What Referrer Policy that?
We know that in the introduction page picture, JS and other resources, or jump from one page to another page, will have a new HTTP request,
Browsers usually add to these requests represent Referrer header field sources. Referrer is useful in analyzing the user source, has a wide range of use .
Property description:
The new provisions five Referrer Referrer Policy Strategy: No Referrer, No Referrer When Downgrade, Origin Only, Origin When Cross-origin, and Unsafe URL.
Three strategies existed before: never, default and always, the new standard was changed the name. Their correspondence is as follows:
| Policy Name | Property value (new) | Property value (old) |
|---|---|---|
| No Referrer | no-referrer | never |
| No Referrer When Downgrade | no-referrer-when-downgrade | default |
| Origin Only | origin | - |
| Origin When Cross-origin | origin-when-crossorigin | - |
| Unsafe URL | unsafe-url | always |
- No Referrer :
- Referrer not transmit information under any circumstances;
- No Referrer When Downgrade :
- It occurs only when the degraded protocols (e.g., HTTP resource introducing an HTTPS page, a page from the HTTP jump HTTPS, etc.) is not transmitted Referrer information.
- This rule is now most browsers used by default;
- Origin Only
- : Referrer host transmits a portion only. Enable this rule, regardless of whether the agreement occurred downgrade,
- Whether inbound links or link station will send Referrer information, but only the portion containing protocol + host (does not contain information specific path and parameters, etc.);
- Origin When Cross-origin
- : Send only contains only Referrer host at the time of the occurrence of cross-domain access, under the same domain or complete.
- It differs from Origin Only is a multi-judge whether the Cross-origin. Note that the protocol, the domain name and port are the same, the browser will be considered the same domain;
- Unsafe URL :
- Whether or not to downgrade the protocol occurred, whether the site links or inbound links, all are sent Referrer information. As the name suggests, this is the most liberal and the most insecure strategy;
use:
Know what strategies can be used, also you need to know how to use. Here are three ways to specify the Referrer Policy:
1.CSP response header
CSP (Content Security Policy), is a specification for a page with content security.
In HTTP to tell the browser response header Content-Security-Policy field of the current page which CSP policy to use. I wrote before the Content Security Policy introduced ,
You can take a look at. CSP can also now command value by referrer and five optional command to specify Referrer strategy format is very simple:
Content-Security-Policy: referrer no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|unsafe-url;
Note: According to the document , when setting Origin When Cross-origin policy by CSP head command value should origin-when-cross-origin,
There are differences with the previous table in the origin-when-crossorigin. In fact, after my tests, Chrome 42 supports only the origin-when-crossorigin,
Follow-up will not change is not known, it is recommended that you use when he first test it.
CSP between the commands and command values separated by spaces, separated by a semicolon between the plurality of instructions.
2. <meta> tag
By <meta> tag you can also specify Referrer strategy is equally simple:
<meta name="referrer" content="no-referrer|no-referrer-when-downgrade|origin|origin-when-crossorigin|unsafe-url">
Note that, <meta> only on the <head> ... </ head> between the position if there is not it will be ignored. Similarly, if the content is not defined attribute to it, or content property is empty, it will be ignored. If the content value of property is not legitimate, the browser will automatically select the most stringent no-referrer this strategy.
You can also specify the policy by giving <a> Referrer increase referrer tag attributes, in the following format:
<a href="http://example.com" referrer="no-referrer|origin|unsafe-url">xxx</a>
It is only in this way the role of a link. And, <a> labels available Referrer strategy only three: do not pass, just pass both host and pass.
In addition, this policy priorities for the single link is set to be higher than the CSP and <meta>.
In addition repeat, at this stage of the browser also retains the support never, default and always, but is no longer recommended for use.
It can be seen through the new Referrer strategy, site owners can choose a higher level of security to ensure that users' privacy is not compromised;
You can also select a lower security level to get some convenience, only the default policy across the board by the browser than before, a lot of really flexible.
