The article directories

  • 1. The HTTP is introduced
  • 2. HTTP 1.0 and HTTP 1.1
    • The HTTP 1.0 2.1
    • The HTTP 1.1 2.2
  • 3. HTTP message
  • 4. HTTP request message
    • 4.1 HTTP Request Line
      • 1. GET request mode
      • 2. POST request mode
  • 5. Test the GET request mode
  • 6. Test the POST request mode
  • 7. HTTP request headers
    • 1. Accept
    • 2. Accept-Charset
    • 3. Accept-Encoding
    • 4. Accept-Language
    • 5. Authorization(授权)与Proxy-Authorization
    • 6. Host
    • 7. If-Match
    • 8. If-Modified-Since
    • 9. The Range and the If – Range
    • 10. Max-Forward
    • 11. Referer
    • 12. User-Agent
  • 8. HTTP response message
    • 1. HTTP response status line
    • 2. HTTP response headers
      • 1. Accept-Range
      • 2. Age
      • 3. Etag
      • 4. Location
      • 5. Retry-After
      • 6. Server
      • 7. Vary
      • 8. WWW – Authenticate and Proxy – Authenticate
      • 9. Refresh
      • 10. Content-Disposition
    • 3. Other HTTP header fields
      • 1. Generic header fields
        • 1. Cache-Control
        • 2. Connection
        • 3. Data
        • 4. Pragma
        • 5. Transfer-Encoding
        • 6. Trailer
        • 7. Upgrade
        • 8. Via
        • 9. Warning
      • 2. Entity header field
        • 1. Allow
        • 2. Content-Language
        • 3. Content-Length
        • 4. Content-Location
        • 5. Content-Range
        • 6. Content-MD5
        • 7. Content-Type

1. The HTTP is introduced

  • HTTP isHyper Text Transfer ProtocolShort for Hypertext Transfer Protocol. It is a request/response protocol. After the client establishes a connection with the server, it can send a request to the server. This request is called AN HTTP request.

  • Figure 3-1 shows the communication process between the client and server using HTTP. The features of HTTP are summarized as follows.

    (1) Support client (browser is a Web client)/ server mode.

    (2) Simple and fast: when the client requests service to the server, it only needs to transmit the request mode and path. The commonly used request methods include GET and POST, which specify different types of contact between the client and the server. Because HTTP is simple, the HTTP server program size is small, so the communication speed is very fast.

    (3) Flexibility :HTTP allows the transfer of any type of data, the type of data being transferred byContent-TypeMark it.

    (4) Stateless :HTTP is stateless protocol. Stateless means that the protocol has no memory for transaction processing. If previous information is required for subsequent processing, it must be retransmitted, which may result in an increase in the amount of data transmitted per connection.

2. HTTP 1.0 and HTTP 1.1

  • HTTP has undergone many versions since its birth. Among them, the earliest version is HTTP 0.9, which was proposed in 1990. Later, to further improve HTTP, version 1.0 was proposed in 1996 and version 1.1 in 1997. Since HTTP 0.9 is out of date, we won’t cover it here. Next, I’ll cover HTTP 1.0 and HTTP 1.1 in detail.

The HTTP 1.0 2.1

  • An HTTP1.0-based client interacts with a server through four steps: establishing a connection, sending request information, sending response information, and closing the connection. Figure 3-2 shows the interaction process.

  • As shown in Figure 3-2, the client can process only one HTTP request at a time after establishing a connection with the server. For a content-rich web page, this approach is obviously flawed. For example, the following HTML code:
<html>
	<body>
		<img src="/image01.jpg">
		<img src="/image02.jpg">
		<img src="/image03.jpg">
	</body>
</html>
Copy the code
  • The HTML document above contains three<img>Mark, due to<img>Of the tagsrcProperty indicates that the image isURLAddress, so when the client accesses these images, it needs to send three more requests, and each request needs to re-establish a connection with the server. This will inevitably lead to time-consuming interaction between the client and the server, affecting the speed of web access.

The HTTP 1.1 2.2

  • To overcome HTTP 1.0, version 1.1 supports persistent connections, which means that multiple HTTP requests and responses can be sent over a SINGLE TCP connection, reducing the cost and latency of establishing and closing connections. Figure 3-3 shows the interaction between the CLIENT and server based on HTTP 1.1.

  • As shown in Figure 3-3, after the connection between the client and the server is established, the client can send multiple requests to the server without waiting for the result of the last request before sending the next request. However, the server must return the response results in the order in which it received the client’s requests to ensure that the client can distinguish the contents of each request. Therefore,HTTP 1.1 not only inherits the advantages of HTTP 1.0, but also effectively solves HTTP 1.0’s performance problems, significantly reducing the time required for browser to server interaction.

3. HTTP message

  • When a user accesses something in a browserURLAddress, click on a hyperlink on the page or submit on the pageformForm, the browser sends request data to the server, i.eHTTP request message. After receiving the requested data, the server sends the processed data back to the client, i.eHTTP response message.HTTP request messages and HTTP response messages are collectively called HTTP messages.
  • In HTTP messages, except on the server sideResponding to physical content (HTML web pages, images, etc.)In addition, other information is not visible to users, to observe these “hidden” information, need to use some network viewing tools, such as: F12.

