:
5784:
5782:
5773:
5772:
5768:
5758:
5756:
5751:
5750:
5746:
5736:
5734:
5729:
5728:
5724:
5714:
5712:
5703:
5702:
5698:
5688:
5686:
5678:
5677:
5673:
5663:
5661:
5656:
5655:
5651:
5641:
5639:
5635:
5634:
5630:
5618:
5616:
5607:
5606:
5599:
5597:
5581:
5577:
5545:
5544:
5540:
5530:
5528:
5523:
5522:
5518:
5510:
5506:
5498:
5494:
5462:
5461:
5457:
5445:
5443:
5434:
5433:
5426:
5424:
5408:
5404:
5392:
5390:
5381:
5380:
5373:
5371:
5355:
5351:
5339:
5337:
5328:
5327:
5320:
5318:
5302:
5298:
5286:
5284:
5275:
5274:
5267:
5265:
5243:
5239:
5229:
5227:
5217:
5213:
5203:
5201:
5200:. June 30, 2020
5192:
5191:
5187:
5177:
5175:
5167:
5166:
5162:
5152:
5150:
5140:
5136:
5126:
5124:
5115:
5114:
5110:
5100:
5098:
5090:
5089:
5085:
5075:
5073:
5065:
5064:
5060:
5050:
5048:
5035:
5034:
5030:
5020:
5018:
5010:
5009:
5005:
4995:
4993:
4985:Craig Timberg.
4983:
4979:
4969:
4967:
4963:
4962:
4958:
4948:
4946:
4938:
4937:
4933:
4923:
4921:
4915:
4911:
4901:
4899:
4895:
4894:
4890:
4880:
4878:
4871:"ATT Device ID"
4869:
4868:
4864:
4854:
4852:
4848:
4847:
4843:
4833:
4831:
4830:. July 27, 2006
4826:
4825:
4821:
4811:
4809:
4803:
4799:
4789:
4787:
4781:
4777:
4767:
4765:
4759:
4755:
4746:
4742:
4733:
4729:
4719:
4717:
4713:
4712:
4708:
4698:
4696:
4692:
4691:
4687:
4678:
4677:
4673:
4663:
4661:
4652:
4651:
4647:
4615:
4614:
4607:
4575:
4574:
4570:
4560:
4558:
4550:
4549:
4545:
4513:
4512:
4508:
4476:
4475:
4471:
4459:
4457:
4448:
4447:
4440:
4438:
4420:
4416:
4384:
4383:
4376:
4344:
4343:
4324:
4292:
4291:
4284:
4274:
4272:
4268:
4267:
4258:
4237:
4236:
4227:
4217:
4215:
4206:
4205:
4201:
4169:
4168:
4164:
4132:
4131:
4127:
4117:
4115:
4110:
4109:
4105:
4093:
4091:
4082:
4081:
4074:
4072:
4058:
4054:
4022:
4021:
4017:
3985:
3984:
3980:
3968:
3966:
3957:
3956:
3949:
3947:
3929:
3925:
3897:
3896:
3892:
3862:"Field Parsing"
3860:
3859:
3855:
3850:
3828:
3819:
3815:
3810:
3799:
3792:
3787:
3779:
3776:
3771:
3760:
3744:
3743:
3740:
3739:
3736:
3730:
3722:X-UA-Compatible
3715:
3702:
3701:
3698:
3685:
3679:
3675:
3671:
3660:
3639:
3625:
3621:
3611:
3601:Status: 200 OK
3600:
3579:
3576:
3573:
3570:
3567:
3564:
3561:
3558:
3555:
3552:
3549:
3546:
3543:
3540:
3523:
3521:
3515:
3511:
3492:
3478:
3475:
3472:
3469:
3466:
3463:
3460:
3457:
3454:
3451:
3448:
3445:
3442:
3439:
3436:
3433:
3430:
3427:
3424:
3421:
3418:
3415:
3412:
3394:
3377:
3367:
3365:
3348:
3332:
3326:
3322:
3318:
3314:
3307:X-Frame-Options
3288:
3259:
3234:
3207:
3201:
3173:
3150:
3147:
3122:
3086:
3064:
3037:
3009:
2980:
2974:
2946:
2933:Public-Key-Pins
2914:
2895:
2870:
2852:
2842:
2811:
2805:
2771:
2746:
2721:
2696:
2671:
2641:
2616:
2591:
2588:of this content
2562:
2529:
2496:
2471:
2442:
2417:
2380:
2355:
2327:
2307:
2279:
2251:
2222:
2194:
2172:
2167:
2156:
2154:
2152:
2150:
2148:
2146:
2127:
2096:
2091:
2089:Response fields
2080:
2063:
2050:
2032:
2027:
2023:
2008:
1987:
1969:x-wap-profile:
1968:
1955:
1942:
1928:
1922:Front-End-Https
1915:
1889:
1885:
1875:
1856:
1852:
1834:X-Forwarded-For
1824:
1819:
1788:
1782:
1777:requests (most
1763:
1758:
1752:
1736:
1707:
1682:
1657:
1627:
1596:
1560:
1528:
1521:
1492:
1457:
1428:
1403:
1376:
1351:
1318:
1293:
1268:
1243:
1210:
1181:
1151:
1145:
1141:
1137:HTTP2-Settings
1113:
1109:
1093:virtual hosting
1067:
1042:
1039:
1014:
989:
956:
948:
921:
884:
851:
822:
790:
786:
758:
727:
708:
703:
687:
685:
666:
656:Accept-Language
637:
627:Accept-Encoding
608:
602:Accept-Datetime
583:
558:
526:
496:
491:
482:
474:
468:
464:
442:
433:
429:
382:
373:
368:
364:
361:binary protocol
343:carriage return
334:
314:browser cookies
283:
156:X-Forwarded-For
64:Request methods
12:
11:
5:
6363:
6353:
6352:
6347:
6330:
6329:
6324:
6319:
6312:
6305:
6298:
6291:
6284:
6283:: HTTP Caching
6277:
6270:
6263:
6256:
6255:External links
6253:
6250:
6249:
6227:
6226:
6213:Adrian Grigore
6211:, authored by
6196:
6195:
6170:
6169:
6154:, authored by
6139:
6138:
6112:
6075:
6053:
6020:
5998:
5977:
5946:
5925:
5903:
5878:
5867:. May 26, 2014
5856:
5831:
5818:
5792:
5766:
5753:"Am I FLoCed?"
