想找 HTTP Header 的命名規則,沒有找到規則倒是找到分類的一些不錯的資訊。
HTTP Header 標準定義的欄位有哪些
HTTP Header 有很多的欄位,在 Apache 2.3 對 HTTP Header 有做下述限制:
- 預設 Size 限制: 8190 bytes
- 每個 request 最多 100 個欄位
下述兩個連結,對於 HTTP header fields 整理的很完整:
- Message Headers - 每個 Header field 欄位對應的 RFC 文件
- List of HTTP header fields - Wikipedia
- the Apache 2.3 server by default limits the size of each field to 8190 bytes, and there can be at most 100 header fields in a single request
HTTP 標準定義 Header 的欄位,看來名稱主要都是用 "-" 分隔,自訂的名稱多以 "X-" 開頭(註:並非一定要以 "X-" 開頭)
下述摘錄自此篇:HTTP headers - HTTP | MDN - 此篇有依照 HTTP Header 做分類
- Custom proprietary headers can be added using the 'X-' prefix, but this convention was deprecated in June 2012, because of the inconveniences it caused when non-standard fields became standard in RFC 6648 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
HTTP Header 欄位的分類
註:此為 2017年的定義,新版請再回網頁參考
- Authentication
- WWW-Authenticate
- Authorization
- Proxy-Authenticate
- Proxy-Authorization
- Caching
- Age
- Cache-Control
- Expires
- Pragma
- Warning
- Client hints
- Accept-CH
- Content-DPR
- DPR
- Downlink
- Save-Data
- Viewport-Width
- Width
- Conditionals
- Last-Modified
- ETag
- If-Match
- If-None-Match
- If-Modified-Since
- If-Unmodified-Since
- Connection management
- Connection
- Keep-Alive
- Content negotiation
- Accept
- Accept-Charset
- Accept-Encoding
- Accept-Language
- Controls
- Expect
- Max-Forwards
- Cookies
- Cookie
- Set-Cookie
- Cookie2 (被 Cookie 取代,棄用)
- Set-Cookie2 (被 Set-Cookie2 取代,棄用)
- CORS
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Allow-Headers
- Access-Control-Allow-Methods
- Access-Control-Expose-Headers
- Access-Control-Max-Age
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Origin
- Do Not Track
- DNT
- Tk
- Downloads
- Content-Disposition
- Message body information
- Content-Length
- Content-Type
- Content-Encoding
- Content-Language
- Content-Location
- Proxies
- Forwarded
- X-Forwarded-For
- X-Forwarded-Host
- X-Forwarded-Proto
- Via
- Redirects
Location - Request context
- From
- Host
- Referer
- Referrer-Policy
- User-Agent
- Response context
- Allow
- Server
- Range requests
- Accept-Ranges
- Range
- If-Range
- Content-Range
- Security
- Content-Security-Policy (CSP)
- Content-Security-Policy-Report-Only
- Public-Key-Pins (HPKP)
- Public-Key-Pins-Report-Only
- Strict-Transport-Security (HSTS)
- Upgrade-Insecure-Requests
- X-Content-Type-Options
- X-Frame-Options (XFO)
- X-XSS-Protection
- Server-sent events
- Ping-From
- Ping-To
- Last-Event-ID
- Transfer coding
- Transfer-Encoding
- TE
- Trailer
- WebSockets
- Sec-WebSocket-Key
- Sec-WebSocket-Extensions
- Sec-WebSocket-Accept
- Sec-WebSocket-Protocol
- Sec-WebSocket-Version Other
- Date
- Large-Allocation
- Link
- Retry-After
- SourceMap
- Upgrade
- Vary
- X-DNS-Prefetch-Control
- X-Firefox-Spdy
- X-Requested-With
- X-UA-Compatible