(1) Enter a value in the address box of the browserwww.baidu.comVisit baidu home page, and you can see the requested URL address in F12, as shown in the figure.



(2) Click on the left of the URLNameIn the expanded Default Headers TAB, you can see the formatted response header and request header information. Click “Original Header information” on the left of the request header information column to view the original request header information, as shown below.

  • In the above request message, the first line is the request line, followed by the request header message, and the blank line represents the end of the request header.

(3) Click “Original Header” on the left of the column of response header information, and you can see the original response header information, as follows:

  • In the response message above, the first line is the response status line, followed by the response header, and the blank line represents the end of the response header.

4. HTTP request message

  • In HTTP, a complete request message is composed of three parts: the request line, the request header, and the entity content, each of which has a different role. This section covers each component of an HTTP request message in detail.

4.1 HTTP Request Line

  • The HTTP request line is located in the first line of the request message. It contains three parts, namely the request method, the resource path name, and the HTTP version used, as shown in the following example:
GET/index. HTTP / 1.1 HTMLCopy the code
  • The example above is an HTTP request line where,GETIs the request mode,index.htmlIs the request source path,HTTP / 1.1Is the protocol version used for communication. Note that each part of the request line needs to be usedThe blank spaceSeparation, and finally toenterEnd of line feed.
  • About the request resources and protocol version, readers are relatively easy to understand, while HTTP request method is relatively unfamiliar to readers, the next HTTP request method for specific analysis.
  • In the HTTP request message, the request mode hasGET,POST, HEAD, OPTIONS, DELETE,TRACE, PUT, and CONNECTThere are eight ways, each of which specifies the operation server specifiedURITable 3-1 describes the resource modes.

  • Table 3-1 lists eight HTTP request methods, of which the most common isGETandPOSTNext, the two request modes are explained in detail, as shown below.

1. GET request mode

  • When the user directly enters a certain type in the browser address barURLAddress or when you click a hyperlink on a web page, the browser will useGETMode to send a request. If the web pageformThe form ofmethodProperty set to”GET“Or notmethodProperty (the default isGET), the browser will also use it when the user submits the formGETMode to send a request.
  • If requested by the browserURLHas the parameter section, which is appended to the resource path in the request line in the browser-generated request message. Let’s start with oneURLAddress, as follows:
http://wwrw.xdr630.com/javaForm?username=xdr630&password=123456
Copy the code
  • In the aboveURLIn the”?“Is followed by parameter information. Parameter is byParameter namesandThe parameter valueWith an equal sign (=) to connect. Note that if there are multiple parameters in the URL address, use”&“Space.
  • When the browser sends a request message to the serverURLThe parameter section in theURIAt the end of z-source, as shown below,
GET /javaForm? The username = xdr630 & password = 123456 HTTP / 1.1Copy the code
  • Note that the use ofGETMode transmits a limited amount of data1KB.

2. POST request mode

  • If the web pageformThe form ofmethodProperty set to”POST“Is used by the browser when the user submits the formPOSTSubmit the form content with the form elements and data asThe physical content of an HTTP messageSend to the server, not asURIAddress parameter passing. Also, in usePOSTTo pass data to the server,Content-TypeThe message header is automatically set to"Application/x - WWW - form - urlencoded“,Content-LengthThe header is automatically set to the length of the entity content as shown in the following example:
POST /javaForm HTTP/1.1
Host: www.xdr630.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 17

username=xdr630&password=123456
Copy the code
  • For the use ofPOSTThe server – side program will use and obtain the request informationURIGet the data for each field of the form in the same way as the following parameters.
  • It is important to note that in real development, this is usually usedPOSTThere are two main reasons for sending a request.
  1. POSTThe data size is unlimited

    Due to theGETThe request mode passes data through request parameters, so it can be passed at most1KBThe data. whilePOSTThe request mode is throughEntity content that transfers data, so there is no limit to the size of data that can be passed
  2. POSTthanGETRequests are more secure

    Due to theGETThe parameter information of the request mode will be thereURLThe address bar is displayed in clear text, whilePOSTParameters passed in request modeHidden in physical content, the user can’t see, therefore,POSTGETRequests are more secure.

5. Test the GET request mode

(1) Create an HTML file, get.html, as follows:

GET.html

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<form action="" method="get">User name:<input type="text" name="username" style="width: 150px"><br>Password:<input type="text" name="password" style="width: 150px"><br>
    <input type="submit" value="Submit">
</form>
</body>
</html>
Copy the code

  • After submission: The URL address in the address bar is changed and parameter information is added to the original URL address

  • Viewing the displayed request header information, it is found that the parameter information is attached after the URL request resource in the request line, as shown in the figure

  • While in Query String Parameters



6. Test the POST request mode

POST.html

<! DOCTYPEhtml>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<form action="" method="post">User name:<input type="text" name="username" style="width: 150px"><br>Password:<input type="text" name="password" style="width: 150px"><br>
    <input type="submit" value="Submit">
</form>
</body>
</html>
Copy the code

  • The URL address bar does not change after the submission. F12 Viewing found that the requested parameters were encrypted

  • F12 Found two more request headers in the request message

  • Of the two newly added headers,Content-TypeRepresents the data format of the entity content,Content-LengthRepresents the content length of the entity.
  • F12 shows that Form Data is the submitted Form information, that is, the physical content of the HTTP request message, that is, in POST request mode, the content of the Form will act asSolid contentSubmit to the server.