5744:
5722:
5696:
5671:
5649:
5628:
5619:|journal=
5575:
5552:HTTP Semantics
5538:
5516:
5504:
5492:
5469:HTTP Semantics
5455:
5446:|journal=
5402:
5393:|journal=
5349:
5340:|journal=
5296:
5287:|journal=
5237:
5211:
5185:
5160:
5134:
5108:
5083:
5058:
5028:
5003:
4977:
4956:
4931:
4909:
4888:
4862:
4841:
4819:
4797:
4775:
4753:
4740:
4727:
4706:
4685:
4671:
4645:
4605:
4568:
4543:
4506:
4483:HTTP Semantics
4469:
4460:|journal=
4414:
4374:
4322:
4299:HTTP Semantics
4282:
4256:
4225:
4214:on May 9, 2012
4199:
4176:HTTP Semantics
4162:
4139:HTTP Semantics
4125:
4103:
4094:|journal=
4052:
4029:HTTP Semantics
4015:
3992:HTTP Semantics
3978:
3969:|journal=
3923:
3890:
3852:
3851:
3849:
3846:
3845:
3844:
3839:
3834:
3827:
3824:
3784:caching system
3775:
3772:
3770:
3767:
3764:
3763:
3758:
3752:
3748:
3747:
3734:
3723:
3719:
3718:
3713:
3710:
3706:
3705:
3696:
3693:
3692:X-Redirect-By
3689:
3688:
3683:
3668:
3664:
3663:
3658:
3647:
3643:
3642:
3637:
3634:
3630:
3629:
3619:
3608:
3604:
3603:
3598:
3588:
3584:
3583:
3537:
3534:
3530:
3529:
3519:
3500:
3496:
3495:
3490:
3487:
3483:
3482:
3409:
3406:
3402:
3401:
3392:
3385:
3381:
3380:
3375:
3369:
3361:
3360:
3357:
3354:
3347:
3344:
3341:
3340:
3338:
3335:
3330:
3308:
3304:
3303:
3294:
3291:
3286:
3283:
3279:
3278:
3265:
3262:
3257:
3254:
3250:
3249:
3240:
3237:
3232:
3229:
3225:
3224:
3215:
3212:
3211:
3210:
3204:
3196:
3193:
3189:
3188:
3179:
3176:
3171:
3165:
3159:
3158:
3156:
3153:
3148:
3145:
3142:
3138:
3137:
3128:
3125:
3120:
3106:
3102:
3101:
3092:
3089:
3084:
3077:
3073:
3072:
3070:
3067:
3062:
3059:
3053:
3052:
3043:
3040:
3035:
3029:
3025:
3024:
3015:
3012:
3007:
3004:
3000:
2999:
2990:
2985:
2984:
2983:
2977:
2969:
2966:
2962:
2961:
2952:
2949:
2944:
2934:
2930:
2929:
2920:
2917:
2912:
2909:
2905:
2904:
2901:
2898:
2893:
2890:
2886:
2885:
2876:
2873:
2868:
2865:
2861:
2860:
2858:
2855:
2850:
2835:
2829:
2828:
2819:
2816:
2815:
2814:
2808:
2800:
2793:
2787:
2786:
2777:
2774:
2769:
2766:
2762:
2761:
2752:
2749:
2744:
2741:
2737:
2736:
2727:
2724:
2719:
2716:
2712:
2711:
2702:
2699:
2694:
2691:
2687:
2686:
2677:
2674:
2669:
2667:message digest
2663:
2657:
2656:
2647:
2644:
2639:
2636:
2632:
2631:
2622:
2619:
2614:
2611:
2607:
2606:
2597:
2594:
2589:
2582:
2578:
2577:
2568:
2565:
2560:
2557:
2553:
2552:
2535:
2532:
2527:
2516:
2512:
2511:
2502:
2499:
2494:
2491:
2487:
2486:
2477:
2474:
2469:
2462:
2461:Content-Length
2458:
2457:
2448:
2445:
2440:
2437:
2433:
2432:
2423:
2420:
2415:
2408:
2404:
2403:
2386:
2383:
2378:
2375:
2371:
2370:
2361:
2358:
2353:
2347:
2343:
2342:
2333:
2330:
2325:
2322:
2316:
2315:
2313:
2310:
2305:
2299:
2295:
2294:
2285:
2282:
2277:
2271:
2267:
2266:
2257:
2254:
2249:
2242:
2238:
2237:
2228:
2225:
2220:
2214:
2210:
2209:
2200:
2197:
2192:
2189:
2185:
2184:
2175:
2170:
2165:
2159:
2143:
2142:
2133:
2130:
2125:
2119:
2115:
2114:
2111:
2108:
2105:
2102:
2095:
2092:
2090:
2087:
2084:
2083:
2078:
2071:
2067:
2066:
2061:
2058:
2054:
2053:
2048:
2043:
2039:X-Request-ID,
2036:
2035:
2030:
2016:
2012:
2011:
2006:
1995:
1991:
1990:
1985:
1979:
1975:
1974:
1966:
1963:
1959:
1958:
1953:
1950:
1949:X-ATT-DeviceId
1946:
1945:
1940:
1936:
1932:
1931:
1926:
1923:
1919:
1918:
1913:
1898:
1894:
1893:
1883:
1865:
1861:
1860:
1850:
1836:
1830:
1829:
1817:
1798:
1792:
1791:
1786:
1783:XMLHttpRequest
1771:
1767:
1766:
1761:
1755:
1749:
1748:
1745:
1742:
1735:
1732:
1727:
1726:
1713:
1710:
1705:
1702:
1698:
1697:
1688:
1685:
1680:
1677:
1673:
1672:
1663:
1660:
1655:
1649:
1643:
1642:
1633:
1630:
1625:
1618:
1612:
1611:
1602:
1599:
1594:
1580:
1576:
1575:
1566:
1563:
1558:
1551:
1547:
1546:
1537:
1534:
1529:TE: trailers,
1526:
1512:
1508:
1507:
1498:
1495:
1490:
1486:
1473:
1472:
1463:
1460:
1455:
1448:
1444:
1443:
1434:
1431:
1426:
1423:
1419:
1418:
1409:
1406:
1401:
1398:
1394:
1393:
1384:
1381:
1374:
1371:
1367:
1366:
1357:
1354:
1349:
1338:
1334:
1333:
1324:
1321:
1316:
1313:
1309:
1308:
1299:
1296:
1291:
1288:
1284:
1283:
1274:
1271:
1266:
1263:
1259:
1258:
1249:
1246:
1241:
1230:
1226:
1225:
1216:
1213:
1208:
1201:
1197:
1196:
1187:
1184:
1179:
1175:
1171:
1170:
1157:
1154:
1149:
1146:HTTP2-Settings
1142:HTTP2-Settings
1138:
1134:
1133:
1120:
1117:
1107:
1089:
1085:
1084:
1075:
1072:
1065:
1062:
1058:
1057:
1048:
1045:
1037:
1034:
1030:
1029:
1020:
1017:
1012:
1009:
1005:
1004:
995:
992:
987:
980:
976:
975:
962:
959:
954:
941:
937:
936:
927:
924:
919:
912:
908:
907:
890:
887:
882:
871:
867:
866:
857:
854:
849:
848:(8-bit bytes).