Accept
What Accept that?
Accept representative of the transmission side (client) wishes to receive data type
1.Accept belonging request header, Content- the Type entity-header belongs.
Http header common header, the request header, and response header entity header. Http header structure requesting party: common header | request header | header entity
in response http header structure side: common header | response header | header entity
For example: Accept: text / xml (application / json);
data type represents the client is willing to accept XML (JSON) Type
Content-Type on behalf of the sender (client | server) data types entity data sent.
比如:Content-Type:text/html(application/json) ;
Representative transmitting side transmits data format is HTML ( JSON ).
The two together,
Accept:text/xml;
Content-Type:text/html
Which represents a desired type of data received in xml format, the data format of the data transmitted this request is html.
If you accept the specified type and response type of return is inconsistent, there will be 406, not acceptable error corresponding to java spring project is
HttpHeaders headers = new HttpHeaders();
headers.add("Accept", MediaType.APPLICATION_JSON_UTF8_VALUE.toString());
如果head头里加了accept,那么@RequestMapping里的produces = "*/*"或produces = "application/json"
Accept-Encoding
Accept-Encoding 是浏览器发给服务器,声明浏览器支持的编码类型的
常见的有
Accept-Encoding: compress, gzip //支持compress 和gzip类型(压缩)
Accept-Encoding: //默认是identity
Accept-Encoding: * //支持所有类型
Accept-Encoding: compress;q=0.5, gzip;q=1.0 //按顺序支持 gzip , compress
Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0 // 按顺序支持 gzip , identity
服务器返回的对应的类型编码header是 content-encoding
服务器处理accept-encoding的规则如下所示
1. 如果服务器可以返回定义在Accept-Encoding 中的任何一种Encoding类型, 那么处理成功(除非q的值等于0, 等于0代表不可接受)
2. * 代表任意一种Encoding类型 (除了在Accept-Encoding中显示定义的类型)
3.如果有多个Encoding同时匹配, 按照q值顺序排列
4. identity总是可被接受的encoding类型(除非显示的标记这个类型q=0) ,
如果Accept-Encoding的值是空 那么只有identity是会被接受的类型
如果Accept-Encoding中的所有类型服务器都没发返回, 那么应该返回406错误给客户端
如果request中没有Accept-Encoding 那么服务器会假设所有的Encoding都是可以被接受的,
如果Accept-Encoding中有identity 那么应该优先返回identity (除非有q值的定义,或者你认为另外一种类型是更有意义的)
注意:
如果服务器不支持identity 并且浏览器没有发送Accept-Encoding,那么服务器应该倾向于使用HTTP1.0中的 "gzip" and "compress" ,
服务器可能按照客户端类型 发送更适合的encoding类型
大部分HTTP1.0的客户端无法处理q值
Cache-Control
Cache-Control指定了请求和响应遵循的缓存机制。好的缓存机制可以减少对网络带宽的占用,可以提高访问速度,提高用户的体验,还可以减轻服务器的负担。
Cache-Control主要有以下几种类型:
(1) 请求Request:
[1] no-cache ---- 不要读取缓存中的文件,要求向WEB服务器重新请求
[2] no-store ---- 请求和响应都禁止被缓存
[2] max-age: ---- 表示当访问此网页后的max-age秒内再次访问不会去服务器请求,其功能与Expires类似,
只是Expires是根据某个特定日期值做比较。一但缓存者自身的时间不准确.则结果可能就是错误的,
而max-age,显然无此问题.。Max-age的优先级也是高于Expires的。
[3] max-stale ---- 允许读取过期时间必须小于max-stale 值的缓存对象。
[4] min-fresh ---- 接受其max-age生命期大于其当前时间 跟 min-fresh 值之和的缓存对象
[5] only-if-cached ---- 告知缓存者,我希望内容来自缓存,我并不关心被缓存响应,是否是新鲜的.