7. HTTP request headers

  • In the HTTP request message,The request line is followed by several request headers. The request header is used primarily to the server sidePassing additional messagesFor example, the client can receiveData type, compression method, language, and the URL of the page to which the hyperlink sending the request belongs, specific examples are as follows:

  • As you can see from the request header above, each request header consists of a header field name and a value separated by a colon (:) and Spaces(a)Delimited, each request header is terminated by a carriage return newline character. It is important to note that header field names are not case sensitive, but will traditionally be wordsCapitalize the first letter.
  • When the browser sends a request to the server, the request headers are different depending on the functional requirements. Next, we’ll explain some commonly used request header fields in detail.

1. Accept

  • The Accept header field is used to indicate what the client program (usually the browser) can handleMIME(Multi-purpose Internet Mail Extensions)Type. For example if browser kimono

    Server simultaneous supportpngType of picture, then the browser can send containsimage/pngThe server checks that the Accept header containsimage/pngThis kind ofMIMEType, possibly in a web pageimgElement.pngType of file.MIMEThere are many types. For example, the following MIME types can be used as values for the Accept header field.

2. Accept-Charset

  • The accept-charset header field is used to inform the server of the character set used by the client. The following is an example:
Accept-Charset: ISO-8859-1
Copy the code
  • In the request header above, indicate that the client server usesISO-8859-1Character set. If you want to specify more than one character set, you can specify it in theAccept-CharsetThe specified character sets are separated by commas in the following example:
Accept-Charset: ISO-8859-1,unicode-1-1
Copy the code
  • It’s important to note that ifAccept-CharsetThe header field does not appear in the request header,Indicates that the client can accept data using any character set.
  • If the accept-Charset header appears in the request message, but the server cannot send the document in the character set encoding that the client expects, the server will send one406Error status response,406Is a response status code that indicates the character set used by the server to return contentAccept-CharsetThe value specified by the header field is incompatible. More about status codes will be explained in a later section.

3. Accept-Encoding

  • The accept-Encoding header field is used to specify the data Encoding that the client can decode, which usually means some kind of compression. In the accept-encoding header field, more than one data Encoding can be specified, separated by commas, as shown in the following example:
Accept-Encoding: gzip,compress
Copy the code
  • In the header field above,gzipandcompressThese two formats are the most common data encoding methods. Compression and encoding of large physical content before transmission can save network bandwidth and transmission time. The server receives the request header, compresses and encodes the original document content in one of the specified formats, and then sends it to the client as the physical content of the response message, and in theContent-EncodingThe response header indicates the compressed encoding format used for the entity content. After the browser receives such physical content, it needs to reverse decompress it.
  • It’s important to note that,Accept-EncodingAcceptDifferent headers,AcceptSpecified by the request headerMIMEType refers to the entity content type after decompression,Accept-EncodingThe header specifies how the content of the entity is compressed.

4. Accept-Language

  • The accept-language header field is used to specify which country the client expects the server to return the document in. Its value can specify multiple countries’ languages, separated by commas, as shown in the following example:
Accept-Language: zh-CN,en-us
Copy the code
  • In the example above,zh-cnStands for Chinese (China),en-usFor English (USA), these values do not need to be memorized.
  • Note that the browser generates the accept-Language header based on the order in which the languages are listed in the Language Preferences dialog box.
  • The server only needs to check the information in the Accept-language request header and choose to return the web document of the previous country Language according to the order of the country Language set in it. If it cannot return, it will return the web document of the following country Language successively.

5. Authorization(授权)与Proxy-Authorization

  • When a client accesses a password-protected Web page, the Web server sends a 401 response status code andWWW-AuthenticateThe response header is required to be used by the clientAuthorizationRequest headers to answer. According to theWWW-AuthenticateThe response header specifies different authentication modes.AuthorizationThe content in the request header is also formatted differently.WWW-AuthenticateThe response header specifies two authentication modes:BASICDIGEST. forBASICIn authentication mode, the client needs to separate the user name and password with colons (:) and passBase64It is encoded and sent to the Web server.
  • For example, change the user name toAnnAnd the password for666888User information”Ann:666888Base64Code, formedAuthorizationThe request header fields are as follows:
Authorization: Basic Qw5uOjY2Njg4OA==
Copy the code
  • However, usingBase64The encoded data can be easily decoded, effectively an unencrypted plaintext transmission that can be easily deciphered by a computer equipped with a network monitoring tool.
  • If you are usingDIGESTIn authentication mode, the server first sends the browser some information and additional information for the authentication process, and the browser mixes this information with the user name and password and some other information before performing the authenticationMD5An encryption algorithm that sends the result and additional information over the network to the server in plain text. The server also uses the same information and additional information as the client, hashes it with the saved client password, and compares the result with the client’s, allowing access only if the two numbers are identical.
  • Proxy-AuthorizationThe function and usage of header fields andAuthorizationThe header field is basically the same, exceptProxy-AuthorizationThe request header is the authentication information sent by the server to the proxy server.

