📜  HTTP 标头

📅  最后修改于: 2022-05-13 01:56:28.841000             🧑  作者: Mango

HTTP 标头

HTTP 标头用于通过请求响应标头在客户端和服务器之间传递附加信息。所有标题都不区分大小写,标题字段用冒号分隔,键值对采用明文字符串格式。由空字段标题表示的标题部分的结尾。有一些标题字段可以包含注释。并且一些标头可以包含由等号分隔的 quality(q) 键值对。

上下文有四种标头:

  • 通用标头:这种类型的标头应用于请求和响应标头,但不影响数据库正文。
  • 请求标头:这种类型的标头包含有关客户端获取的请求的信息。
  • 响应标头:这种类型的标头包含客户端已请求的源的位置。
  • 实体标头:这种类型的标头包含有关资源主体的信息,例如 MIME 类型、内容长度。

标头也可以根据代理如何处理它们进行分类:

  • 联系
  • 活着
  • 代理验证
  • 代理授权
  • TE
  • 预告片
  • 传输编码
  • 验证
HeaderDescription
AuthorizationIt is used to request restricted documents.
Proxy-AuthenticateIt is a response header gives access to a resource file by defining an authorization method. It allows the proxy server to transmit the request further by authenticating it.
Proxy-AuthorizationIt is a request type of header. This header contains the credentials to authenticate between the user agent and the user-specified server.
WWW-AuthenticateIt is a response header that defines the authentication method. It should be used to gain access to a resource.
  • 缓存
HeaderDescription
AgeIt is a response header. It defines the times in seconds of the object that have been in the proxy cache.
Cache-ControlIt is a general type header used to specify directives for caching mechanisms.
Clear-Site-DataIt is a response-type header. This header is used in deleting the browsing data which is in the requesting website.
ExpiresIt is a response-type header, it is used to define date/time after after that time that will be vanished.
PragmaIt is general-type header, but response behavior is not specified and thus implementation-specific.
WarningsIt is a general type header that is used to inform possible problems to the client.
  • 客户提示
HeaderDescription
Accept-CHIt is a response-type header. It specify which Client Hints headers client should include in subsequent requests.
Accept-CH-LifetimeIt is a response-type header used to specify persistence of Accept-CH header value.
Content-DPRIt is a response-type header. It is used to define the ratio between physical pixels over CSS pixels of the selected image response.
DPRIt is response-type header, It is used to defines the ratio of the physical pixels over the CSS pixels of the current window of the device.
Device-MemoryIt is used to specify the approximate ram left on the client device.
Early-DataIt is a request-type header. This header is used indicate that the request has been conveyed in early data.
Save-DataIt is used to reduce the usage of the data on the client side.
Viewport-WidthIt is used to indicates the layout viewport width in CSS pixels.
WidthIt is a request-type header. This header is used indicates the desired resource width in physical pixels.
  • 条件句
HeaderDescription
Last-ModifiedThe last modified response header is a header sent by the server specifying the date of the last modification of the requested source. This is the formal definition of Last-Modified of HTTP headers
ETagIt is a response-type header used as an identifier for a specific version of a resource.
If-MatchIt is a request-type header. It is used to make the request conditional.
If-None-MatchIt is a request-type header. Generally, it is used to update the entity tags on the server. Firstly, the Client provides the Server with a set of entity tags (E-tags).
If-Modified-SinceIt is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been modified after the specified date.
If-Unmodified-SinceIt is a request-type header. This header is used make the request conditional plus expects the entity to be transmitted, if it has been unmodified after the specified date.
VaryIt is response-type header. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.
  • 连接管理
HeaderDescription
ConnectionIt is a general type header that allows the sender or client to specify options that are desired for that particular connection.
Keep-AliveIt is a general-type header used to inform that how long a persistent connection should stay open.
  • 内容协商
HeaderDescription
AcceptIt is a request type header. The Accept header is used to inform the server by the client that which content type is understandable by the client expressed as MIME-types.
Accept-charsetIt is a request type header. This header is used to indicate what character set are acceptable for the response from the server.
Accept-EncodingIt is a response-type header. It is usually a comparison algorithm of request header. All the HTTP client used to tell the server which encoding or encoding it supports.
Accept-LanguageIt is a request-type header that tells the server about all the languages that the client can understand.
  • 控件
HeaderDescription
ExpectIt is a request type header. It is used to indicate specific behaviors or expectations that the server needs to fulfill in order to respond to the client. Generally, Expect: 100-continue is the only expectation defined for the header field.
  • 饼干
HeaderDescription
CookieIt is a request type header. A cookie used in the requests sent by the user to the server.
Set-CookieIt is a response header and used to send cookies from the server to the user agent. So the user agent can send them back to the server later so the server can detect the user.
Cookie2It is a request type header. A cookie2 used in the requests sent by the user to the server.
Set-Cookie2It is response type header and it is obsoleted. It is a provider of the mechanism to serve and retrieve state information from the client to the server.
  • CORS
HeaderDescription
Access-Control-Allow-OriginIt is a response header that is used to indicates whether the response can be shared with requesting code from the given origin.
Access-Control-Allow-CredentialsIt is a Response header. The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”.
Access-Control-Allow-HeadersIt is a response header that is used to expose the headers that have been mentioned in it. By default 6 response headers are already exposed which are known as CORS-safelisted response headers.
Access-Control-Allow-MethodsIt is a response-type header that specifies the method or methods allowed when accessing the resource.
Access-Control-Expose-HeadersIt is a response-type header that indicates which headers can be exposed.