[6] no-transform ---- 告知代理,不要更改媒体类型,比如jpg,被你改成png.
(2) 响应Response:
[1] public ---- 数据内容皆被储存起来,就连有密码保护的网页也储存,安全性很低
[2] private ---- 数据内容只能被储存到私有的cache,仅对某个用户有效,不能共享
[3] no-cache ---- 可以缓存,但是只有在跟WEB服务器验证了其有效后,才能返回给客户端
[4] no-store ---- 请求和响应都禁止被缓存
[4] max-age: ----- 本响应包含的对象的过期时间
[5] Must-revalidate ---- 如果缓存过期了,会再次和原来的服务器确定是否为最新数据,而不是和中间的proxy
[6] max-stale ---- 允许读取过期时间必须小于max-stale 值的缓存对象。
[7] proxy-revalidate ---- 与Must-revalidate类似,区别在于:proxy-revalidate要排除掉用户代理的缓存的。即其规则并不应用于用户代理的本地缓存上。
[8] s-maxage ---- 与max-age的唯一区别是,s-maxage仅仅应用于共享缓存.而不应用于用户代理的本地缓存等针对单用户的缓存. 另外,s-maxage的优先级要高于max-age.
[9] no-transform ---- 告知代理,不要更改媒体类型,比如jpg,被你改成png.
Connection
HTTP持久连接允许在事务处理结束之后将TCP连接保持在打开状态,以便为未来的HTTP请求重用现存的连接。
在事务处理结束之后仍然保持在打开状态的TCP连接被称为持久连接。持久连接会在不同事务之间保持打开状态,直到客户端或服务器决定将其关闭为止。
优点:重用已对目标服务器打开的空闲持久连接,可以避开缓慢的连接建立阶段,更快速地进行数据的传输。
缺点:管理不当可能会积累出大量的空闲连接,耗费本地客户端以及远程服务器上的资源。
非持久连接会在每个事务处理结束之后关闭。
HTTP持久连接实现手段是HTTP首部添加Connection字段
- Connection: keep-alive , 开启HTTP持久连接,HTTP 1.1默认值
- Connection: close , 关闭HTTP持久连接,HTTP 1.0默认值
HTTP keep-alive与TCP keep-alive区别
- HTTP keep-alive参数为了减少TCP连接和断开而提出的一种解决方案,HTTP持久连接即TCP长连接。
- TCP keep-alive参数主要为探测长连接的存活状况,即TCP保活功能。
本文将对HTTP首部Connction实践,对比keep-alive/close两个值在HTTP和TCP的表现情况。后端使用Spring boot+Java,前端使用HTML+CSS。
HTTP Request首部Connection
如果Client希望HTTP使用持久连接,在Request首部指定Connection: keep-alive,否则指定Connection: close
Origin
Pragma
pragma是http/1.1之前版本的历史遗留字段,仅作为与http的向后兼容而定义。
Referer
HTTP Referer是header的一部分,当浏览器向web服务器发送请求的时候,一般会带上Referer,
告诉服务器该网页是从哪个页面链接过来的,服务器因此可以获得一些信息用于处理。
User-Agent
User-Agent 首部包含了一个特征字符串,用来让网络协议的对端来识别发起请求的用户代理软件的应用类型、操作系统、软件开发商以及版本号。
资源可支持的HTTP方法
Content-Type
Content-Type(内容类型),一般是指网页中存在的 Content-Type,用于定义网络文件的类型和网页的编码,决定浏览器将以什么形式、什么编码读取这个文件
常见的媒体格式类型如下: text/html : HTML格式 text/plain :纯文本格式 text/xml : XML格式 image/gif :gif图片格式 image/jpeg :jpg图片格式 image/png:png图片格式 以application开头的媒体格式类型: application/xhtml+xml :XHTML格式 application/xml: XML数据格式 application/atom+xml :Atom XML聚合格式 application/json: JSON数据格式 application/pdf:pdf格式 application/msword : Word文档格式 application/octet-stream : 二进制流数据(如常见的文件下载) application/x-www-form-urlencoded : <form encType=””>中默认的encType,
form表单数据被编码为key/value格式发送到服务器(表单默认的提交数据的格式) 另外一种常见的媒体格式是上传文件之时使用的: multipart/form-data : 需要在表单中进行文件上传时,就需要使用该格式
文件扩展名 Content-Type(Mime-Type) 文件扩展名 Content-Type(Mime-Type)
.*( 二进制流,不知道下载文件类型) application/octet-stream .tif image/tiff
.001 application/x-001 .301 application/x-301
.323 text/h323 .906 application/x-906
.907 drawing/907 .a11 application/x-a11
.acp audio/x-mei-aac .ai application/postscript
.aif audio/aiff .aifc audio/aiff
.aiff audio/aiff .anv application/x-anv
.asa text/asa .asf video/x-ms-asf
.asp text/asp .asx video/x-ms-asf
.au audio/basic .avi video/avi