6. Host

  • The Host header field is used to specify the Host name and port number of the resource in the same format as the Host name and port number part of the complete URL for the resource, as shown in the following example:
Host: www.xdr630.top
Copy the code
  • In the preceding example, the default port number used by the browser to connect to the server is 80. Therefore, port number :80 following www.xdr630.top can be omitted.
  • Note that in HTTP 1.1, each request sent by the browser and other clients includes the Host header so that when accessing a Web site, the virtual Web site is accessed based on the URL in the address bar. When a browser accesses a Web site, it automatically generates a Host request header based on the URL in the address bar.

7. If-Match

  • Both the browser and the proxy server can cache web documents sent back by the server. When a user accesses a cached page again, the server sends the content of the page back to the client only after the page content has been updated. Otherwise, the server notifies the browser to access the locally cached page to reduce unnecessary network traffic. When a server transmits the content of a web page file for a client, it can transmit header fields that represent the characteristics of the entity’s content, called entity tags. When the client requests the web file from the server again, it can use the if-match header field with the previously cached entity label content. The request is treated as a conditional request, such as:
If-Match: "repository"
Copy the code
  • Among them,”repository“Is the last time the client visited the page in the Web server, the server sent the content using the ETag entity tag, as shown in the following example:
ETag: "repository"
Copy the code
  • After receiving the request from the client, the server retrieves the entity label content in the IF-match header and compares it with the entity label content on the server that represents the characteristics of the current web page content. If they are the same, the content of the Web page has not changed, and the Web server does not return the Web document, leaving the client to use the previously cached Web document. Otherwise, the server returns a new web page file and a new entity label content header field.

8. If-Modified-Since

  • The if-Modified-since request header works similarly to if-Mach, except that its value is the GMT-formatted time. The if-Modified-since request header is treated as a request condition, and the server will return the document’s contents only If the document in the server has been Modified more recently than the time specified in the if-Modified-since request header. Otherwise, the server returns a 304(Not Modified) status code indicating that the document cached by the browser is up to date, without returning the document contents to the browser, which still uses the previously cached document. In this way, the amount of communication data between the browser and the server can be reduced to a certain extent, thus improving the communication efficiency.

9. The Range and the If – Range

  • The Range header field is used to specify that the server should return only a portion of the document and the scope of the content, which is useful for breakpoint continuations of larger documents. If the client breaks on one request after receiving only part of what the server returned, you can use the Range header field on the second request to ask the server to return only after the interrupt location. The Range header has the following usage formats. (1)Range: bytes=1000-2000 (2) Range: bytes=1000- (3) Range:bytes=-1000
  • Of the three formats listed above, the first format asks the server to return the content between the 1000th and 2000th bytes of the document, including the 1000th and 2000th bytes. The second format asks the server to return everything in the document after the 1000th byte. The third format asks the server to return the last 1000 bytes of the document.
  • The if-range header field can only be used with the Range header field, and its setting value can be the entity label or the TIME in GMT format. If the value is set to entity label and the content of the entity label is the same as that of the current web page, the server returns part of the web page as required by the Range header; otherwise, the server returns all the content of the current web page. If the value is set to GMT and the web page file saved on the server has not been modified since this time, the server returns part of the web page as required by the Range header; otherwise, the server returns all of the current web page.

10. Max-Forward

  • The max-forward header field specifies the number of proxy servers that the current request can pass through. This value is reduced by one for each proxy server that the request passes through. When the max-Forward request header has a value of 0, if the request has not reached the final Web server, the proxy server will stop forwarding the request and it will complete the final response to the client.

11. Referer

  • The browser makes a request to the server, either by typing a URL directly into the browser or by clicking a hyperlink on a web page. In the first case, the browser does not send the Referer header, while in the second case, the browser uses the Referer header field to identify the URL of the web page from which the requested hyperlink originated. For example, the chapter03 project on the local Tomcat server has an HTML file called get.html that contains a hyperlink to the remote server. When clicking on this hyperlink to send a GET request to the server, the browser will send the request message with the Referer header empty. As shown below.
Referer: http://localhost:8080/Test01/GET.html
Copy the code
  • The Referer header is very useful and is often used by web managers to track how visitors to a site navigate to their site. At the same time, the Referer header field can also be used for anti-theft websites. There is R ti machine, version of what is the chain? Suppose that the homepage of a website wants to display some picture information, but the server of this website does not have these picture resources, it uses IMG tag in HTML file to link to the image resources of other websites and show them to visitors, which is the theft of link. The website of leach chain raised the visit volume of his website, increased the burden of server of link website however, harmed its legitimate interest. Therefore, in order to protect its own resources, a website can detect where to link to the current web page or resource through the Referer header. Once it detects access that is not through the link of this site, it can block access or jump to the specified page.

