跳转到:

这篇翻译不完整。请帮忙从英语翻译这篇文章

HTTP 消息头允许客户端和服务器通过 request response传递附加信息。一个请求头由不区分大小写的名称后跟一个冒号“:”,冒号后跟具体的值(不带换行符)组成。该值前面的引导空白会被忽略。

自定专用消息头可通过'X-' 前缀来添加;但是由于其在非标准字段标准化使用时造成的不便之处,这种用法被IETF在2012年6月发布的 RFC5548 中明确弃用;其他的消息头在 IANA 注册表 中列出, 其原始内容在 RFC 4229 中定义. 此外,IANA 还维护着被提议的新HTTP 消息头注册表.

根据不同上下文,可将消息头分为:

  • 一般头: 同时适用于请求和响应消息,但与最终消息主体中传输的数据无关的消息头。
  • 请求头: 包含有关要获取的资源或客户端本身更多信息的消息头。
  • 响应头: 包含有关服务器响应的补充信息,如其位置或服务器本身(名称和版本等)的消息头。
  • 实体头: 包含有关实体主体的更多信息,比如主体长(Content-Length)度或其MIME类型。

消息头也可以根据代理对其的处理方式分为:

端到端消息头

这类消息头必须被传输到最终的消息接收者,也即,请求的服务器或响应的客户端。中间的代理服务器必须转发未经修改的端到端消息头,并且必须缓存它们。

逐跳消息头

这类消息头仅对单次传输连接有意义,不能通过代理或缓存进行重新转发。这些消息头包括 Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, TE, Trailer, Transfer-Encoding 及 Upgrade。注意,只能使用 Connection 来设置逐跳一般头。

左侧导航栏提供了按字母顺序排列的列表。以下列清单概括了消息头及其用途:

消息头 描述 更多信息 标准
Accept 用户代理期望的MIME 类型列表 HTTP Content Negotiation HTTP/1.1
Accept-CH 

列出配置数据,服务器可据此来选择适当的响应。 HTTP Client Hints  
Accept-Charset 列出用户代理支持的字符集。 HTTP Content Negotiation HTTP/1.1
Accept-Features   HTTP Content Negotiation RFC 2295, §8.2
Accept-Encoding 列出用户代支持的压缩方法。 HTTP Content Negotiation HTTP/1.1
Accept-Language 列出用户代理期望的页面语言。 HTTP Content Negotiation HTTP/1.1
Accept-Ranges      
Access-Control-Allow-Credentials   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Allow-Origin   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Allow-Methods   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Allow-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Max-Age   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Expose-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Request-Method   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Access-Control-Request-Headers   HTTP Access Control and Server Side Access Control W3C Cross-Origin Resource Sharing
Age      
Allow      
Alternates   HTTP Content Negotiation RFC 2295, §8.3
Authorization      
Cache-Control   HTTP Caching FAQ  
Connection      
Content-Encoding      
Content-Language      
Content-Length      
Content-Location      
Content-MD5   未实现 (查看 bug 232030)  
Content-Range      
Content-Security-Policy 控制用户代理在一个页面上可以加载使用的资源。 CSP (Content Security Policy) W3C Content Security Policy
Content-Type 指示服务器文档的MIME 类型。帮助用户代理(浏览器)去处理接收到的数据。    
Cookie     RFC 2109
DNT 设置该值为1, 表明用户明确退出任何形式的网上跟踪。 Supported by Firefox 4, Firefox 5 for mobile, IE9, and a few major companies. Tracking Preference Expression (DNT)
Date      
ETag   HTTP Caching FAQ  
Expect      
Expires   HTTP Caching FAQ  
From      
Host      
If-Match      
If-Modified-Since   HTTP Caching FAQ  
If-None-Match   HTTP Caching FAQ  
If-Range      
If-Unmodified-Since      
Last-Event-ID 给出服务器在先前HTTP连接上接收的最后事件的ID。用于同步文本/事件流。 Server-Sent Events Server-Sent Events spec
Last-Modified   HTTP Caching FAQ  
Link

等同于HTML标签中的"link",但它是在HTTP层上,给出一个与获取的资源相关的URL以及关系的种类。

For the rel=prefetch case, see Link Prefetching FAQ

Introduced in HTTP 1.1's RFC 2068, section 19.6.2.4, it was removed in the final HTTP 1.1 spec, then reintroduced, with some extensions, in RFC 5988

Location      
Max-Forwards      
Negotiate   HTTP Content Negotiation RFC 2295, §8.4
Origin   HTTP Access Control and Server Side Access Control More recently defined in the Fetch spec (see Fetch API.) Originally defined in W3C Cross-Origin Resource Sharing
Pragma   for the pragma: nocache value see HTTP Caching FAQ  
Proxy-Authenticate      
Proxy-Authorization      
Range      
Referer

(请注意,在HTTP / 0.9规范中引入的正交错误必须在协议的后续版本中保留)

   
Retry-After      
Sec-Websocket-Extensions      Websockets
Sec-Websocket-Key      Websockets
Sec-Websocket-Origin      Websockets
Sec-Websocket-Protocol      Websockets
Sec-Websocket-Version      Websockets
Server      
Set-Cookie     RFC 2109
Set-Cookie2     RFC 2965
Strict-Transport-Security   HTTP Strict Transport Security IETF reference
TCN   HTTP Content Negotiation RFC 2295, §8.5
TE      
Trailer

列出将在消息正文之后在尾部块中传输的头。这允许服务器计算一些值,如Content-MD5:在传输数据时。请注意,Trailer:标头不得列出Content-Length :, Trailer:或Transfer-Encoding:headers。

  RFC 2616, §14.40
Transfer-Encoding      
Upgrade      
User-Agent   for Gecko's user agents see the User Agents Reference  
Variant-Vary   HTTP Content Negotiation RFC 2295, §8.6
Vary

列出了用作Web服务器选择特定内容的条件的标头。此服务器对于高效和正确缓存发送的资源很重要。

HTTP Content Negotiation & HTTP Caching FAQ  
Via      
Warning      
WWW-Authenticate      
X-Content-Duration   Configuring servers for Ogg media  
X-Content-Security-Policy   Using Content Security Policy  
X-DNSPrefetch-Control   Controlling DNS prefetching  
X-Frame-Options   The XFrame-Option Response Header  
X-Requested-With

通常在值为“XMLHttpRequest”时使用

  Not standard

Notes

Note: The Keep-Alive request header is not sent by Gecko 5.0; previous versions did send it but it was not formatted correctly, so the decision was made to remove it for the time being. The Connection or Proxy-Connection header is still sent, however, with the value "keep-alive".

See also

Wikipedia page on List of HTTP headers

文档标签和贡献者

标签: 
此页面的贡献者: Weix, xgqfrms-GitHub, AlenQi, linzhixiong
最后编辑者: Weix,