.awf application/vnd.adobe.workflow .biz text/xml
.bmp application/x-bmp .bot application/x-bot
.c4t application/x-c4t .c90 application/x-c90
.cal application/x-cals .cat application/vnd.ms-pki.seccat
.cdf application/x-netcdf .cdr application/x-cdr
.cel application/x-cel .cer application/x-x509-ca-cert
.cg4 application/x-g4 .cgm application/x-cgm
.cit application/x-cit .class java/*
.cml text/xml .cmp application/x-cmp
.cmx application/x-cmx .cot application/x-cot
.crl application/pkix-crl .crt application/x-x509-ca-cert
.csi application/x-csi .css text/css
.cut application/x-cut .dbf application/x-dbf
.dbm application/x-dbm .dbx application/x-dbx
.dcd text/xml .dcx application/x-dcx
.der application/x-x509-ca-cert .dgn application/x-dgn
.dib application/x-dib .dll application/x-msdownload
.doc application/msword .dot application/msword
.drw application/x-drw .dtd text/xml
.dwf Model/vnd.dwf .dwf application/x-dwf
.dwg application/x-dwg .dxb application/x-dxb
.dxf application/x-dxf .edn application/vnd.adobe.edn
.emf application/x-emf .eml message/rfc822
.ent text/xml .epi application/x-epi
.eps application/x-ps .eps application/postscript
.etd application/x-ebx .exe application/x-msdownload
.fax image/fax .fdf application/vnd.fdf
.fif application/fractals .fo text/xml
.frm application/x-frm .g4 application/x-g4
.gbr application/x-gbr . application/x-
.gif image/gif .gl2 application/x-gl2
.gp4 application/x-gp4 .hgl application/x-hgl
.hmr application/x-hmr .hpg application/x-hpgl
.hpl application/x-hpl .hqx application/mac-binhex40
.hrf application/x-hrf .hta application/hta
.htc text/x-component .htm text/html
.html text/html .htt text/webviewhtml
.htx text/html .icb application/x-icb
.ico image/x-icon .ico application/x-ico
.iff application/x-iff .ig4 application/x-g4
.igs application/x-igs .iii application/x-iphone
.img application/x-img .ins application/x-internet-signup
.isp application/x-internet-signup .IVF video/x-ivf
.java java/* .jfif image/jpeg
.jpe image/jpeg .jpe application/x-jpe
.jpeg image/jpeg .jpg image/jpeg
.jpg application/x-jpg .js application/x-javascript
.jsp text/html .la1 audio/x-liquid-file
.lar application/x-laplayer-reg .latex application/x-latex
.lavs audio/x-liquid-secure .lbm application/x-lbm
.lmsff audio/x-la-lms .ls application/x-javascript
.ltr application/x-ltr .m1v video/x-mpeg
.m2v video/x-mpeg .m3u audio/mpegurl
.m4e video/mpeg4 .mac application/x-mac
.man application/x-troff-man .math text/xml
.mdb application/msaccess .mdb application/x-mdb
.mfp application/x-shockwave-flash .mht message/rfc822
.mhtml message/rfc822 .mi application/x-mi
.mid audio/mid .midi audio/mid
.mil application/x-mil .mml text/xml
.mnd audio/x-musicnet-download .mns audio/x-musicnet-stream