12. User-Agent

  • User-agent Indicates the User Agent in Chinese. Referred to as”UA, it is used to specify the operating system and version used by the browser or other client programs, browser and version, browser rendering engine, browser language, etc., so that the server can return different content for different types of browsers. For example, a server can pass an inspectionUser-AgentHeader, returns a WML document if the client is found to be a wireless handheld terminal; If the client is a normal browser, the normal HTML document is returned. For example, the User-Agent request information generated by Internet Explorer is as follows:
The user-agent: Mozilla / 4.0 (compatible; MSIE 8.0; Windows NT 5.1: Trident / 4.0)Copy the code
  • In the request header above, the User-Agent header field first lists the Mozilla version, then the browser version (MSIE 8.0 for Microsoft Internet Explorer 8.0), and the operating system version (Windows NT 5.1 for Windows) XP) and the engine name of the browser (Trident/4.0).

8. HTTP response message

  • When the server receives a browser request, it sends a response message back to the client. A complete response message consists of a response status line, a response header, and entity content. Each component represents a different meaning. This section takes a detailed look at each component of an HTTP response message.

1. HTTP response status line

  • The HTTP response status line is located in the first line of the response message. It consists of three parts, namely, the HTTP version, an integer code indicating success or error (status code) and text information describing the status code, as shown in the following example:
HTTP / 1.1 200 OKCopy the code
  • The above example is the status line of an HTTP response message, where HTTP 1.1 is the protocol version used for communication (200 is the status code) and OK is the status description, indicating that the client request was successful. Note that each part of the request line needs to be separated by Spaces and terminated with a carriage return newline.
  • The status code consists of three digits that indicate whether the request is understood or fulfilled. The first digit of the HTTP response status code defines the type of the response. The next two digits are not classified. The first digit has five possible values, as described in the following table.
  1. 1xx: Indicates that the request is received and needs to be processed. Supervision of the breakdown of recognized source shop, the price of the war fine out of the net this amount of the sea
  2. 2xx: Indicates that the request is successfully received, understood, and accepted by the server.
  3. 3xx: To complete the request, the client needs to further refine the request.
  4. 4xx: The client request is incorrect.
  5. 5xx: An error occurs on the server.
  • Table 3-2 to Table 3-6 describes the five types of status codes and status information (the content in brackets after each status code is the status information) and their functions in HTTP 1.1.











  • Table 3-2 to Table 3-6 list most of the HTTP status codes, which do not need to be remembered. Here are a few more common status codes in Web development.

    (1) 200: Indicates that the server successfully processes the client request.

    (2) 302: indicates that the requested resource temporarily responds to the request from a different URI, but the requester should continue to use the original location for future requests. For example, in request redirection, the temporary URI should be the resource pointed to by the Location header field of the response.

    (3) 404; The server could not find the requested resource. For example, visiting a web page that does not exist on the server often returns this status code.

    (4) 500: Indicates that an error occurs on the server and the server cannot process the client request.

2. HTTP response headers

  • In the HTTP response message, the first response status line is followed by several response headers. The server passes additional information to the client through the response headers, including the service program name, authentication mode required by the requested resource, the last modification time of the resource requested by the client, and the redirected address. A concrete example of an HTTP response header is as follows:

  • As you can see from the response headers above, they are formatted the same as the HTTP request headers. When the server sends a response message back to the client, the response header is different depending on the situation. Next, I’ll take a closer look at some common response header fields.

1. Accept-Range

  • The accept-range header field indicates whether the server accepts the clientRangeThe request header field requests the resource. If the server wants to tell the client not to use the Range header field, use the following header information
Accept-Range: none
Copy the code
  • If the server wants to tell the client it can usebytesRange requests should use the following header information:

2. Age

  • The Age header field is used to indicate how long the current web document can be cached in the client or proxy server. The value is set to a number of seconds, as shown in the following example:
Age: 1234567
Copy the code
  • When the client accesses a cached web page, subtract the Date header field set when the server returns the web page from the current time. If the value is smaller than the Age header field set when the server returns the web page, the client directly uses the cached web page. Otherwise, the client makes a web page request to the server for that page.

3. Etag

  • The Etag header field is used to transmit the tag information that represents the characteristics of the entity content to the client. The tag information is called the entity label. The entity label of each version of the resource is different. For example, by adding a carriage return newline to the end of a document, the value of the Etag header field identifies the difference. The format of the Etag header field is as follows:
Etag: abc1234
Copy the code

4. Location

  • The Location header field informs the client to get a new address for the request document, and its value is a URL address using an absolute path, as shown below;
Location: http://www.xdr630.top
Copy the code
  • Location header field and most3xxThe status code is used in conjunction with notifying the client to automatically reconnect to the new address request document. Since the current response does not return content directly to the client, an HTTP message using the Location header should have no physical content, and thus cannot be present simultaneously in the HTTP headerLocationandContent-TypeThese two heads are empty

5. Retry-After

  • The retry-after header field can be used in conjunction with the 503 status code to tell the client when the request can be resent. It can also be used in conjunction with any 3XX status code to tell the client the minimum delay for processing redirection. The retry-after header field can be a TIME in GMT format or a number of seconds, as shown in the following example:
Retry-after: Sun, 21 Mar 2021 10:00:00 GMTRetry-After: 120 //120 secondsCopy the code