842:
841:Content-Length
838:
837:
828:
825:
820:
813:
809:
808:
799:
796:
784:
778:
774:
773:
764:
761:
756:
749:
743:
742:
733:
730:
725:
718:
714:
713:
711:
706:
701:
690:
682:
681:
672:
669:
664:
657:
653:
652:
643:
640:
635:
628:
624:
623:
614:
611:
606:
603:
599:
598:
589:
586:
581:
578:
577:Accept-Charset
574:
573:
564:
561:
556:
546:
542:
541:
532:
529:
524:
521:
517:
516:
513:
510:
507:
504:
495:
492:
490:
489:Request fields
487:
481:
478:
471:, as follows:
441:
438:
381:
378:
359:instead use a
333:
332:General format
330:
316:, IP address,
292:are a list of
285:
284:
282:
281:
274:
267:
259:
256:
255:
254:
253:
248:
243:
238:
230:
229:
225:
224:
223:
222:
217:
209:
208:
204:
203:
202:
201:
196:
191:
186:
181:
176:
168:
167:
161:
160:
159:
158:
153:
148:
143:
138:
133:
125:
124:
118:
117:
116:
115:
110:
105:
100:
95:
90:
85:
80:
75:
67:
66:
60:
59:
58:
57:
52:
47:
42:
34:
33:
25:
24:
9:
6:
4:
3:
2:
6362:
6351:
6348:
6346:
6343:
6342:
6340:
6333:
6328:
6325:
6323:
6320:
6317:
6313:
6310:
6306:
6303:
6299:
6296:
6292:
6289:
6285:
6282:
6278:
6275:
6271:
6268:
6264:
6262:
6259:
6258:
6238:
6232:
6228:
6225:
6224:
6222:
6218:
6214:
6209:
6206:
6204:
6184:
6178:
6176:
6171:
6168:
6167:
6165:
6161:
6157:
6152:
6149:
6147:
6126:
6122:
6116:
6108:
6105:
6100:
6095:
6091:
6090:
6085:
6079:
6068:September 30,
6064:
6057:
6050:
6034:
6030:
6024:
6008:
6002:
5987:
5981:
5965:
5961:
5957:
5950:
5935:
5929:
5918:September 28,
5914:
5907:
5892:
5888:
5882:
5866:
5860:
5845:
5841:
5835:
5828:
5822:
5806:
5802:
5796:
5780:
5776:
5770:
5754:
5748:
5732:
5726:
5710:
5706:
5700:
5685:
5681:
5675:
5659:
5653:
5638:
5632:
5624:
5611:
5595:
5590:
5586:
5579:
5571:
5568:
5563:
5558:
5554:
5553:
5548:
5547:"Retry-After"
5542:
5526:
5520:
5514:
5508:
5501:
5496:
5488:
5485:
5480:
5475:
5471:
5470:
5465:
5459:
5451:
5438:
5422:
5417:
5413:
5406:
5398:
5385:
5369:
5364:
5360:
5353:
5345:
5332:
5316:
5311:
5307:
5300:
5292:
5279:
5264:
5260:
5256:
5252:
5248:
5241:
5226:
5222:
5215:
5199:
5195:
5189:
5174:
5170:
5164:
5149:
5148:hilton.org.uk
5145:
5138:
5122:
5118:
5112:
5097:
5093:
5087:
5072:
5068:
5062:
5046:
5042:
5038:
5032:
5017:
5013:
5007:
4992:
4988:
4981:
4966:
4960:
4945:
4941:
4935:
4920:
4913:
4898:
4897:"WAP Profile"
4892:
4876:
4872:
4866:
4851:
4845:
4829:
4823:
4812:September 30,
4808:
4801:
4786:
4779:
4768:September 10,
4764:
4757:
4750:
4744:
4738:March 7, 2011
4737:
4731:
4716:
4710:
4695:
4689:
4681:
4675:
4659:
4655:
4649:
4641:
4638:
4633:
4628:
4624:
4623:
4618:
4612:
4610:
4601:
4598:
4593:
4588:
4584:
4583:
4578:
4572:
4557:
4553:
4547:
4539:
4536:
4531:
4526:
4522:
4521:
4516:
4510:
4502:
4499:
4494:
4489:
4485:
4484:
4479:
4473:
4465:
4452:
4437:
4433:
4429:
4425:
4418:
4410:
4407:
4402:
4397:
4393:
4392:
4387:
4381:
4379:
4370:
4367:
4362:
4357:
4353:
4352:
4347:
4341:
4339:
4337:
4335:
4333:
4331:
4329:
4327:
4318:
4315:
4310:
4305:
4301:
4300:
4295:
4289:
4287:
4271:
4265:
4263:
4261:
4251:
4246:
4242:
4241:
4234:
4232:
4230:
4213:
4209:
4203:
4195:
4192:
4187:
4182:
4178:
4177:
4172:
4166:
4158:
4155:
4150:
4145:
4141:
4140:
4135:
4129:
4113:
4107:
4099:
4086:
4071:
4067:
4063:
4056:
4048:
4045:
4040:
4035:
4031:
4030:
4025:
4019:
4011:
4008:
4003:
3998:
3994:
3993:
3988:
3987:"Field Names"
3982:
3974:
3961:
3946:
3942:
3938:
3934:
3927:
3919:
3916:
3911:
3906:
3903:. June 2022.
