HTTP 消息头允许客户端和服务器通过 request和 response传递附加信息。一个请求头由不区分大小写的名称后跟一个冒号“:”,然后跟然后值(不带换行符)组成。该值前面的引导空白会被忽略。
HTTP 消息头用来准确描述正在获取的资源、服务器或者客户端的行为。 自定义专用消息头可通过'X-' 前缀来添加; 其他的消息头在 IANA 注册表 中列出, 其原始内容在 RFC 4229中定义. IANA 同时还维护了被提议的新HTTP 消息头注册表.
以下列清单概括了消息头及其用途:
| 消息头 |
描述 |
更多信息 |
标准 |
Accept |
用户代理期望的MIME 类型列表 |
HTTP Content Negotiation |
HTTP/1.1 |
Accept-CH
|
列出配置数据,服务器可据此来选择适当的响应。 |
HTTP Client Hints |
|
Accept-Charset |
列出用户代理支持的字符集。 |
HTTP Content Negotiation |
HTTP/1.1 |
Accept-Features |
|
HTTP Content Negotiation |
RFC 2295, §8.2 |
Accept-Encoding |
列出用户代支持的压缩方法。 |
HTTP Content Negotiation |
HTTP/1.1 |
Accept-Language |
列出用户代理期望的页面语言。 |
HTTP Content Negotiation |
HTTP/1.1 |
Accept-Ranges |
|
|
|
Access-Control-Allow-Credentials |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Allow-Origin |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Allow-Methods |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Allow-Headers |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Max-Age |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Expose-Headers |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Request-Method |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Access-Control-Request-Headers |
|
HTTP Access Control and Server Side Access Control |
W3C Cross-Origin Resource Sharing |
Age |
|
|
|
Allow |
|
|
|
Alternates |
|
HTTP Content Negotiation |
RFC 2295, §8.3 |
Authorization |
|
|
|
Cache-Control |
|
HTTP Caching FAQ |
|
Connection |
|
|
|
Content-Encoding |
|
|
|
Content-Language |
|
|
|
Content-Length |
|
|
|
Content-Location |
|
|
|
Content-MD5 |
|
未实现 (查看 bug 232030) |
|
Content-Range |
|
|
|
Content-Security-Policy |
控制用户代理在一个页面上可以加载使用的资源。 |
CSP (Content Security Policy) |
W3C Content Security Policy |
Content-Type |
指示服务器文档的MIME 类型。帮助用户代理(浏览器)去处理接收到的数据。 |
|
|
Cookie |
|
|
RFC 2109 |
DNT |
设置该值为1, 表明用户明确退出任何形式的网上跟踪。 |
Supported by Firefox 4, Firefox 5 for mobile, IE9, and a few major companies. |
Tracking Preference Expression (DNT) |
Date |
|
|
|
ETag |
|
HTTP Caching FAQ |
|
Expect |
|
|
|
Expires |
|
HTTP Caching FAQ |
|
From |
|
|
|
Host |
|
|
|
If-Match |
|
|
|
If-Modified-Since |
|
HTTP Caching FAQ |
|
If-None-Match |
|
HTTP Caching FAQ |
|
If-Range |
|
|
|
If-Unmodified-Since |
|
|
|
Last-Event-ID |
给出服务器在先前HTTP连接上接收的最后事件的ID。用于同步文本/事件流。 |
Server-Sent Events |
Server-Sent Events spec |
Last-Modified |
|
HTTP Caching FAQ |
|
Link |
等同于HTML标签中的"link",但它是在HTTP层上,给出一个与获取的资源相关的URL以及关系的种类。
|
For the rel=prefetch case, see Link Prefetching FAQ
|
Introduced in HTTP 1.1's RFC 2068, section 19.6.2.4, it was removed in the final HTTP 1.1 spec, then reintroduced, with some extensions, in RFC 5988
|
Location |
|
|
|
Max-Forwards |
|
|
|
Negotiate |
|
HTTP Content Negotiation |
RFC 2295, §8.4 |
Origin |
|
HTTP Access Control and Server Side Access Control |
More recently defined in the Fetch spec (see Fetch API.) Originally defined in W3C Cross-Origin Resource Sharing |
Pragma |
|
for the pragma: nocache value see HTTP Caching FAQ |
|
Proxy-Authenticate |
|
|
|
Proxy-Authorization |
|
|
|
Range |
|
|
|
Referer |
(请注意,在HTTP / 0.9规范中引入的正交错误必须在协议的后续版本中保留)
|
|
|
Retry-After |
|
|
|
Sec-Websocket-Extensions |
|
|
Websockets |
Sec-Websocket-Key |
|
|
Websockets |
Sec-Websocket-Origin |
|
|
Websockets |
Sec-Websocket-Protocol |
|
|
Websockets |
Sec-Websocket-Version |
|
|
Websockets |
Server |
|
|
|
Set-Cookie |
|
|
RFC 2109 |
Set-Cookie2 |
|
|
RFC 2965 |
Strict-Transport-Security |
|
HTTP Strict Transport Security |
IETF reference |
TCN |
|
HTTP Content Negotiation |
RFC 2295, §8.5 |
TE |
|
|
|
Trailer |
列出将在消息正文之后在尾部块中传输的头。这允许服务器计算一些值,如Content-MD5:在传输数据时。请注意,Trailer:标头不得列出Content-Length :, Trailer:或Transfer-Encoding:headers。
|
|
RFC 2616, §14.40 |
Transfer-Encoding |
|
|
|
Upgrade |
|
|
|
User-Agent |
|
for Gecko's user agents see the User Agents Reference |
|
Variant-Vary |
|
HTTP Content Negotiation |
RFC 2295, §8.6 |
Vary |
列出了用作Web服务器选择特定内容的条件的标头。此服务器对于高效和正确缓存发送的资源很重要。
|
HTTP Content Negotiation & HTTP Caching FAQ |
|
Via |
|
|
|
Warning |
|
|
|
WWW-Authenticate |
|
|
|
X-Content-Duration |
|
Configuring servers for Ogg media |
|
X-Content-Security-Policy |
|
Using Content Security Policy |
|
X-DNSPrefetch-Control |
|
Controlling DNS prefetching |
|
X-Frame-Options |
|
The XFrame-Option Response Header |
|
X-Requested-With |
通常在值为“XMLHttpRequest”时使用
|
|
Not standard |
Notes
Note: The Keep-Alive request header is not sent by Gecko 5.0; previous versions did send it but it was not formatted correctly, so the decision was made to remove it for the time being. The Connection or Proxy-Connection header is still sent, however, with the value "keep-alive".
See also
Wikipedia page on List of HTTP headers
文档标签和贡献者