.mocha application/x-javascript .movie video/x-sgi-movie
.mp1 audio/mp1 .mp2 audio/mp2
.mp2v video/mpeg .mp3 audio/mp3
.mp4 video/mpeg4 .mpa video/x-mpg
.mpd application/vnd.ms-project .mpe video/x-mpeg
.mpeg video/mpg .mpg video/mpg
.mpga audio/rn-mpeg .mpp application/vnd.ms-project
.mps video/x-mpeg .mpt application/vnd.ms-project
.mpv video/mpg .mpv2 video/mpeg
.mpw application/vnd.ms-project .mpx application/vnd.ms-project
.mtx text/xml .mxp application/x-mmxp
.net image/pnetvue .nrf application/x-nrf
.nws message/rfc822 .odc text/x-ms-odc
.out application/x-out .p10 application/pkcs10
.p12 application/x-pkcs12 .p7b application/x-pkcs7-certificates
.p7c application/pkcs7-mime .p7m application/pkcs7-mime
.p7r application/x-pkcs7-certreqresp .p7s application/pkcs7-signature
.pc5 application/x-pc5 .pci application/x-pci
.pcl application/x-pcl .pcx application/x-pcx
.pdf application/pdf .pdf application/pdf
.pdx application/vnd.adobe.pdx .pfx application/x-pkcs12
.pgl application/x-pgl .pic application/x-pic
.pko application/vnd.ms-pki.pko .pl application/x-perl
.plg text/html .pls audio/scpls
.plt application/x-plt .png image/png
.png application/x-png .pot application/vnd.ms-powerpoint
.ppa application/vnd.ms-powerpoint .ppm application/x-ppm
.pps application/vnd.ms-powerpoint .ppt application/vnd.ms-powerpoint
.ppt application/x-ppt .pr application/x-pr
.prf application/pics-rules .prn application/x-prn
.prt application/x-prt .ps application/x-ps
.ps application/postscript .ptn application/x-ptn
.pwz application/vnd.ms-powerpoint .r3t text/vnd.rn-realtext3d
.ra audio/vnd.rn-realaudio .ram audio/x-pn-realaudio
.ras application/x-ras .rat application/rat-file
.rdf text/xml .rec application/vnd.rn-recording
.red application/x-red .rgb application/x-rgb
.rjs application/vnd.rn-realsystem-rjs .rjt application/vnd.rn-realsystem-rjt
.rlc application/x-rlc .rle application/x-rle
.rm application/vnd.rn-realmedia .rmf application/vnd.adobe.rmf
.rmi audio/mid .rmj application/vnd.rn-realsystem-rmj
.rmm audio/x-pn-realaudio .rmp application/vnd.rn-rn_music_package
.rms application/vnd.rn-realmedia-secure .rmvb application/vnd.rn-realmedia-vbr
.rmx application/vnd.rn-realsystem-rmx .rnx application/vnd.rn-realplayer
.rp image/vnd.rn-realpix .rpm audio/x-pn-realaudio-plugin
.rsml application/vnd.rn-rsml .rt text/vnd.rn-realtext
.rtf application/msword .rtf application/x-rtf
.rv video/vnd.rn-realvideo .sam application/x-sam
.sat application/x-sat .sdp application/sdp
.sdw application/x-sdw .sit application/x-stuffit
.slb application/x-slb .sld application/x-sld
.slk drawing/x-slk .smi application/smil
.smil application/smil .smk application/x-smk
.snd audio/basic .sol text/plain