3902:
3901:
3894:
3886:
3883:
3878:
3873:
3869:
3868:
3863:
3857:
3853:
3843:
3840:
3838:
3835:
3833:
3830:
3829:
3823:
3807:
3803:
3796:
3785:
3759:
3756:
3753:
3750:
3749:
3735:
3728:
3724:
3721:
3720:
3714:
3711:
3708:
3707:
3697:
3694:
3691:
3690:
3684:
3669:
3666:
3659:
3656:
3655:Google Chrome
3652:
3648:
3645:
3644:
3638:
3635:
3632:
3631:
3628:
3620:
3617:
3609:
3606:
3605:
3599:
3596:
3592:
3589:
3586:
3585:
3538:
3535:
3532:
3531:
3526:
3520:
3509:
3505:
3501:
3498:
3491:
3488:
3485:
3484:
3410:
3407:
3404:
3403:
3398:
3393:
3390:
3386:
3383:
3382:
3376:
3373:
3370:
3368:X-WebKit-CSP
3363:
3362:
3358:
3355:
3352:
3351:
3339:
3336:
3331:
3312:
3309:
3306:
3302:
3298:
3295:
3292:
3287:
3284:
3281:
3277:
3273:
3269:
3266:
3263:
3258:
3255:
3252:
3251:
3248:
3244:
3241:
3238:
3233:
3230:
3227:
3226:
3223:
3219:
3216:
3213:
3205:
3199:
3198:
3197:
3194:
3191:
3190:
3187:
3183:
3180:
3177:
3172:
3170:
3166:
3164:
3161:
3160:
3157:
3154:
3149:
3143:
3140:
3139:
3136:
3132:
3129:
3126:
3121:
3119:
3115:
3111:
3107:
3104:
3100:
3096:
3093:
3090:
3085:
3082:
3078:
3075:
3071:
3068:
3063:
3060:
3058:
3055:
3054:
3051:
3047:
3044:
3041:
3036:
3034:
3030:
3026:
3023:
3019:
3016:
3013:
3008:
3005:
3002:
3001:
2998:
2994:
2991:
2989:
2986:
2978:
2972:
2971:
2970:
2967:
2964:
2963:
2960:
2956:
2953:
2950:
2945:
2942:
2938:
2935:
2932:
2928:
2924:
2921:
2918:
2913:
2910:
2907:
2906:
2902:
2899:
2894:
2891:
2888:
2887:
2884:
2880:
2877:
2874:
2869:
2866:
2863:
2862:
2859:
2856:
2851:
2848:
2840:
2836:
2834:
2831:
2830:
2827:
2823:
2820:
2817:
2809:
2803:
2802:
2801:
2798:
2794:
2792:
2789:
2788:
2785:
2781:
2778:
2775:
2770:
2767:
2764:
2763:
2760:
2756:
2753:
2750:
2745:
2742:
2740:Last-Modified
2739:
2738:
2735:
2731:
2728:
2725:
2720:
2717:
2714:
2713:
2710:
2706:
2703:
2700:
2695:
2692:
2689:
2685:
2681:
2678:
2675:
2670:
2668:
2664:
2662:
2659:
2658:
2655:
2651:
2648:
2645:
2640:
2637:
2634:
2633:
2630:
2626:
2623:
2620:
2615:
2612:
2609:
2608:
2605:
2601:
2598:
2595:
2590:
2587:
2583:
2580:
2576:
2572:
2569:
2566:
2561:
2558:
2556:Content-Range
2555:
2551:
2547:
2543:
2539:
2536:
2533:
2528:
2525:
2521:
2517:
2514:
2513:
2510:
2506:
2503:
2500:
2495:
2492:
2489:
2488:
2485:
2481:
2478:
2475:
2470:
2468:(8-bit bytes)
2467:
2463:
2460:
2456:
2452:
2449:
2446:
2441:
2438:
2435:
2434:
2431:
2427:
2424:
2421:
2416:
2413:
2409:
2406:
2402:
2398:
2394:
2390:
2387:
2384:
2379:
2376:
2373:
2372:
2369:
2365:
2362:
2359:
2354:
2352:
2348:
2345:
2344:
2341:
2337:
2334:
2331:
2326:
2323:
2321:
2320:Cache-Control
2318:
2317:
2314:
2311:
2306:
2304:
2300:
2297:
2296:
2293:
2289:
2286:
2283:
2278:
2276:
2272:
2269:
2268:
2265:
2261:
2258:
2255:
2250:
2247:
2243:
2240:
2239:
2236:
2232:
2229:
2226:
2221:
2219:
2215:
2213:Accept-Ranges
2212:
2208:
2204:
2201:
2198:
2193:
2190:
2187:
2183:
2179:
2176:
2171:
2166:
2164:
2160:
2145:
2141:
2137:
2134:
2132:Experimental
2131:
2126:
2124:
2120:
2117:
2116:
2112:
2109:
2106:
2103:
2100:
2099:
2079:
2076:
2073:The Sec-GPC (
2072:
2069:
2068:
2064:Save-Data: on
2062:
2059:
2056:
2055:
2049:
2047:
2044:
2042:
2038:
2037:
2031:
2021:
2017:
2014:
2013:
2007:
2004:
2000:
1996:
1993:
1992:
1986:
1984:
1980:
1977:
1976:
1972:
1967:
1964:
1962:X-Wap-Profile
1961:
1960:
1954:
1951:
1948:
1947:
1941:
1937:
1934:
1933:
1927:
1924:
1921:
1920:
1914:
1911:
1906:
1904:
1899:
1896:
1895:
1892:
1884:
1881:
1873:
1871:
1866:
1863:
1862:
1859:
1851:
1848:
1844:
1842:
1837:
1835:
1832:
1831:
1828:
1818:
1815:
1811:
1807:
1803:
1799:
1797:
1794:
1793:
1787:
1780:
1776:
1772:
1769:
1762:
1756:
1751:
1750:
1746:
1743:
1740:
1739:
1731:
1725:
1721:
1717:
1714:
1711:
1706:
1703:
1700:
1699:
1696:
1692:
1689:
1686:
1681:
1678:
1675:
1674:
1671:
1667:
1664:
1661:
1656:
1654:
1650:
1648:
1645:
1644:
1641:
1637:
1634:
1631:
1626:
1623:
1619:
1617:
1614:
1610:
1606:
1603:
1600:
1595:
1593:
1589:
1585:
1581:
1578:
1577:
1574:
1570:
1567:
1564:
1559:
1556:
1552:
1549:
1548:
1545:
1541:
1538:
1535:
1532:
1527:
1525:
1517:
1513:
1510:
1506:
1502:
1499:
1496:
1491:
1489:terminology.)
