HTTP resources and specifications
HTTP was first specified in the early 1990s. Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.
Specification | Title | Status |
---|---|---|
RFC 9110 | HTTP Semantics | Internet Standard |
RFC 9111 | HTTP Caching | Internet Standard |
RFC 9112 | HTTP/1.1 | Internet Standard |
RFC 9113 | HTTP/2 | Proposed Standard |
RFC 9114 | HTTP/3 | Proposed Standard |
RFC 5861 | HTTP Cache-Control Extensions for Stale Content | Informational |
RFC 8246 | HTTP Immutable Responses | Proposed Standard |
RFC 6265 | HTTP State Management Mechanism Defines Cookies | Proposed Standard |
Draft spec | Cookie Prefixes | IETF Draft |
Draft spec | Same-Site Cookies | IETF Draft |
Draft spec | Deprecate modification of 'secure' cookies from non-secure origins | IETF Draft |
RFC 2145 | Use and Interpretation of HTTP Version Numbers | Informational |
RFC 6585 | Additional HTTP Status Codes | Proposed Standard |
RFC 7725 | An HTTP Status Code to Report Legal Obstacles | On the standard track |
RFC 2397 | The "data" URL scheme | Proposed Standard |
RFC 3986 | Uniform Resource Identifier (URI): Generic Syntax | Internet Standard |
RFC 5988 | Web Linking Defines the Link header |
Proposed Standard |
Draft spec | HTTP Client Hints | IETF Draft |
RFC 7578 | Returning Values from Forms: multipart/form-data | Proposed Standard |
RFC 6266 | Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) | Proposed Standard |
RFC 2183 | Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field Only a subset of syntax of the Content-Disposition header can be used in the context of HTTP messages. |
Proposed Standard |
RFC 7239 | Forwarded HTTP Extension | Proposed Standard |
RFC 6455 | The WebSocket Protocol | Proposed Standard |
RFC 5246 | The Transport Layer Security (TLS) Protocol Version 1.2 This specification has been modified by subsequent RFCs, but these modifications have no effect on the HTTP protocol. | Proposed Standard |
RFC 8446 | The Transport Layer Security (TLS) Protocol Version 1.3 Supersedes TLS 1.2. | Proposed Standard |
RFC 2817 | Upgrading to TLS Within HTTP/1.1 | Proposed Standard |
RFC 7541 | HPACK: Header Compression for HTTP/2 | On the standard track |
RFC 7838 | HTTP Alternative Services | On the standard track |
RFC 7301 | Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension Used to negotiate HTTP/2 at the transport to save an extra request/response round trip. | Proposed Standard |
RFC 6454 | The Web Origin Concept | Proposed Standard |
Fetch | Cross-Origin Resource Sharing | Living Standard |
RFC 7034 | HTTP Header Field X-Frame-Options | Informational |
RFC 6797 | HTTP Strict Transport Security (HSTS) | Proposed Standard |
Upgrade Insecure Requests | Upgrade Insecure Requests | Candidate Recommendation |
Content Security Policy 1.0 | Content Security Policy 1.0 CSP 1.1 and CSP 3.0 doesn't extend the HTTP standard | Obsolete |
Microsoft document | Specifying legacy document modes* Defines X-UA-Compatible | Note |
RFC 5689 | HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) These extensions of the Web, as well as CardDAV and CalDAV, are out-of-scope for HTTP on the Web. Modern APIs for application are defines using the RESTful pattern nowadays. | Proposed Standard |
RFC 2324 | Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) | April 1st joke spec |
RFC 7168 | The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA) | April 1st joke spec |
HTML Living Standard | HTML Defines extensions of HTTP for Server-Sent Events | Living Standard |
Reporting API | Report-To header |
Draft |
Draft spec | Expect-CT Extension for HTTP | IETF Draft |
RFC 7486 | HTTP Origin-Bound Auth (HOBA) | Experimental |
See also
- Evolution of HTTP
- Glossary terms: