Original text: cloud.tencent.com/developer/c…
Curl is a powerful command-line tool that can send information to or retrieve data from a server over a network. It supports many transport protocols, especially HTTP/HTTPS and others such as FTP/FTPS, RTSP, POP3/POP3S, SCP, IMAP/IMAPS, etc. Curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl curl
-
To add an HTTP header field, use either -h or –header. To define multiple header fields, -h can be specified multiple times in the curl command.
curl -H ‘Accept-Language: en’ -H ‘Accept-Encoding: gzip’ tp-link.com.cn
-
Standard header fields are usually set in another way
User-agent field: -a, –user-agent
Cookie field: -b, — Cookie
Referer field: -e, — Referer
For example, the following two commands are equivalent:
curl -H “User-Agent: my browser” tp-link.com.cn
curl -A “my browser” tp-link.com.cn
Common standard request header fields
-
Accept the Content Type and represent it as a MIME Type, using Content negotiation content-type
Accept: text/html, application/json; Q = 0.9 * / *; Q = 0.8
Q is the weighting factor.
-
Accept-charset character set. Content-type is used
Accept-Charset: utf-8, iso-8859; Q = 0.5 *; Q = 0.1
-
Accept-encoding Content Encoding, usually a compression algorithm. Use content-encoding for Content negotiation
Accept-Encoding: gzip, deflate
-
Accept-language: content-language is used for Content negotiation
Accept-Language: en-US, en; Q = 0.5 *; Q = 0.4
-
Connection indicates whether the Connection remains open. HTTP/1.1 default value is keep-alive
Connection: keep-alive
-
Content-length Specifies the request body size (unit: B)
Content-Length: 2
-
Cookie HTTP cookies Set-Cookie header sent by the server previously
Cookie: [cookie-name1]=[cookie-value1], [cookie-name2]=[cookie-value2]
Cookie-lists are separated by semicolons and Spaces.
-
Content-type indicates the media Type
Content-Type: multipart/form-data; boundary=xxx
-
Content-disposition is used in each child of the multipart/form-data request body to provide information about the fields to which it applies. There are only values form-data, and optional name and filename.
Content-Disposition: form-data; name=”fieldName”; filename=”filename.jpg”
Summary:
HTTP headers allow clients and servers to pass additional information through requests or responses. A request header consists of a case-insensitive name and a colon “:’, followed by its value (without newlines). Bootstrap whitespace before the value is ignored.
Custom proprietary headers could be added using the ‘X’ prefix, but this convention was abandoned in June 2012 due to the inconvenience caused when non-standard fields became standard in RFC 6648; Others are listed in the IANA Registry, whose original content is defined in RFC 4229. IANA also maintains a registry of proposed new HTTP headers.
Header files can be grouped according to their context:
-
General headings: Headings apply to requests and responses, but have nothing to do with the data ultimately transmitted in the body.
-
Request header: A header that contains more information about the resource to be retrieved or about the client itself.
-
Response title: The title that contains additional information about the response, such as its location or the server itself (name and version, etc.).
-
Entity header: A header that contains more information about the entity body, such as its content length or its MIME type.
Header files can also be grouped according to how the agent handles them:
These headers must be sent to the End recipient of the message; That is, the requesting server or responding client. The intermediate proxy must retransmit the unmodified end-to-end headers, and the cache must store them. Hop by hop headers These headers are meaningful only for a single transport-level connection and may not be retransmitted by the proxy or cache. Such headings are: Connection, keep-alive, proxy-Authenticate, proxy-authorization, TE, Trailer, Transfer-encoding, and Upgrade. Note that per-hop headers can only be set using the Connection generic header.
The following list summarizes HTTP headers by category of use. For an alphabetical list, see the navigation on the left.
Authentication
Www-authenticate defines the authentication method that should be used to access resources.
Authorization contains the credentials for authenticating user agents using the server.
Proxy-authenticate defines the authentication method that should be used to access the resources behind the Proxy server.
Proxy-authorization includes the credentials for authenticating user agents using Proxy servers.
Caching
Age The time, in seconds, that the object has been in the proxy cache.