1487:
1484:
1483:
1478:
1475:
1474:
1471:
1467:
1464:
1461:
1456:
1453:
1449:
1446:
1442:
1438:
1435:
1432:
1427:
1424:
1421:
1420:
1417:
1413:
1410:
1407:
1402:
1399:
1396:
1395:
1392:
1388:
1385:
1382:
1379:
1375:
1372:
1369:
1368:
1365:
1361:
1358:
1355:
1350:
1347:
1343:
1339:
1336:
1332:
1328:
1325:
1322:
1317:
1314:
1311:
1310:
1307:
1303:
1300:
1297:
1292:
1289:
1286:
1285:
1282:
1278:
1275:
1272:
1267:
1264:
1261:
1260:
1257:
1253:
1250:
1247:
1242:
1239:
1235:
1231:
1229:If-None-Match
1228:
1227:
1224:
1220:
1217:
1214:
1209:
1206:
1202:
1199:
1198:
1195:
1191:
1188:
1185:
1180:
1176:
1173:
1172:
1169:
1165:
1161:
1158:
1155:
1150:
1139:
1136:
1135:
1132:
1128:
1124:
1121:
1118:
1116:
1106:
1102:
1098:
1094:
1090:
1087:
1083:
1079:
1076:
1073:
1070:
1066:
1063:
1060:
1059:
1056:
1052:
1049:
1046:
1038:
1035:
1032:
1031:
1028:
1024:
1021:
1018:
1013:
1010:
1007:
1006:
1003:
999:
996:
993:
988:
985:
981:
978:
977:
974:
970:
966:
963:
960:
955:
951:
946:
942:
939:
938:
935:
931:
928:
925:
920:
917:
913:
910:
906:
902:
898:
894:
891:
888:
883:
880:
876:
872:
869:
868:
865:
861:
858:
855:
850:
847:
843:
840:
836:
832:
829:
826:
821:
818:
814:
811:
807:
803:
800:
797:
795:
793:
785:
783:
779:
776:
775:
772:
768:
765:
762:
757:
754:
750:
748:
747:Cache-Control
745:
744:
741:
737:
734:
731:
726:
723:
719:
717:Authorization
716:
715:
712:
707:
702:
699:
695:
691:
684:
680:
676:
673:
670:
665:
662:
658:
655:
651:
647:
644:
641:
636:
633:
629:
626:
622:
618:
615:
612:
607:
604:
601:
597:
593:
590:
587:
582:
579:
576:
575:
572:
568:
565:
562:
557:
554:
550:
549:Media type(s)
547:
544:
540:
536:
533:
530:
525:
522:
519:
518:
514:
511:
508:
505:
502:
501:
486:
477:
472:
462:
458:
454:
450:
445:
437:
426:
424:
420:
417:
415:
411:
407:
406:Header Fields
403:
399:
395:
391:
387:
377:
362:
358:
354:
350:
348:
344:
340:
329:
327:
323:
319:
315:
311:
307:
303:
299:
295:
291:
280:
275:
273:
268:
266:
261:
260:
258:
257:
252:
249:
247:
244:
242:
239:
237:
234:
233:
232:
231:
227:
226:
221:
218:
216:
213:
212:
211:
210:
206:
205:
200:
197:
195:
194:404 Not Found
192:
190:
189:403 Forbidden
187:
185:
184:303 See Other
182:
180:
177:
175:
172:
171:
170:
169:
166:
163:
162:
157:
154:
152:
149:
147:
144:
142:
139:
137:
134:
132:
129:
128:
127:
126:
123:
122:Header fields
120:
119:
114:
111:
109:
106:
104:
101:
99:
96:
94:
91:
89:
86:
84:
81:
79:
76:
74:
71:
70:
69:
68:
65:
62:
61:
56:
53:
51:
48:
46:
43:
41:
38:
37:
36:
35:
31:
27:
26:
23:
20:
19:
16:
6331:
6240:. Retrieved
6231:
6210:
6200:
6199:
6186:. Retrieved
6153:
6143:
6142:
6129:. Retrieved
6115:
6089:HTTP Caching
6088:
6078:
6066:. Retrieved
6056:
6044:
6037:. Retrieved
6032:
6023:
6011:. Retrieved
6001:
5989:. Retrieved
5980:
5968:. Retrieved
5959:
5949:
5937:. Retrieved
5928:
5916:. Retrieved
5906:
5894:. Retrieved
5890:
5881:
5869:. Retrieved
5859:
5847:. Retrieved
5843:
5834:
5821:
5809:. Retrieved
5804:
5795:
5783:. Retrieved
5778:
5769:
5757:. Retrieved
5747:
5735:. Retrieved
5725:
5713:. Retrieved
5708:
5699:
5687:. Retrieved
5683:
5674:
5662:. Retrieved
5652:
5640:. Retrieved
5631:
5610:cite journal
5598:. Retrieved
5578:
5551:
5541:
5529:. Retrieved
5519:
5507:
5495:
5468:
5458:
5437:cite journal
5425:. Retrieved
5405:
5384:cite journal
5372:. Retrieved
5352:
5331:cite journal
5319:. Retrieved
5299:
5278:cite journal
5268:December 24,
5266:. Retrieved
5240:
5228:. Retrieved
5225:MDN Web Docs
5224:
5214:
5202:. Retrieved
5197:
5188:
5176:. Retrieved
5172:
5163:
5151:. Retrieved
5147:
5137:
5125:. Retrieved
5120:
5111:
5099:. Retrieved
5095:
5086:
5074:. Retrieved
5061:
5049:. Retrieved
5045:the original
5031:
5019:. Retrieved
5006:
4994:. Retrieved
4990:
4980:
4968:. Retrieved
4959:
4947:. Retrieved
4934:
4922:. Retrieved
4912:
4900:. Retrieved
4891:
4879:. Retrieved
4875:the original
4865:
4853:. Retrieved
4844:
4832:. Retrieved
4822:
4810:. Retrieved
4800:
4790:November 12,
4788:. Retrieved
4778:
4766:. Retrieved
4756:
4743:
4730:
4718:. Retrieved
4709:
4697:. Retrieved
4688:
4674:
4662:. Retrieved
4657:
4648:
4622:HTTP Caching
4621:
4581:
4571:
4561:November 26,
4559:. Retrieved
4556:www.iana.org
4555:
4546:
4519:
4509:
4482:
4472:
4451:cite journal
4439:. Retrieved
4417:
4390:
4350:
4298:
4273:. Retrieved
4239:
4216:. Retrieved
4212:the original
4202:
4175:
4165:
4138:
4128:
4116:. Retrieved
4106:
4085:cite journal
4075:November 12,
4073:. Retrieved
4055:
4028:
4018:
3991:
3981:
3960:cite journal
3950:December 13,
3948:. Retrieved
3926:
3899:
3893:
3866:
3856:
3808:
3804:
3797:
3777:
3757:(XSS) filter
3727:Chrome Frame
3667:X-Powered-By
3624:
3506:the page or
3374:definition.
