Want-Content-Digest

A comma-separated list of one or more hashing algorithms:

Want-Content-Digest: <algorithm>=<preference>
Want-Content-Digest: <algorithm>=<preference>, …, <algorithmN>=<preferenceN>

<algorithm>

The requested algorithm to create a digest of the message content. Only two registered digest algorithms are considered secure: sha-512 and sha-256. The insecure (legacy) registered digest algorithms are: md5, sha (SHA-1), unixsum, unixcksum, adler (ADLER32) and crc32c.

<preference>

An integer from 0 to 9 where 0 means "not acceptable", and the values 1 to 9 convey ascending, relative, weighted preference. In contrast to earlier drafts of the specifications, the weighting is not declared via q quality values.

The following message asks the recipient to send a Content-Digest header using SHA-512 algorithm:

Want-Content-Digest: sha-512=9

The following header contains three algorithms, and indicates that SHA-256 is the preferred digest algorithm that the recipient should use, followed by SHA-512, and MD5:

Want-Content-Digest: md5=1, sha-512=2, sha-256=3

This header has no specification-defined browser integration ("browser compatibility" does not apply). Developers can set and get HTTP headers using fetch() in order to provide application-specific implementation behavior.

• Content-Digest, Repr-Digest, Want-Repr-Digest digest headers
• Digital Signatures for APIs SDK guide uses Content-Digests for digital signatures in HTTP calls (developer.ebay.com)