HTTP Headers - Part 4 of Chapter 3 from HTTP: The Definitive Guide (4/6)
   [previous] [next] |
HTTP: The Definitive Guide, Chapter 3: HTTP Messages
Conditional request headers
Sometimes, clients want to put some restrictions on a request. For instance, if the client already has a copy of a document, it might want to ask a server to send the document only if it is different from the copy the client already has. Using conditional request headers, clients can put such restrictions on requests, requiring the server to make sure that the conditions are true before satisfying the request. Table 3-15 lists the various conditional request headers.
Table 3-15: Conditional request headers
Header | Description |
|---|---|
Expect | Allows a client to list server behaviors that it requires for a request |
If-Match | Gets the document if the entity tag matches the current entity tag for the document[11] |
If-Modified-Since | Restricts the request unless the resource has been modified since the specified date |
If-None-Match | Gets the document if the entity tags supplied do not match those of the current document |
If-Range | Allows a conditional request for a range of a document |
If-Unmodified-Since | Restricts the request unless the resource has not been modified since the specified date |
Range | Requests a specific range of a resource, if the server supports range requests[12] |
Request security headers
HTTP natively supports a simple challenge/response authentication scheme for requests. It attempts to make transactions slightly more secure by requiring clients to authenticate themselves before getting access to certain resources. We discuss this challenge/response scheme in Chapter 14, along with other security schemes that have been implemented on top of HTTP. Table 3-16 lists the request security headers.
Table 3-16: Request security headers
Header | Description |
|---|---|
Authorization | Contains the data the client is supplying to the server to authenticate itself |
Cookie | Used by clients to pass a token to the server--not a true security header, but it does have security implications[13] |
Cookie2 | Used to note the version of cookies a requestor supports; see "Version 1(RFC2965) Cookies" in Chapter 11 |
Proxy request headers
As proxies become increasingly common on the Internet, a few headers have been defined to help them function better. In Chapter 6, we discuss these headers in detail. Table 3-17 lists the proxy request headers.
Table 3-17: Proxy request headers
Header | Description |
|---|---|
Max-Forwards | The maximum number of times a request should be forwarded to another proxy or gateway on its way to the origin server--used with the TRACE method[14] |
Proxy-Authorization | Same as Authorization, but used when authenticating with a proxy |
Proxy-Connection | Same as Connection, but used when establishing connections with a proxy |
11. See Chapter 7 for more on entity tags. The tag is basically an identifier for a version of the resource. Back
12. See "Range Requests" in Chapter 15 for more on the Range header. Back
13. The Cookie header is not defined in RFC 2616; it is discussed in detail in Chapter 11. Back
[previous] [next] |
Created: February 5, 2003
Revised: February 5, 2003
URL: https://webreference.com/programming/http/chap3/4/4.html
Find a programming school near you