3356:Description
3313:protection:
3311:Clickjacking
3168:
3117:
2987:
2581:Content-Type
2350:
2302:
2274:
2218:byte serving
2188:Accept-Patch
2104:Description
2046:
2040:
2028:X-XSRF-TOKEN
2015:X-Csrf-Token
1997:Server-side
1982:
1909:
1902:
1888:
1879:
1869:
1855:
1846:
1840:
1823:
1744:Description
1730:
1652:
1591:
1519:
1480:
1452:Byte serving
1312:Max-Forwards
1233:
1204:
1112:
1104:
911:Content-Type
789:
781:
752:
613:Provisional
506:Description
483:
473:
460:
448:
446:
443:
440:Field values
427:
421:
418:
383:
369:CONTINUATION
351:
335:
322:Do-Not-Track
289:
288:
146:HTTP referer
121:
15:
6156:Stefan KΓΆgl
6013:January 24,
5896:February 9,
5849:January 25,
5755:. EFF. 2021
5733:. W3C. 2020
5680:"Expect-CT"
5660:. W3C. 2012
5121:Rapid7 Blog
5076:January 20,
5051:January 20,
5021:January 20,
4996:January 19,
4970:January 19,
4949:January 19,
4924:January 16,
4902:January 14,
4881:January 14,
4699:January 31,
4664:January 14,
3353:Field name
3206:Example 2:
3200:Example 1:
3033:HTTP cookie
2979:Example 2:
2973:Example 1:
2965:Retry-After
2943:certificate
2810:Example 2:
2804:Example 1:
2797:redirection
2515:Content-MD5
2246:proxy cache
2101:Field name
2024:X-CSRFToken
2009:X-UIDH: ...
1804:Beta 11).
1802:Firefox 4.0
1741:Field name
1095:), and the
945:HTTP cookie
870:Content-MD5
480:Size limits
453:equals sign
434:Downgraded-
402:Field Names
380:Field names
45:Compression
40:Persistence
6339:Categories
6290:: HTTP/1.1
5970:August 26,
5871:January 3,
5412:"RFC 6266"
5247:"RFC 5789"
4855:October 8,
4441:January 7,
4134:"Comments"
4062:"RFC 6648"
3848:References
3384:Expect-CT
3323:allow-from
3319:sameorigin
3293:Permanent
3239:Permanent
3214:Permanent
3178:Permanent
3155:Permanent
3151:Tk: ?
3127:Permanent
3091:Permanent
3028:Set-Cookie
3014:Permanent
2988:Permanent
2951:Permanent
2919:Permanent
2900:Permanent
2875:Permanent
2857:Permanent
2818:Permanent
2776:Permanent
2751:Permanent
2726:Permanent
2676:Permanent
2646:Permanent
2635:Delta-Base
2621:Permanent
2596:Permanent
2567:Permanent
2501:Permanent
2476:Permanent
2447:Permanent
2422:Permanent
2385:Permanent
2360:Permanent
2346:Connection
2332:Permanent
2312:Permanent
2284:Permanent
2256:Permanent
2248:in seconds
2227:Permanent
2199:Permanent
2081:Sec-GPC: 1
2057:Save-Data
1687:Permanent
1662:Permanent
1632:Permanent
1616:User-Agent
1601:Permanent
1565:Permanent
1536:Permanent
1497:Permanent
1479: [
1462:Permanent
1433:Permanent
1408:Permanent
1383:Permanent
1323:Permanent
1298:Permanent
1273:Permanent
1248:Permanent
1215:Permanent
1186:Permanent
1119:Permanent
1074:Permanent
1047:Permanent
1019:Permanent
994:Permanent
950:Set-Cookie
926:Permanent
916:Media type
856:Permanent
827:Permanent
798:Permanent
777:Connection
763:Permanent
732:Permanent
671:Permanent
642:Permanent
588:Permanent
563:Permanent
531:Permanent
527:A-IM: feed
463:value for
388:(IETF) in
318:user-agent
6314:RFC
6307:RFC
6300:RFC
6293:RFC
6286:RFC
6279:RFC
6272:RFC
6265:RFC
6242:March 20,
6203:this edit
6188:March 20,
6146:this edit
6131:April 15,
6125:Microsoft
6047:"IE=edge"
6039:March 14,
5825:RFC
5785:April 17,
5664:April 28,
5642:August 2,
5531:April 17,
5427:March 13,
5321:April 19,
5230:March 12,
5221:"Sec-GPC"
5153:April 13,
5127:April 13,
5101:March 22,
5071:AngularJS
4834:April 23,
4720:March 24,
4218:March 13,
3837:HTTP ETag
3676:X-Version
3672:X-Runtime
3541:Report-To
3533:Report-To
3337:Obsolete
3264:Obsolete
2903:RFC 7240
2586:MIME type
2534:Obsolete
2121:Requests
2118:Accept-CH
2113:Standard
1910:Forwarded
1880:Forwarded
1847:Forwarded
1712:Obsolete
1238:HTTP ETag
1232:Allows a
1203:Allows a
1156:Obsolete
1033:Forwarded
889:Obsolete
515:Standard
347:line feed
345:(CR) and
179:302 Found
6304:: HTTP/3
6297:: HTTP/2
6084:"Pragme"
5964:Archived
5939:June 14,
5689:July 23,
5600:June 12,
5587:. IETF.
