Http request headers and response headers (Get and Post)

Introduction to HTTP

The HTTP protocol is the abbreviation of Hyper Text Transfer Protocol (Hyper Text Transfer Protocol), which is a transfer protocol for transferring hypertext from a World Wide Web (WWW: World Wide Web) server to a local browser. .
HTTP is a communication protocol based on TCP/IP to transfer data (HTML files, image files, query results, etc.).

How HTTP Works

Three things to note about HTTP:

• HTTP is connectionless: the meaning of connectionless is to limit the processing of only one request per connection. After the server processes the client's request and receives the client's response, it disconnects. In this way, transmission time can be saved.
• HTTP is media independent: this means that any type of data can be sent over HTTP as long as the client and server know what to do with the data content. The client and server specify the appropriate MIME-type content-type.
• HTTP is stateless: The HTTP protocol is a stateless protocol. Stateless means that the protocol has no memory capability for transaction processing. The lack of state means that if previous information is required for subsequent processing, it must be retransmitted, potentially resulting in an increased amount of data transferred per connection. On the other hand, the server responds faster when it does not need the previous information.

 

HTTP message structure

HTTP request message

An HTTP request message consists of four parts: request line, request header, blank line and request data. The following figure shows the general format of the request message.

 

1. Request line

The request line consists of three fields: the request method field, the URL field, and the HTTP protocol version field, which are separated by spaces. For example, GET /index.html HTTP/1.1.

According to the HTTP standard, HTTP requests can use various request methods.
HTTP 1.0 defines three request methods: GET, POST and HEAD methods.
HTTP1.1 added five new request methods: OPTIONS, PUT, DELETE, TRACE and CONNECT methods.

 

The common ones are as follows:

1).GET

The most common request method, when the client wants to read the document from the server, click the link on the web page or browse the web page by entering the URL in the address bar of the browser, the GET method is used. The GET method requires the server to place the resource located by the URL in the data part of the response message and send it back to the client. When using the GET method, the request parameters and corresponding values ​​are appended to the URL, and a question mark ("?") is used to represent the end of the URL and the beginning of the request parameters. The length of the passed parameters is limited. For example, /index.jsp?id=100&op=bind, the data passed by GET is directly represented in the address, so we can send the request result to friends in the form of a link. Take Google search for domety as an example, the Request format is as follows:

[html]  view plain copy  

 

1. GET /search?hl=zh-CN&source=hp&q=domety&aq=f&oq= HTTP/1.1    
2. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint,   
3. application/msword, application/x-silverlight, application/x-shockwave-flash, */*    
4. Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>    
5. Accept-Language: zh-cn    
6. Accept-Encoding: gzip, deflate    
7. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)    
8. Host: <a href="http://www.google.cn">www.google.cn</a>    
9. Connection: Keep-Alive    
10. Cookie:  PREF= ID= 80a06da87be9ae3c:U= f7167333e2c3b714 NW= 1 TM= 1 :TM= LM= 1261551909 : LM= 1261551917 S= ybYcq2wpfefs4V9g;   
11. NOT = 31 = ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y  
12. FxlRugatx63JLv7CWMD6UB_O_r   

It can be seen that the GET request generally does not contain the "request content" part, and the request data is expressed in the request line in the form of an address. The address link is as follows:

[html]  view plain copy  

 

1. <a href="http://www.google.cn/search?hl=zh-CN&source=hp&q=domety&aq=f&oq=">http://www.google.cn/search?hl=zh-CN&source=hp  
2. &q=domety&aq=f&oq=</a>  

The part after the "?" in the address is the request data sent through GET. We can clearly see in the address bar that each data is separated by an "&" symbol. Obviously, this method is not suitable for transmitting private data. In addition, because different browsers have different character restrictions on addresses, generally only 1024 characters can be recognized at most, so if a large amount of data needs to be transmitted, it is not suitable to use the GET method.

2).POST

For the above-mentioned situations where the GET method is not suitable, you can consider using the POST method, because using the POST method allows the client to provide more information to the server. The POST method encapsulates the request parameters in the HTTP request data, in the form of name/value, and can transmit a large amount of data. In this way, the POST method has no limit to the size of the transmitted data, and it will not be displayed in the URL. Taking the above search for domety as an example, if the POST method is used, the format is as follows:

[html]  view plain copy  

 

1. POST /search HTTP/1.1    
2. Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint,   
3. application/msword, application/x-silverlight, application/x-shockwave-flash, */*    
4. Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>    
5. Accept-Language: zh-cn    
6. Accept-Encoding: gzip, deflate    
7. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)    
8. Host: <a href="http://www.google.cn">www.google.cn</a>    
9. Connection: Keep-Alive    
10. Cookie:  PREF= ID= 80a06da87be9ae3c:U= f7167333e2c3b714 NW= 1 TM= 1 :TM= LM= 1261551909 : LM= 1261551917 S= ybYcq2wpfefs4V9g;   
11. NOT = 31 = ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y  
12. FxlRugatx63JLv7CWMD6UB_O_r    
13.   
14. hl=zh-CN&source=hp&q=domety  

It can be seen that the POST request line does not contain data strings. These data are stored in the "Request Content" section, and the data is also separated by the "&" symbol. The POST method is mostly used in the form of the page. Because POST can also complete the function of GET, most people always use the POST method when designing forms. In fact, this is a misunderstanding. The GET method also has its own characteristics and advantages. We should choose whether to use GET or POST according to different situations.

3).HEAD

HEAD is like GET, except that the server only returns the response header after receiving the HEAD request, and does not send the response content. When we only need to view the status of a page, using HEAD is very efficient, because the page content is omitted during the transfer process.

