HTTP resources and specifications

HTTP was first specified in the early 1990s. Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.

Specification Title Status
RFC 9110 HTTP Semantics Internet Standard
RFC 9111 HTTP Caching Internet Standard
RFC 9112 HTTP/1.1 Internet Standard
RFC 9113 HTTP/2 Proposed Standard
RFC 9114 HTTP/3 Proposed Standard
RFC 5861 HTTP Cache-Control Extensions for Stale Content Informational
RFC 8246 HTTP Immutable Responses Proposed Standard
RFC 6265 HTTP State Management Mechanism Defines Cookies Proposed Standard
Draft spec Cookie Prefixes IETF Draft
Draft spec Same-Site Cookies IETF Draft
Draft spec Deprecate modification of 'secure' cookies from non-secure origins IETF Draft
RFC 2145 Use and Interpretation of HTTP Version Numbers Informational
RFC 6585 Additional HTTP Status Codes Proposed Standard
RFC 7725 An HTTP Status Code to Report Legal Obstacles On the standard track
RFC 2397 The "data" URL scheme Proposed Standard
RFC 3986 Uniform Resource Identifier (URI): Generic Syntax Internet Standard
RFC 5988 Web Linking Defines the Link header Proposed Standard
Experimental spec Hypertext Transfer Protocol (HTTP) Keep-Alive Header Informational (Expired)
Draft spec HTTP Client Hints IETF Draft
RFC 7578 Returning Values from Forms: multipart/form-data Proposed Standard
RFC 6266 Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) Proposed Standard
RFC 2183 Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field Only a subset of syntax of the Content-Disposition header can be used in the context of HTTP messages. Proposed Standard
RFC 7239 Forwarded HTTP Extension Proposed Standard
RFC 6455 The WebSocket Protocol Proposed Standard
RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2 This specification has been modified by subsequent RFCs, but these modifications have no effect on the HTTP protocol. Proposed Standard
RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 Supersedes TLS 1.2. Proposed Standard
RFC 2817 Upgrading to TLS Within HTTP/1.1 Proposed Standard
RFC 7541 HPACK: Header Compression for HTTP/2 On the standard track
RFC 7838 HTTP Alternative Services On the standard track
RFC 7301 Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension Used to negotiate HTTP/2 at the transport to save an extra request/response round trip. Proposed Standard
RFC 6454 The Web Origin Concept Proposed Standard
Fetch Cross-Origin Resource Sharing Living Standard
RFC 7034 HTTP Header Field X-Frame-Options Informational
RFC 6797 HTTP Strict Transport Security (HSTS) Proposed Standard
Upgrade Insecure Requests Upgrade Insecure Requests Candidate Recommendation
Content Security Policy 1.0 Content Security Policy 1.0 CSP 1.1 and CSP 3.0 doesn't extend the HTTP standard Obsolete
Microsoft document Specifying legacy document modes* Defines X-UA-Compatible Note
RFC 5689 HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) These extensions of the Web, as well as CardDAV and CalDAV, are out-of-scope for HTTP on the Web. Modern APIs for application are defines using the RESTful pattern nowadays. Proposed Standard
RFC 2324 Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) April 1st joke spec
RFC 7168 The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA) April 1st joke spec
HTML Living Standard HTML Defines extensions of HTTP for Server-Sent Events Living Standard
Reporting API Report-To header Draft
Draft spec Expect-CT Extension for HTTP IETF Draft
RFC 7486 HTTP Origin-Bound Auth (HOBA) Experimental