5361:. IETF.
5308:. IETF.
5263:42062521
5204:March 5,
5178:June 19,
4275:July 24,
4240:RFC 3229
4118:June 12,
3826:See also
3568:10886400
3508:redirect
3359:Example
3327:allowall
2795:Used in
2791:Location
2722:IM: feed
2107:Example
2070:Sec-GPC
1905:standard
1903:de facto
1872:standard
1870:de facto
1843:standard
1841:de facto
1747:Example
1550:Trailer
1522:trailers
1262:If-Range
1174:If-Match
1097:TCP port
953:(below).
700:(below).
509:Example
302:end-user
141:Location
5991:May 29,
5811:May 18,
5715:May 18,
5374:June 8,
5173:w3c.org
3788:Expires
3731:IE=edge
3504:refresh
3499:Refresh
3253:Warning
3202:Vary: *
3163:Upgrade
3114:chunked
3076:Trailer
2690:Expires
2298:Alt-Svc
2252:Age: 12
2110:Status
1912:header.
1882:header.
1849:header.
1701:Warning
1647:Upgrade
1588:chunked
1531:deflate
1516:chunked
1477:Referer
1397:Prefer
512:Status
365:HEADERS
298:headers
294:strings
108:CONNECT
73:OPTIONS
6201:As of
6144:As of
6033:WHATWG
5960:WHATWG
5807:. 2021
5779:GitHub
5759:May 1,
5737:May 1,
5711:. 2021
5527:. IETF
5261:
5016:SAP SE
4520:HTTP/2
4351:HTTP/2
3900:HTTP/2
3595:status
3587:Status
3299:
3270:
3245:
3220:
3184:
3133:
3097:
3048:
3020:
3003:Server
2995:
2957:
2925:
2881:
2864:Pragma
2824:
2782:
2757:
2732:
2707:
2682:
2652:
2627:
2602:
2573:
2540:
2520:Base64
2507:
2482:
2466:octets
2453:
2428:
2391:
2366:
2338:
2290:
2262:
2233:
2205:
2180:
2138:
1994:X-UIDH
1825:DNT: 0
1820:DNT: 1
1806:Safari
1718:
1693:
1668:
1638:
1607:
1571:
1542:
1503:
1468:
1439:
1414:
1389:
1370:Pragma
1362:
1337:Origin
1329:
1304:
1279:
1254:
1221:
1192:
1162:
1125:
1080:
1068:From:
1053:
1025:
1008:Expect
1000:
967:
940:Cookie
932:
895:
875:Base64
862:
846:octets
833:
804:
769:
738:
698:Origin
677:
648:
619:
594:
569:
545:Accept
537:
423:HTTP/2
400:. The
392:
357:HTTP/3
353:HTTP/2
339:string
306:logged
131:Cookie
98:DELETE
5705:"NEL"
5259:S2CID
4734:IETF
3678:, or
3452:false
3440:12345
3112:are:
2270:Allow
1586:are:
1520:Only
1485:]
1447:Range
696:with
503:Name
326:cache
113:PATCH
103:TRACE
50:HTTPS
6316:7240
6309:7239
6302:9114
6295:9113
6288:9112
6281:9111
6274:9110
6267:6265
6244:2022
6221:GFDL
6190:2022
6164:GFDL
6133:2015
6107:9111
6070:2010
6041:2021
6015:2012
5993:2021
5972:2016
5941:2012
5920:2010
5898:2024
5873:2015
5851:2018
5827:9110
5813:2021
5787:2021
5761:2021
5739:2021
5717:2021
5691:2021
5666:2017
5644:2014
5623:help
5602:2014
5570:9110
5533:2015
5511:W3C
5487:9110
5450:help
5429:2015
5397:help
5376:2017
5344:help
5323:2016
5291:help
5270:2014
5232:2023
5206:2021
5180:2024
5155:2018
5129:2018
5103:2022
5078:2015
5053:2015
5023:2015
4998:2014
4972:2014
4951:2014
4926:2018
4904:2012
4883:2012
4857:2014
4836:2012
4814:2010
4792:2014
4770:2009
4747:W3C
4722:2011
4701:2011
4666:2016
4640:9111
4600:7540
4563:2018
4538:9113
4501:9110
4464:help
4443:2016
4428:IETF
4409:7231
4369:9113
4317:9110
4277:2017
4220:2012
4194:9110
4157:9110
4120:2014
4098:help
4077:2012
4047:9110
4010:9110
3973:help
3952:2021
3937:IETF
3918:9113
3885:7230
3809:The
3610:The
3315:deny
3301:9110
3276:9111
3272:7234
3247:9110
3222:9110
3192:Vary
3186:9110
3135:9110
3099:9110
3050:6265
3022:9110
2997:9110
2959:7469
2927:9110
2883:9111
2826:9110
2784:5988
2765:Link
2759:9110
2734:3229
2709:9111
2684:9110
2661:ETag
2654:3229
2629:9110
2610:Date
2604:9110
2584:The
2575:9110
2550:4021
2546:1864
2542:1544
2509:9110
2484:9110
2455:9110
2430:9110
2401:6266
2397:4021
2393:2616
2368:9110
2340:9111
2292:9110
2264:9111
2235:9110
2207:5789
2182:7480
2140:8942
2026:and
1876:Host
1808:and
1775:Ajax
1724:9111
1720:7234
1695:9110
1670:9110
1640:9110
1620:The
1609:9110
1573:9110
1544:9110
1505:9110
1470:9110
1441:9110
1416:7240
1391:9111
1364:6454
1331:9110
1306:9110
1281:9110