6. Server

  • The Server header field is used to specify the name of the Server software product as shown in the following example:
Server: Apache - 1.1 - / - CoyoteCopy the code

7. Vary

  • Vary is used to specify the name of the request header field that affects the response content generated by the server, as shown in the following example:
Vary: Accept-Language
Copy the code
  • The above response header field indicates that the content of the server response is affected by the Accept-Language request header sent by the client. The server returns the content of the corresponding Language based on the accept-Language request header value. When a client accesses an already cached resource again, it needs to check the request header field specified in the Vary header field to see if the request header field is set the same this time as it was set last time as a condition to use the cache. – For example, the accept-language header field in the previous request had a value of en-us, whereas this one The accept-language header field has a value of zh-cn, and even if all the other conditions are true for the client to use the local cache of the requested resource path, the client cannot use the cache and still needs to make an access request to the server.

8. WWW – Authenticate and Proxy – Authenticate

  • When a client accesses a password-protected web file, the server sends back a 401(Unauthrized) response status code and a www-authorize response header in the response message, indicating that the client should use the specified www-authorize response header in the author-ization request header Authentication Mode User name and password. The www-authenticate response header can specify two authentication modes:BASICDIGEST. If the client is required to transmit authentication information in BASIC mode, the syntax is as follows:
WWW-Authenticate: BASIC realm= "xdr630"
Copy the code
  • The realm property is used to specify the domain to which the current resource belongs. A realm defines a protected interval (a set of resources to be protected) within the same host. It can be any string. A host can have multiple domains, and all resources in the same domain share the same account. If an account has access to a resource, that account can access other resources in the same domain. According to the specification for HTTP validation, a resource that has the same directory path as a resource or is in a subdirectory of its directory path uses the same domain as that resource.
  • The details of the DIGEST authentication mode are complex, so you can refer to the RFC2617 documentation for further research.
  • Proxy-authenticate header authenticates user information on the Proxy server. Other functions and uses are similar to www-authenticate header fields.

9. Refresh

  • The Refresh header field is used to tell the browser when to automatically Refresh the page, and its value is a number of seconds, as shown in the following example:
Refresh:3
Copy the code
  • The Refresh header field shown above is used to tell the browser to Refresh the page automatically after 3 seconds.
  • Note that you can also add a URL parameter to the time value of the Refresh header field with a semicolon (;) between the time value and the URL For example, tell the browser to go to www.xdr630.top after 3 seconds. The following is an example:
Refresh:3; url=http://www.xdr630.top
Copy the code

10. Content-Disposition

  • If the server wants the browser to not process the entity Content of the response directly, but instead give the user the option to save the entity Content of the response to a file, use the Content-Disposition header field. The Content-Disposition header field is not defined in the standard specification for HTTP and is borrowed from RFC 2183. Content-disposition in RFC 2183, content-Disposition specifies how the receiver handles data Content, inline and attachment are standard, Inline means direct processing, while attachment requires the user to intervene and control how the receiver processes the data content. In HTTP applications, only attachment is the standard content-disposition approach. Attachment can also be followed by the filename argument. The filename parameter value is the name of the file that the server recommends that the browser save the physical content. The browser should ignore the directory part in the filename parameter value and take only the last part of the parameter as the filename. Be sure to set the Content-Type header field before setting Content-Disposition, as shown below.
Content-Type: application/octet-stream
Content- Disposition: attachment; filename=lee.zip
Copy the code

3. Other HTTP header fields

1. Generic header fields

  • In HTTP messages, header fields that apply to both request and response messages are called generic header fields. There are several general header fields as follows :Cache-Control, Connection, Date, Pragma,Trailer, Transfer-Encoding,Upgrade, Via, Warning. Details about these general header fields are as follows.

1. Cache-Control

  • If cache-control is used in a request message, it is used to inform the manager between the client and server how to use the cached page. In this case, cache-control can be :no-cache, no-store, max-age, max-stale, min-fresh, no-transform,only-if-cached, etc.
  • If cache-control is used in the response message, it is used to inform the client and proxy server how to Cache the page, in this case, Cache-control can be public or private. No-cache, no-store, no-transform,must-revalidate, proxy-revalidate, max-age,s-max-age, etc.
  • Multiple values can be set in a cache-control header field, separated by signs, as shown in the following example:
Cache-Control: no- stroe,no-cache,must-revalidage
Copy the code
  • Each value set in the cache-Control header fields above has a specific meaning. Table 3-7 describes some common values for the cache-Control header fields.

2. Connection

  • The Connection header field specifies whether the client and server continue to be connected after the request/response is processed. The Connection header field can specify two values, as shown below: the tank must monitor the drum
Connection: Keep-Alive
Connection: close
Copy the code
  • When the value of the Connection header field is keep-alive, the Connection between the client and the server is kept Alive after the interaction. When the value of the Connection header field is close, the Connection between the client and the server is closed after the interaction. For HTTP1.1, persistent connections are used by default, which means that by default, the Connection header field is keep-alive.

