HTTP Headers - Part 4 of Chapter 3 from HTTP: The Definitive Guide (5/6)
   [previous] [next] |
HTTP: The Definitive Guide, Chapter 3: HTTP Messages
Response Headers
Response messages have their own set of response headers. Response headers provide clients with extra information, such as who is sending the response, the capabilities of the responder, or even special instructions regarding the response. These headers help the client deal with the response and make better requests in the future. Table 3-18 lists the response informational headers.
Table 3-18: Response informational headers
Header | Description |
|---|---|
Age | How old the response is[15] |
Public[16] | A list of request methods the server supports for its resources |
Retry-After | A date or time to try back, if a resource is unavailable |
Server | The name and version of the server's application software |
Title[17] | For HTML documents, the title as given by the HTML document source |
Warning | A more detailed warning message than what is in the reason phrase |
Negotiation headers
HTTP/1.1 provides servers and clients with the ability to negotiate for a resource if multiple representations are available--for instance, when there are both French and German translations of an HTML document on a server. Chapter 17 walks through negotiation in detail. Here are a few headers servers use to convey information about resources that are negotiable. Table 3-19 lists the negotiation headers.
Table 3-19: Negotiation headers
Header | Description |
|---|---|
Accept-Ranges | The type of ranges that a server will accept for this resource |
Vary | A list of other headers that the server looks at and that may cause the response to vary; i.e., a list of headers the server looks at to pick which is the best version of a resource to send the client |
Response security headers
You've already seen the request security headers, which are basically the response side of HTTP's challenge/response authentication scheme. We talk about security in detail in Chapter 14. For now, here are the basic challenge headers. Table 3-20 lists the response security headers.
Table 3-20: Response security headers
Header | Description |
|---|---|
Proxy-Authenticate | A list of challenges for the client from the proxy |
Set-Cookie | Not a true security header, but it has security implications; used to set a token on the client side that the server can used to identify the client[18] |
Set-Cookie2 | Similar to Set-Cookie, RFC 2965 Cookie definition; see |
WWW-Authenticate | A list of challenges for the client from the server |
15. Implies that the response has traveled through an intermediary, possibly from a proxy cache. Back
16. The Public header is defined in RFC 2068 but does not appear in the latest HTTP definition (RFC 2616). Back
17. The Title header is not defined in RFC 2616; see the original HTTP/1.0 draft definition (https://www.w3.org/Protocols/HTTP/HTTP2.html). Back
18. Set-Cookie and Set-Cookie2 are extension headers that are also covered in Chapter 11. Back
[previous] [next] |
Created: February 5, 2003
Revised: February 5, 2003
URL: https://webreference.com/programming/http/chap3/4/5.html
Find a programming school near you