Cache-control Specifies the instruction for caching mechanisms in requests and responses.
An Expires response is considered an old date/time.
Implementation-specific headers of Pragma may produce various effects anywhere in the request-response chain. For HTTP / 1.0 caches that do not yet exist in the backward-compatible cache-control header.
Warning Contains general Warning fields for possible problem information.
Client hints
Accept-CH… Content-DPR… DPR… Downlink… Save-Data… Viewport-Width… Width…
Conditionals
Last-modified A validator that is the Last Modified date of a resource and is used to compare multiple versions of the same resource. It is less accurate ETag, but easier to calculate in some circumstances. Conditional requests use if-modified-since and if-unmodified-since to change the behavior of the request using this value.
ETag is a validator that is a unique string that identifies the version of the resource. Conditional requests using if-match and if-none-match use this value to change the behavior of the request.
If-match makes the request conditional and applies the method only If the stored resource matches one of the given ETags.
If-none-match makes the request conditional and applies the method only If the stored resource does not Match any given ETag. This is used to update the cache (for security requests) or to prevent the uploading of new resources if they already exist.
If-modified-since makes the request conditional and expects the entity to be delivered only If it has been Modified after a given date. This is only used to transfer data when the cache expires.
If-unmodified-since makes the request conditional and expects the entity to be delivered only If it has not been modified after a given date. This is used to ensure consistency between a new fragment of a particular scope and a previous fragment, or to implement an optimistic concurrency control system when modifying an existing document.
Connection management
Connection controls whether the network Connection remains open after the current transaction completes.
Keep-alive controls how long a persistent connection should remain open.
Content negotiation
Accept Indicates the type of data that the notification server can send back. It is MIME type.
Accept-charset tells the server which character sets the client can understand.
Accept-encoding Informs the server about the Encoding algorithm, usually a compression algorithm, that can be used to send back resources.
Accept-language Notifies the server about the Language the server expects to send back. This is a reminder that it is not necessarily entirely under the user’s total control: the server should always be careful not to override explicit user choices (such as selecting a language from a drop-down list).
Controls
Expect represents the expectations that the server needs to meet in order to properly handle requests. Max-Forwards…
Cookies
Cookies contain stored HTTP cookies that were previously sent by the server using the set-cookie header.
Set-cookie sends cookies from the server to the user agent.
Cookie2 is used to contain an HTTP cookie that was previously sent by the server via the set-Cookie2 header, but has been deprecated by the specification. Cookie is used instead.
Set-cookie2 is used to send cookies from the server to the user agent, but has been deprecated by the specification. Set-cookie is used instead.
CORS
Access-control-allow-origin indicates whether responses can be shared.
Access-control-allow-credentials indicates whether responses to requests can be exposed when the credential flag is true.
Access-control-allow-headers is used to respond to precheck requests to indicate which HTTP Headers can be used when making the actual request.
Access-control-allow-methods Specifies the allowed Methods for accessing resources in response to precheck requests.
Access-control-expose-headers indicates which Headers can be exposed as part of the response by listing their names.
Access-control-max-age indicates the length of time the result of a precheck request can be cached.
Access-control-request-headers is used to make pre-check requests to let the server know which HTTP Headers will be used when the actual Request occurs.
Access-control-request-method is used to let the server know which HTTP Method will be used when issuing the actual Request when issuing the precheck Request.
Origin indicates where to get the source.
Do not track
DNT is used to express users’ tracking preferences.
Tk indicates the trace state applied to the corresponding request.
download
It is a response header if the transferred resource should be displayed inline (the default behavior when the title does not exist), or should be treated like a download, and the browser should display a “Save as” window.
Message body
Content-length indicates the size of the entity body to be sent to the recipient in decimal notation.
Content-type indicates the media Type of the resource.
Content-encoding Specifies the compression algorithm.
Content-language describes the Language used by the audience so that users can distinguish according to their own preferred Language.
Content-location indicates the alternate Location of the returned data.
The agent
Forwarded contains client-facing information about the proxy server that is changed or lost when the proxy is included in the request path.