3. Data

  • The Date header field is used to indicate the current time when the HTTP message was generated. Its value is in THE GMT format, as shown in the following example:
Mon, 22 Feb 2021 08:29:02 GMT
Copy the code
  • In general, all responses returned by the server must include a Date header field. Except for this and that.
  1. The response status code indicates a server error, such as 500(internal server error) or 503(service unavailable), so the server cannot produce a valid date.
  2. The server does not have a clock and cannot provide the current time, so the response cannot set the Date header, in which case the server cannot set header fields such as Expire, last-Modified, and so on.

4. Pragma

  • The Pragma header field mainly informs proxy servers and clients in HTTP 1.0 how to use cached pages, and its value can only be fixed to no-cache, as shown below:
Pragma: no-cache
Copy the code
  • When the Pragma header field is used in response to a message, it instructs the client not to cache the document; When used to request a message, indicates that the proxy server must return a current document and not a cached document. In HTTP 1.0, some browsers weren’t very reliable in their support for Pragma header fields, so people often did the same thing by setting the Expires header field to a value of 0.
  • In HTTP 1.1, however,Cache-ControlThe header field has also been largely replacedPragmaThe use of header fields.

5. Transfer-Encoding

  • With HTTP 1.0, there is no persistent connection between the server and the client. When the server closes the TCP connection, the client knows that the response data has been sent. For HTTP 1.1, since the server and the client maintain a persistent connection, the server must inform the client of the Length of the response data through the Content-Length header field in the response message, so that the client can know when the data is finished. However, on the server side, some data is dynamically generated, and the server must wait until all the content is generated before accurately calculating the length of the response data, that is to say, the server can only respond to the client’s request after all the data is generated, which is bound to affect the efficiency. To solve this problem, the Transfer-Encoding header field is introduced, which specifies which transport Encoding is used for the entity content of the response message. Currently, the standard setting is only chunked, as shown in the following example:
Transfer-Encoding: chunked
Copy the code
  • When the transfer-Encoding header field is set in the response message, the entire entity content of the response message is divided into a series of segments before transmission. Each segment begins with a hexadecimal number that indicates the size of the entire segment. The last segment must be 0 to indicate the end of the entire chunked encoded data, as follows:
HTTP/1.1 200 OK
Content-Type: text/htm1Transfer-Encoding: chunked

7f
<html>
<head>
<title>trailer Example</title>
</head>
<body>
<p> Please wait while we complete your transaction ...</p>
2c
<p>Transaction complete!</p>
</body>
</html>
0
Copy the code
  • In the response message above, 7F and 2c represent the size identification information for two segments of Content, so the content-Length header field is not required to specify the size of the entire entity Content in this case.

6. Trailer

  • Some header fields can be placed at the end of the entire HTTP message, that is, header field information can be placed after the content portion of the entity. For header fields placed at the tail, you need to use Trailer field specifications in the header as shown in the following example,
Trailer:Date
Copy the code
  • Note that the Trailer header field must be used with chunked transport encoding.

7. Upgrade

  • The Upgrade header field is used on the client side to specify the new communication protocol that the client wants to switch from the current protocol. If the server considers that the protocol to be switched is appropriate, it sets the Upgrade header field in the response message to specify the protocol to be switched. The Upgrade header field must be used together with the 101 status code. The following is an example:
// Request message
GET /HTTP/1.1  
Host: 127.0. 01.
Upgrade: TLS/1.0
// Response message
HTTP/1.1 101 Switching Protocols
Upgrade: TLS/1.0
Copy the code

8. Via

  • The Via header field is used to specify the protocol and host name used by the proxy server through which the HTTP message passes. This header field is generated by the proxy server, and each proxy server must append its information to the end of the Via field to reflect the order of multiple proxy servers through which the HTTP message passes, as shown in the following example:
Via: HTTP/1.1 Proxy1,HTTP/1.1 Proxy2
Copy the code
  • If the proxy server is using HTTP, the protocol name in the Via header field can be omitted as follows:
Via: 1.1 Proxy1,1.1 Proxy2
Copy the code

9. Warning

  • The Warning header field is used to describe additional Warning information that other header fields and status codes cannot. For example, the proxy server is disconnected from the network, as shown in the following figure:
warning:112 Disconnected operation
Copy the code

2. Entity header field

  • Entity information can be transmitted in both request message and response message. Entity information includes entity header field and entity content. Entity header field is the meta-information of entity content, which describes the attributes of entity content, such as type, length, compression method, last modification time, data validity period, etc. Next, this section takes a closer look at entity header fields.

1. Allow

  • The Allow header field specifies the supported request methods (such as GET,POST, etc.) for the resource, and is used to inform the client that the resource should be requested strictly in the specified manner, as shown below:
Al1ow: GET,HEAD,PUT
Copy the code
  • It is important to note that the Allow header field must be used with the 405 response status code.