2. Request header

The request header consists of keyword/value pairs, one pair per line, and the keyword and value are separated by an English colon ":". The request headers inform the server about the client request. Typical request headers are:

• User-Agent: The type of browser that made the request.
• Accept: A list of content types recognized by the client.
• Host: The requested host name, multiple domain names are allowed to share the same IP address, that is, a virtual host.

 

3. Blank line

After the last request header is a blank line, sending a carriage return and a newline to inform the server that there are no more request headers below.

 

 

4. Request data

Request data is not used in GET method, but in POST method. The POST method is suitable for situations where the customer is required to fill out a form. The most commonly used request headers related to request data are Content-Type and Content-Length.

example

1).GET

//Request the first line GET /hello/index.jsp HTTP/1.1 //Request header information, because the GET request has no body Host: localhost User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Cookie: JSESSIONID=369766FDF6220F7803433C0B2DE36D98 //Blank line //Because GET has no body, the following is empty

 

2).POST

// request first line POST /hello/index.jsp HTTP/1.1 // request header information Host: localhost User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: http://localhost/hello/index.jsp Cookie: JSESSIONID=369766FDF6220F7803433C0B2DE36D98 Content-Type: application/x-www-form-urlencoded  Content-Length: 14  // blank line here //POST has request body username=hello

 

HTTP response message

The HTTP response also consists of three parts: status line, response header, blank line, and response body.
As you can see, the only real difference in the response is the replacement of the request information with the status information in the first line. The status line describes the requested resource by providing a status code.

The status line format is as follows:

[html]  view plain copy  

 

1. HTTP-Version    Status-Code    Reason-Phrase    CRLF  

其中，HTTP-Version表示服务器HTTP协议的版本；
Status-Code表示服务器发回的响应状态代码；
Reason-Phrase表示状态代码的文本描述。

 

HTTP状态码

当浏览者访问一个网页时，浏览者的浏览器会向网页所在服务器发出请求。当浏览器接收并显示网页前，此网页所在的服务器会返回一个包含HTTP状态码的信息头（server header）用以响应浏览器的请求。
HTTP状态码的英文为HTTP Status Code。状态代码由三位数字组成，第一个数字定义了响应的类别，且有五种可能取值。

• 1xx：指示信息--表示请求已接收，继续处理。
• 2xx：成功--表示请求已被成功接收、理解、接受。
• 3xx：重定向--要完成请求必须进行更进一步的操作。
• 4xx：客户端错误--请求有语法错误或请求无法实现。
• 5xx：服务器端错误--服务器未能实现合法的请求。

常见状态代码、状态描述的说明如下。

• 200 OK：客户端请求成功。
• 400 Bad Request：客户端请求有语法错误，不能被服务器所理解。
• 401 Unauthorized：请求未经授权，这个状态代码必须和WWW-Authenticate报头域一起使用。
• 403 Forbidden：服务器收到请求，但是拒绝提供服务。
• 404 Not Found：请求资源不存在，举个例子：输入了错误的URL。
• 500 Internal Server Error：服务器发生不可预期的错误。
• 503 Server Unavailable：服务器当前不能处理客户端的请求，一段时间后可能恢复正常，举个例子：HTTP/1.1 200 OK（CRLF）。

 

HTTP响应头

 

HTTP content-Type

Content-Type，内容类型，一般是指网页中存在的Content-Type，用于定义网络文件的类型和网页的编码，决定浏览器将以什么形式、什么编码读取这个文件，这就是经常看到一些Asp网页点击的结果却是下载到的一个文件或一张图片的原因。

HTTP content-type 对照表

 

 

 

关于HTTP请求GET和POST的区别

 

1.GET提交，请求的数据会附在URL之后（就是把数据放置在HTTP协议头＜request-line＞中），以?分割URL和传输数据，多个参数用&连接;例如：login.action?name=hyddd&password=idontknow&verify=%E4%BD%A0 %E5%A5%BD。如果数据是英文字母/数字，原样发送，如果是空格，转换为+，如果是中文/其他字符，则直接把字符串用BASE64加密，得出如： %E4%BD%A0%E5%A5%BD，其中％XX中的XX为该符号以16进制表示的ASCII。

  POST提交：把提交的数据放置在是HTTP包的包体＜request-body＞中。上文示例中红色字体标明的就是实际的传输数据

  因此，GET提交的数据会在地址栏中显示出来，而POST提交，地址栏不会改变

2.传输数据的大小：

   首先声明,HTTP协议没有对传输的数据大小进行限制，HTTP协议规范也没有对URL长度进行限制。 而在实际开发中存在的限制主要有：

   GET:特定浏览器和服务器对URL长度有限制，例如IE对URL长度的限制是2083字节(2K+35)。对于其他浏览器，如Netscape、FireFox等，理论上没有长度限制，其限制取决于操作系统的支持。

   因此对于GET提交时，传输数据就会受到URL长度的限制。

   POST:由于不是通过URL传值，理论上数据不受限。但实际各个WEB服务器会规定对post提交数据大小进行限制，Apache、IIS6都有各自的配置。

3. Security:

    POST is more secure than GET. Note: The security mentioned here is not the same concept as the "security" mentioned in GET above. The meaning of "security" above is only not to modify data, and the meaning of security here is the meaning of real Security, such as: submitting data through GET, the user name and password will appear on the URL in clear text, because (1) the login page may be accessed by Browser cache, (2) Others view the browser's history, then others can get your account and password,