X-forwarded-for Identifies the original IP address of the client connected to the Web server through the HTTP proxy or load balancer.
X-forwarded-host identifies the original Host requests that the client uses to connect to the proxy or load balancer.
X-forwarded-proto identifies the protocol (HTTP or HTTPS) that the client uses to connect to the proxy or load balancer.
The Via proxy adds forward and reverse proxies and can appear in both request and response headers.
redirect
Location indicates the URL to redirect the page to.
Request context
From contains the Internet E-mail address of the human user controlling the requesting user agent.
Host Specifies the domain name of the server (for virtual hosts) and, optionally, the TCP port number on which the server is listening.
The address of the web page before the Referer, starting from that page, and linking to the currently requested page.
Referrer-Policy Governs that the Referrer information sent in the Referer header file should be included in the request.
User-agent contains character strings that allow network protocol peers to identify the type of application, operating system, software vendor, or software version requesting the software User Agent. See also the Firefox User Agent String Reference.
Response context
Allow lists the set of HTTP request methods supported by the resource.
Server contains information about the software used by the original Server to process the request.
Scope of the request
Accept-ranges indicate whether the server supports range requests and, if so, in which unit range.
Range indicates the part of the document that the server should return.
If-range creates a conditional Range request that is satisfied only If the given ETAG or date matches the remote resource. Used to prevent downloading of two scopes from incompatible versions of a resource.
Content-range indicates the location of the whole body message to which part of the message belongs.
security
Content-security-policy (CSP) controls the resources that the user agent is allowed to load for a given page.
Content-security-policy-report-only allows Web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of POSTS of JSON documents sent to the specified URI via HTTP requests.
Public-key-pins (HPKP) associates a specific encrypted Public Key with a Web server to reduce the risk of forged certificates against MITM attacks. Public-key-pins-report-only sends the Report to the report-URI specified in the title, and still allows clients to connect to the server even if locking is violated.
Strict-transport-security (HSTS) enforces communication using HTTPS instead of HTTP.
Upgrade-insecure Requests sends a signal to the server indicating the client’s preference for encryption and authentication responses, and the upgrade-insecure Requests directive can be successfully processed.
X-content-type-options disables MIME sniffing and forces the Type content-type specified in the browser to be used.
X-frame-options (XFO) indicates that browser rendering is allowed, ] (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/frame) [or ` ` X – XSS – Protection of the page, or enable cross-site scripting filter.
Events sent by the server
Ping-From… Ping-To… Last-Event-ID…
Transfer code
Transfer-encoding Specifies the Encoding used to securely transmit the entity to the user.
TE specifies the transport encoding that the user agent is willing to accept.
Trailer allows senders to add additional fields at the end of the blocked message.
WebSockets
Sec-WebSocket-Key… Sec-WebSocket-Extensions… Sec-WebSocket-Accept… Sec-WebSocket-Protocol… Sec-WebSocket-Version…
other
Date contains the Date and time of the message source.
Large-allocation tells the browser that the page being loaded will perform a Large Allocation.
Link… Retry-after indicates how long the user agent should wait before making subsequent requests.
SourceMap links the generated code to the SourceMap. Upgrade title field
The relevant RFC documentation for Upgrade is Section 6.7 of RFC 7230. This standard establishes rules for upgrading or changing to different protocols over current client, server, and transport protocol connections. For example, if the server decides to acknowledge and implement the Upgrade header field, this header standard allows the client to change from HTTP 1.1 to HTTP 2.0. The Niether party needs to accept the terms specified in the upgrade title field. It can be used in both client and server headers. If an upgrade header field is specified, the sender must also send a connection header field with the specified upgrade option. For more information on the Connection title field, see Section 6.1 of the RFC above.
Vary determines how to match future request headers to determine whether the cached response can be used instead of requesting a new response from the original server.
X-dns-prefetch-control controls DNS Prefetch, which is the capability of the browser to actively perform domain name resolution of the two links the user can choose to focus on, as well as the URL of the item referenced in the document (including images, CSS, JavaScript, etc.). X-Firefox-Spdy… . X-Requested-With… . X-UA-Compatible… .