1256:9110
1223:9110
1194:9110
1168:9113
1164:7540
1131:9113
1127:9110
1101:port
1088:Host
1082:9110
1061:From
1055:7239
1027:9110
1002:9110
979:Date
973:6265
969:2965
934:9110
914:The
905:4021
901:1864
897:1544
864:9110
835:9110
806:9110
771:9111
753:must
740:9110
679:9110
650:9110
621:7089
596:9110
571:9110
539:3229
520:A-IM
414:IANA
408:and
398:9111
396:and
394:9110
355:and
136:ETag
88:POST
83:HEAD
55:QUIC
22:HTTP
6104:RFC
6094:doi
5589:doi
5567:RFC
5557:doi
5484:RFC
5474:doi
5416:doi
5363:doi
5310:doi
5251:doi
4658:W3C
4637:RFC
4627:doi
4597:RFC
4587:doi
4535:RFC
4525:doi
4498:RFC
4488:doi
4432:doi
4406:RFC
4396:doi
4366:RFC
4356:doi
4314:RFC
4304:doi
4245:doi
4191:RFC
4181:doi
4154:RFC
4144:doi
4066:doi
4044:RFC
4034:doi
4007:RFC
3997:doi
3941:doi
3915:RFC
3905:doi
3882:RFC
3872:doi
3591:CGI
3476:1.0
3464:0.0
3413:NEL
3405:NEL
3297:RFC
3268:RFC
3243:RFC
3228:Via
3218:RFC
3182:RFC
3141:Tk
3131:RFC
3095:RFC
3046:RFC
3031:An
3018:RFC
2993:RFC
2955:RFC
2941:TLS
2923:RFC
2879:RFC
2839:P3P
2833:P3P
2822:RFC
2780:RFC
2755:RFC
2730:RFC
2705:RFC
2680:RFC
2650:RFC
2625:RFC
2600:RFC
2571:RFC
2538:RFC
2524:MD5
2505:RFC
2480:RFC
2451:RFC
2426:RFC
2389:RFC
2364:RFC
2336:RFC
2288:RFC
2260:RFC
2241:Age
2231:RFC
2203:RFC
2178:RFC
2136:RFC
1814:W3C
1810:IE9
1796:DNT
1716:RFC
1691:RFC
1676:Via
1666:RFC
1636:RFC
1605:RFC
1569:RFC
1540:RFC
1501:RFC
1482:sic
1466:RFC
1437:RFC
1412:RFC
1387:RFC
1360:RFC
1327:RFC
1302:RFC
1277:RFC
1252:RFC
1219:RFC
1190:RFC
1178:it.
1160:RFC
1123:RFC
1078:RFC
1051:RFC
1023:RFC
998:RFC
965:RFC
943:An
930:RFC
893:RFC
879:MD5
860:RFC
831:RFC
802:RFC
767:RFC
736:RFC
675:RFC
646:RFC
617:RFC
592:RFC
567:RFC
535:RFC
390:RFC
376:).
151:DNT
93:PUT
78:GET
6341::
6174:^
6123:.
6102:.
6086:.
6043:.
6031:.
5962:.
5958:.
5889:.
5842:.
5803:.
5777:.
5707:.
5682:.
5614::
5612:}}
5608:{{
5565:.
5549:.
5482:.
5466:.
5441::
5439:}}
5435:{{
5414:.
5388::
5386:}}
5382:{{
5335::
5333:}}
5329:{{
5282::
5280:}}
5276:{{
5257:.
5249:.
5223:.
5196:.
5171:.
5146:.
5119:.
5094:.
5069:.
5039:.
5014:.
4989:.
4942:.
4656:.
4635:.
4619:.
4608:^
4595:.
4579:.
4554:.
4533:.
4517:.
4496:.
4480:.
4455::
4453:}}
4449:{{
4430:.
4426:.
4404:.
4388:.
4377:^
4364:.
4348:.
4325:^
4312:.
4296:.
4285:^
4259:^
4243:.
4228:^
4189:.
4173:.
4152:.
4136:.
4089::
4087:}}
4083:{{
4064:.
4042:.
4026:.
4005:.
3989:.
3964::
3962:}}
3958:{{
3939:.
3935:.
3913:.
3880:.
3864:.
3674:,
3391:.
3274:,
2715:IM
2548:,
2544:,
2518:A
2399:,
2395:,
1900:A
1867:A
1838:A
1722:,
1557:.
1511:TE
1166:,
1129:,
986:).
971:,
903:,
899:,
873:A
469:en
465:de
430:X-
404:,
6246:.
6192:.
6135:.
6109:.
6096::
6072:.
6049:.
6017:.
5995:.
5974:.
5943:.
5922:.
5900:.
5875:.
5853:.
5815:.
5789:.
5763:.
5741:.
5719:.
5693:.
5668:.
5646:.
5625:)
5621:(
5604:.
5591::
5572:.
5559::
5535:.
5489:.
5476::
5452:)
5448:(
5431:.
5418::
5399:)
5395:(
5378:.
5365::
5346:)
5342:(
5325:.
5312::
5293:)
5289:(
5272:.
5253::
5234:.
5208:.
5182:.
5157:.
5131:.
5105:.
5080:.
5055:.
5025:.
5000:.
4974:.
4953:.
4928:.
4906:.
4885:.
4859:.
4838:.
4816:.
4794:.
4772:.
4724:.
4703:.
4682:.
4668:.
4642:.
4629::
4602:.
4589::
4565:.
4540:.
4527::
4503:.
4490::
4466:)
4462:(
4445:.
4434::
4411:.
4398::
4371:.
4358::
4319:.
4306::
4279:.
4253:.
4247::
4222:.
4196:.
4183::
4159:.
4146::
4122:.
4100:)
4096:(
4079:.
4068::
4049:.
4036::
4012:.
3999::
3975:)
3971:(
3954:.
3943::
3920:.
3907::
3887:.
3874::
3682:)
3580:}
3577::
3571:,
3565::
3559:,
3553::
3547:{
3544::
3512:0
3479:}
3473::
3467:,
3461::
3455:,
3449::
3443:,
3437::
3431:,
3425::
3419:{
3416::
3399:"
3083:.
2849:.
2414:.
1454:.
1240:.
819:.
724:.
663:.
634:.
555:.
461:q
449:q
374::
372:(
278:e
271:t
264:v
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.