2.7.1. HTTP Standards

2.7.1.1. Message format

2.7.1.1.1. Request message format

<method><request-URL><version>
<headers>

<entity-body>

2.7.1.1.2. Response message format

<version><status><reason-phrase>
<headers>

<entity-body>

2.7.1.1.3. Field Explanation

• method

  • HTTP verbs

  • Common methods：HEAD / GET / POST / PUT / DELETE / PATCH / OPTIONS / TRACE

  • Extension methods：LOCK / MKCOL / COPY / MOVE

• version

  • The HTTP version used by the message

  • The format is HTTP/<major>.<minor>

• url

  • <scheme>://<user>:<password>@<host>:<port>/<path>;<params>?<query>#<frag>

2.7.1.2. Request header list

• Accept

  • Specifies the type of content that the client can receive

  • Accept: text/plain, text/html

• Accept-Charset

  • The set of character encodings accepted by the browser

  • Accept-Charset: iso-8859-5

• Accept-Encoding

  • Specifies the content compression encoding type returned by the web server that the browser can support

  • Accept-Encoding: compress, gzip

• Accept-Language

  • Languages ​​accepted by the browser

  • Accept-Language: en,zh

• Accept-Ranges

  • One or more sub-scope fields of a web page entity can be requested

  • Accept-Ranges: bytes

• Authorization

  • Certificate of Authorization for HTTP Authorization

  • Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

• Cache-Control

  • Specifies the caching mechanism that requests and responses follow. Cache-Control: no-cache

• Connection

  • Indicates whether persistent connections are required // HTTP 1.1 defaults to persistent connections

  • Connection: close

• Cookie

  • When an HTTP request is sent, all cookie values ​​stored under the requested domain name will be sent to the web server together

  • Cookie: role=admin;ssid=1

• Content-Length

  • Requested content length

  • Content-Length: 348

• Content-Type

  • The requested MIME information corresponding to the entity

  • Content-Type: application/x-www-form-urlencoded

• Date

  • date and time the request was sent

  • Date: Tue, 15 Nov 2010 08:12:31 GMT

• Expect

  • Requested specific server behavior

  • Expect: 100-continue

• From

  • Email of the user who made the request

  • From: user@email.com

• Host

  • Specify the domain name and port number of the requested server

  • Host: www.github.com

• If-Match

  • Only valid if the request content matches the entity

  • If-Match: “737060cd8c284d8af7ad3082f209582d”

• If-Modified-Since

  • If the part of the request is modified after the specified time, the request is successful, and a 304 code is returned if it has not been modified

  • If-Modified-Since: Sat, 29 Oct 2018 19:43:31 GMT

• If-None-Match

  • If the content has not changed, return 304 code, the parameter is the Etag previously sent by the server, and compare it with the Etag returned by the server to determine whether it has changed.

  • If-None-Match: “737060cd8c284d8af7ad3082f209582d”

• If-Range

  • If the entity has not changed, the server sends the client’s missing part, otherwise it sends the entire entity. The parameter is also Etag

  • If-Range: “737060cd8c284d8af7ad3082f209582d”

• If-Unmodified-Since

  • The request succeeds only if the entity has not been modified after the specified time

  • If-Unmodified-Since: Sat, 29 Oct 2010 19:43:31 GMT

• Max-Forwards

  • Limit the time information travels through proxies and gateways

  • Max-Forwards: 10

• Pragma

  • Used to contain implementation-specific instructions

  • Pragma: no-cache

• Proxy-Authorization

  • Certificate of authority to connect to the broker

  • Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

• Range

  • Request only a part of the entity, specifying the scope

  • Range: bytes=500-999

• Referer

  • The address of the previous web page, followed by the current request web page, that is, the origin

  • Referer: http://www.zcmhi.com/archives/71.html

• TE

  • The transfer encoding that the client is willing to accept, and informs the server to accept the header information

  • TE: trailers,deflate;q=0.5

• Upgrade

  • Specify a transport protocol to the server for the server to convert (if supported)

  • Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11

• User-Agent

  • The content of User-Agent contains the information of the user who made the request

  • User-Agent: Mozilla/5.0 (Linux; X11)