2. Content-Language

  • Content-language Specifies the national Language type of the web document to be returned. The value is the standard name of zh-CN, EN-US, and JA. Because the same character can have slightly different styles and meanings in different national languages, the Content-language header field is important if some client software happens to treat character text differently in different national languages. A concrete example of content-language is as follows:
Content-Language: en-us
Copy the code

3. Content-Length

  • The content-Length header field is used to indicate the Length (in bytes) of the entity’s Content. Let’s start with a simple response message with the Content-Length header field, as shown below:
HTTP/1.1 200 OK
Date: Mon, 22 Feb 2021 09:29:57 GMT
Content- Length:109


<html>
<head>
<title> content-Length Example</title>
</head>
<body>
Content-Length:109
</body>
</html>
Copy the code
  • In the response message above, from<html>The first character “<” to</hml>The last character “>” is 109 in length.
  • In HTTP 1.1, a persistent connection is maintained between the browser and the server, which allows the client to send multiple requests over a TCP connection, and the server must send one in each response Content-length Specifies the Length of each entity’s Content in the response header so that the client can tell where each response ends without confusing the previous response with the next.
  • The Content-Length response header should not be set if the response message contains the Transfer-Encoding response header, which means that the response Content is chunked encoded back.

4. Content-Location

  • The content-location header field is used to specify the actual Location path of the entity Content in the response message (the path of the entity Content in the response message cannot simply be considered the path of the requested resource), When a request resource path should be a variety of contents and forms of the entity, for example, the same request resources may have more than one national language versions, each national language versions all have their own position, in this case, the request response entity content resource path and the paths may be different, specific example is as follows:
HTTP/1.1 Host: httpd.apache.org Accept-language: en-us // HTTP/1.1 200 OK Date: Mon, 22 Feb 2021 09:29:57 GMT Server: Apache(UNIX) Content-Location: index_en_us.html Content-Type: text/html Content-Language: en-usCopy the code
  • In the above example, the request message requires an index_EN_us.html document to be requested in English. If the server finds an English index_EN_US.html document available, the content-location header is set to index_EN_US. The path to the HTML document and sends the document back to the client.
  • Content-location can be set to either an absolute path or a relative path. If it is a relative path, it is relative to the requested resource path. For the response message above, index, HTML and index_en_us.html are in the same directory.

5. Content-Range

  • The Content-range header field specifies the location of part of the entity Content returned by the server. The content-range header is included in the server’s response header only if the client uses the Range header to ask the server to return part of the entity, as shown in the following example:
HTTP/1.1 206 Partial content
Date: wed,15 Nov 1995 06:25:24 GMT
Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
Content-Range: bytes 21010-47021/47022
Content- Length:26012
Content-Type: image/gif
Copy the code
  • In the Content-range header field, Bytes Indicates that the following data is expressed in bytes. 21010 to 47021 indicates that the returned content starts from the 21010 byte to the 47021 byte. 47022 indicates that the size of the entire entity content is 47022 bytes Content-length The Length of the returned entity Content is 26012(47 021-21 010+1) bytes.

6. Content-MD5

  • The Content-MD5 header field is used to provide integrity checks on the entity Content, and its value is the result of Base64 encoding of the MD5 digital digest of the entity Content.
  • The MD5 digest algorithm is a hash algorithm that can generate a 16-byte digest by computing a piece of information. If any changes are made to the input information, a second MD5 operation on the changed information will produce a digital digest that is different from the one before the change. Since the 16-byte digest information calculated by THE MD5 algorithm may not be displayed as printable ASCII characters, the 16-byte digest information needs to be Base64 encoded to convert it into printable ASCII characters. The content-MD5 header fields are as follows:
Content-MD5: ZTFmZDA5MDYyYTMzZGQzMDMxMmixMjc4YThhNTMyM21=
Copy the code

7. Content-Type

  • Content-type specifies the MIME Type of the entity Content. MIME(Multipurpose InternetMail Extensions) is an Internet standard originally designed to attach multimedia data to E-mail messages so that mail clients can process it according to its type. Because there are different types of data transmitted over HTTP,HTTP also uses MIME to identify different data types. By examining the MIME Type in the response header field content-Type, the client can know which format of data Type the received entity Content represents so that it can properly process it.
  • Most servers set the mapping between file extensions and MIME types in their configuration files so that the CONTent-Type MIME Type can be automatically determined based on the extension of the requested resource. There are a number of elements in the Tomcat web. XML file that map file extensions to MIME types. Here is a snippet of the web. XML file:
.<mime-mapping>
	<extension>pdf</extension>
	<mime-type>application/pdf</mime-type>
</mime-mapping>.Copy the code
  • Among them<mime-mapping >Elements of the<extension>The child element is used to specify the extension of the file,<mime-type>The child element is used to specify the MIME type for the file extension mapping.
  • The MIM type in the preceding file fragment is application/ PDF. Application is the main type and PDF is the subtype. MIME types can also use”*“Wildcard,”* / *“Represents all MIME types,”image/ *Represents all image subtypes if the subtype begins withx-“Indicates that the type is still experimental. The MIME Type in the content-type header field can also be followed by a list of character codes used for the response Content, separated by a semicolon (;). For example, content-type: text/ HTML; Charset = GB2312. If no character code table is specified in the Content-Type header field, the ISO-8859-1 character code table is used by default.