Access-Control-Max-AgeIt is a response header that gives the time for which results of a CORS preflight request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers, can be cached.
Access-Control-Request-HeadersIt is a request type header, it lets the server know which HTTP headers will be used when the actual request is made.
Access-Control-Request-MethodIt is a request type header, it lets the server know which HTTP method will be used when the actual request is made.
OriginIt is a response HTTP header that indicates the security contexts that initiates an HTTP request without indicating the path information.
Timing-Allow-OriginIt is a response type header. It specify origins that are allowed to see values of attributes retrieved via features of the Resource Timing API.
  • 不跟踪
HeaderDescription
DNTIt is a request type header. It lets users indicate whether they would prefer privacy rather than personalized content.
TKIt is a response type header, it indicates the tracking status.
  • 下载
HeaderDescription
Content-DispositionIt is a response type header for the body. It lets users indicate resource transmitted should be displayed inline or should be download and present a “Save As” dialog.
  • 消息体信息
HeaderDescription
Content-LengthIt is a response type header. It is used to indicate the size of entity-body in decimal no of octets i.e. bytes and sent it to the recipient. It is a forbidden header name.
Content-TypeIt is a entity type header. It is used to indicate the media type of the resource. The media type is a string sent along with the file indicating the format of the file.
Content-EncodingIt is a response type header. It is used to compress the media type. It informers the server which encoding the user will supported.
Content-LanguageIt is an entity type header. It is used to define, which language speaker document is intended to. It doesn’t define the language of the document.
Content-LocationIt is an entity type header that gives another location for the data that is returned and also tells how to access the resource by indicating the direct URL.
  • 代理
HeaderDescription
ForwardedIt is a request-type header. It is used to store client-facing side of proxy servers that is lost when a proxy is involved in the path of the request.
X-Forwarded-ForIt is a request type header and is an alternative and de-facto standard version of the Forwarded header which is used when a client connects to a web server through an HTTP proxy or load balancer for identifying the original IP address.
X-Forwarded-HostIt is a request-type header. It is used to identify the original host requested by the client in the Host HTTP request header.
X-Forwarded-ProtoIt is an request-type header. It is used to identifying the protocol that the client used to connect with a proxy or load balancer. It can be HTTP or HTTPS.
ViaIt is an general-type header that is used to inform the server of proxies through which the request was sent.
  • 重定向
HeaderDescription
LocationIt is a response header that is used under 2 circumstances to ask a browser to redirect a URL (status code 3xx) or provide information about the location of a newly created resource (status code of 201).
  • 请求上下文
HeaderDescription
FromIt is a request-type header that is used to contains an Internet email address for a human user who controls the requesting user agent.
HostIt is a request-type header. It is use to represent the domain name of the server. It may also represent the Transmission Control Protocol (TCP) port number which the server uses.
ReferrerIt is a request type header. This is use to hold the previous page link where this new page come, that the back button of the browsers can work.
Referrer-PolicyIt is a response type header. It is used to define how much referrer information should be included with the requests.
User-AgentIt is a request header that allows a characteristic string that allows network protocol peers to identify the Operating System and Browser of the web-server.
  • 范围请求
HeaderDescription
Accept-RangesIt is the response-type header also the part of the ranges system. This header act as a marker that is used by the server to supports the partial request of the clients.
RangeIt is request-type header that is used to get part of a document from the server. If the server returns the part of the document, it uses the 206 (Partial Content) status code.
If-RangeIt is a request type header. This is use to make a range request conditional.
Content-RangeIt is a response header that indicates where a partial message belongs in a full body massage.
  • 安全
HeaderDescription
Cross-Origin-Resource-PolicyIt is the response-type header and inform the client that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
Content-Security-PolicyIt is response-type header that is used to allows web site administrators to control resources.
Content-Security-Policy-Report-OnlyIt is a response header that allows the web developers to test the policies by keeping an eye on their effects.
Expect-CTIt is is a response header that prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed.
Feature-PolicyIt is a response type header that is used to allow or deny the use of features on it’s own frame.
Public-Key-PinsIt is a response header. It is associates a specific cryptographic public key with a certain web server.
Public-Key-Pins-Report-OnlyIt is a response type header. It is used to report to the report-uri.
Strict-Transport-SecurityIt is a response type header. That is a web security policy mechanism that helps protect websites from malicious activities and informs user agents and web browsers how to handle its connection through a response header.
Upgrade-Insecure-RequestsIt is a request type header. It sends a signal to the server expressing the client’s preference for an encrypted and authenticated response
X-Content-Type-OptionsIt is a response type header. It acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server.
X-Frame-OptionsIt is a response header. It is used to prevent the site from click jacking attacks. It defines whether or not a browser should be allowed to render a page in a ,