• Via

  • Notify intermediate gateway or proxy server address, communication protocol

  • Via: 1.0 fred, 1.1 nowhere.com (Apache/1.1)

• Warning

  • Warning information about message entities

  • Warn: 199 Miscellaneous warning

2.7.1.3. Response header list

• Accept-Ranges

  • Indicates whether the server supports the specified range request and what type of segment request

  • Accept-Ranges: bytes

• Access-Control-Allow-Origin

  • Configure domains that have permission to access resources

  • Access-Control-Allow-Origin: <origin>|*

• Age

  • Estimated time from origin server to proxy cache formation (in seconds, non-negative)

  • Age: 12

• Allow

  • Valid request behavior for a network resource, if not allowed, return 405

  • Allow: GET, HEAD

• Cache-Control

  • Tell all caching mechanisms if they can be cached and which type

  • Cache-Control: no-cache

• Content-Encoding

  • The returned content compression encoding type supported by the web server.

  • Content-Encoding: gzip

• Content-Language

  • The language of the response body

  • Content-Language: en,zh

• Content-Length

  • the length of the response body

  • Content-Length: 348

• Content-Location

  • Requesting an alternate alternate address for the resource

  • Content-Location: /index.htm

• Content-MD5

  • Returns the MD5 checksum of the resource

  • Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ==

• Content-Range

  • the byte position of this part in the entire return body

  • Content-Range: bytes 21010-47021/47022

• Content-Type

  • Returns the MIME type of the content

  • Content-Type: text/html; charset=utf-8

• Date

  • The time the origin server message was sent

  • Date: Tue, 15 Nov 2010 08:12:31 GMT

• ETag

  • The current value of the entity tag of the request variable

  • ETag: “737060cd8c284d8af7ad3082f209582d”

• Expires

  • Date and time when the response expires

  • Expires: Thu, 01 Dec 2010 16:00:00 GMT

• Last-Modified

  • The last modification time of the requested resource

  • Last-Modified: Tue, 15 Nov 2010 12:45:26 GMT

• Location

  • Used to redirect the recipient to an unrequested URL to complete the request or identify a new resource

  • Location: http://www.zcmhi.com/archives/94.html

• Pragma

  • Includes implementation-specific directives that apply to any recipient in the response chain

  • Pragma: no-cache

• Proxy-Authenticate

  • It indicates the authentication scheme and parameters that can be applied to the proxy on this URL

  • Proxy-Authenticate: Basic

• Refresh

  • Applied to redirects or a new resource is created, redirects after 5 seconds (proposed by Netscape, supported by most browsers)

  • Refresh: 5; url=http://www.zcmhi.com/archives/94.html

• Retry-After

  • If the entity is temporarily unavailable, notify the client to try again after the specified time

  • Retry-After: 120

• Server

  • web server software name

  • Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)

• Set-Cookie

  • 设置Http Cookie Set-Cookie: UserID=JohnDoe; Max-Age=3600; Version=1

• Strict-Transport-Security

  • Set the browser to force HTTPS access

  • max-age: HTTPS requests are used to access the corresponding domain name within x seconds

  • includeSubDomains: The subdomains of the website also enable the rule

  • Strict-Transport-Security: max-age=1000; includeSubDomains

• Trailer

  • Indicates that the header field exists at the end of the chunked transfer encoding Trailer: Max-Forwards

• Transfer-Encoding

  • file transfer encoding

  • Transfer-Encoding:chunked

• Vary

  • Tell downstream proxies whether to use cached responses or request from origin servers

  • Vary: *

• Via

  • Tell the proxy where the client response is sent

  • Via: 1.0 fred, 1.1 nowhere.com (Apache/1.1)

• Warning

  • Warn entities of possible problems

  • Warning: 199 Miscellaneous warning

• WWW-Authenticate

  • Indicates the authorization scheme that the client requesting entity should use

  • WWW-Authenticate: Basic

• X-Content-Type-Options

  • Configure to disable MIME type sniffing

  • X-Content-Type-Options: nosniff

• X-Frame-Options

  • Configure whether the page can appear in <frame>, <iframe>, <embed>, <object> and other tags to prevent clickjacking

  • X-Frame-Options: deny

• X-XSS-Protection

  • Configuring XSS Protection Mechanisms

  • X-XSS-Protection: 1; mode=block

2.7.1.4. HTTP Status Return Code 1xx (Provisional Response)

A status code that represents a provisional response and requires the requester to proceed with the action.

Code	code	illustrate
100	continue	The server returns this code to indicate that the first part of the request has been received and is waiting for the rest
101	switch protocol	The requester has asked the server to switch protocols, the server has confirmed and is ready to switch

2.7.1.5. HTTP Status Return Code 2xx (Success)

Status code indicating that the request was successfully processed.

Code	code	illustrate
200	success	The server has successfully processed the request. Typically, this means that the server served the requested web page
201	created	The request was successful and the server created a new resource
202	accepted	The server has accepted the request but has not yet processed it
203	Unauthorized Information	The server has successfully processed the request, but the returned information may come from another source
204	no content	The server successfully processed the request but returned nothing
205	reset content	The server successfully processed the request but returned nothing
206	Part	The server successfully processed part of the GET request

2.7.1.6. HTTP Status Return Code 3xx (Redirect)

Indicates that further action is required to complete the request. Typically, these status codes are used for redirection.

Code	code	illustrate
300	multiple choices	In response to the request, the server can perform various operations. The server may select an action based on the requestor (user agent), or provide a list of actions for the requester to choose from.
301	Move permanently	The requested webpage has been permanently moved to a new location. When the server returns this response (to a GET or HEAD request), it automatically redirects the requester to the new location.
302	move temporarily	The server is currently responding to requests from pages in a different location, but the requester should continue to use the original location for future requests.
303	View other locations	The server returns this code when the requester should use separate GET requests for different locations to retrieve the response.
304	unmodified	The requested page has not been modified since the last request. When the server returns this response, no web page content is returned.
305	use a proxy	The requester can only use the proxy to access the requested web page. If the server returns this response, it also indicates that the requester should use a proxy.
307	Temporary redirect	The server is currently responding to requests from pages in a different location, but the requester should continue to use the original location for future requests.

2.7.1.7. HTTP Status Return Code 4xx (Request Error)

These status codes indicate that the request may have gone wrong, preventing the server from processing it.

Code	code	illustrate
400	bad request	The server does not understand the syntax of the request.
401	unauthorized	The request requires authentication. The server may return this response for web pages that require login.
403	prohibit	The server rejected the request.
404	not found	The server cannot find the requested web page.
405	method disabled	Disable the method specified in the request.
406	do not accept	The requested web page could not be responded to with the requested content attributes.
407	Proxy authorization required	This status code is similar to 401 (Unauthorized), but specifies that the requester should be authorized to use the proxy.
408	Request timed out	A timeout occurred while the server was waiting for the request.
409	conflict	The server has a conflict while completing the request. The server MUST include information about the conflict in the response.
410	deleted	The server returns this response if the requested resource has been permanently deleted.
411	valid length required	The server does not accept requests without a payload-length header field.
412	Preconditions not met	The server did not meet one of the preconditions set by the requester in the request.
413	The request entity is too large	The server was unable to process the request because the request entity was too large for the server to handle.
414	The requested URI is too long	The requested URI (usually a URL) is too long for the server to process.
415	Unsupported media type	The requested format is not supported by the requested page.
416	The requested scope does not meet the requirements	The server returns this status code if the page cannot provide the requested scope.
417	Expectations not met	The server did not meet the requirements for the “expected” request header field.

2.7.1.8. HTTP Status Return Code 5xx (Server Error)

These status codes indicate that the server encountered an internal error while trying to process the request. These errors may be errors of the server itself, not the request.

Code	code	illustrate
500	Internal server error	The server encountered an error and could not complete the request.
501	Not yet implemented	The server does not have the capability to fulfill the request. This code may be returned, for example, when the server does not recognize the request method.
502	bad gateway	The server, acting as a gateway or proxy, received an invalid response from an upstream server.
503	service is not available	The server is currently unavailable (due to overloading or downtime for maintenance). Usually, this is only a temporary state.
504	Gateway timed out	The server acts as a gateway or proxy, but does not receive a request from the upstream server in a timely manner.
505	HTTP version not supported	The server does not support the HTTP protocol version used in the request.