.sor text/plain .spc application/x-pkcs7-certificates
.spl application/futuresplash .spp text/xml
.ssm application/streamingmedia .sst application/vnd.ms-pki.certstore
.stl application/vnd.ms-pki.stl .stm text/html
.sty application/x-sty .svg text/xml
.swf application/x-shockwave-flash .tdf application/x-tdf
.tg4 application/x-tg4 .tga application/x-tga
.tif image/tiff .tif application/x-tif
.tiff image/tiff .tld text/xml
.top drawing/x-top .torrent application/x-bittorrent
.tsd text/xml .txt text/plain
.uin application/x-icq .uls text/iuls
.vcf text/x-vcard .vda application/x-vda
.vdx application/vnd.visio .vml text/xml
.vpg application/x-vpeg005 .vsd application/vnd.visio
.vsd application/x-vsd .vss application/vnd.visio
.vst application/vnd.visio .vst application/x-vst
.vsw application/vnd.visio .vsx application/vnd.visio
.vtx application/vnd.visio .vxml text/xml
.wav audio/wav .wax audio/x-ms-wax
.wb1 application/x-wb1 .wb2 application/x-wb2
.wb3 application/x-wb3 .wbmp image/vnd.wap.wbmp
.wiz application/msword .wk3 application/x-wk3
.wk4 application/x-wk4 .wkq application/x-wkq
.wks application/x-wks .wm video/x-ms-wm
.wma audio/x-ms-wma .wmd application/x-ms-wmd
.wmf application/x-wmf .wml text/vnd.wap.wml
.wmv video/x-ms-wmv .wmx video/x-ms-wmx
.wmz application/x-ms-wmz .wp6 application/x-wp6
.wpd application/x-wpd .wpg application/x-wpg
.wpl application/vnd.ms-wpl .wq1 application/x-wq1
.wr1 application/x-wr1 .wri application/x-wri
.wrk application/x-wrk .ws application/x-ws
.ws2 application/x-ws .wsc text/scriptlet
.wsdl text/xml .wvx video/x-ms-wvx
.xdp application/vnd.adobe.xdp .xdr text/xml
.xfd application/vnd.adobe.xfd .xfdf application/vnd.adobe.xfdf
.xhtml text/html .xls application/vnd.ms-excel
.xls application/x-xls .xlw application/x-xlw
.xml text/xml .xpl audio/scpls
.xq text/xml .xql text/xml
.xquery text/xml .xsd text/xml
.xsl text/xml .xslt text/xml
.xwd application/x-xwd .x_b application/x-x_b
.sis application/vnd.symbian.install .sisx application/vnd.symbian.install
.x_t application/x-x_t .ipa application/vnd.iphone
.apk application/vnd.android.package-archive .xap application/x-silverlight-app
Server
WSGIServer/0.2 CPython/3.7.2 表示服务端用的语言和服务
Vary
Vary 是一个HTTP响应头部信息,它决定了对于未来的一个请求头,
应该用一个缓存的回复(response)还是向源服务器请求一个新的回复。
它被服务器用来表明在 content negotiationalgorithm(内容协商算法)中选择一个资源代表的时候应该使用哪些头部信息(headers)
X-Frame-Options
The X-Frame-Options HTTP 响应头是用来给浏览器 指示允许一个页面
可否在 <frame>, <iframe>, <embed> 或者 <object> 中展现的标记。
站点可以通过确保网站没有被嵌入到别人的站点里面,从而避免 clickjacking 攻击。
使用 X-Frame-Options
X-Frame-Options 有三个值:
-
DENY - 表示该页面不允许在 frame 中展示,即便是在相同域名的页面中嵌套也不允许。
-
SAMEORIGIN - 表示该页面可以在相同域名页面的 frame 中展示。
-
ALLOW-FROM uri - 表示该页面可以在指定来源的 frame 中展示。
- ps:
换一句话说,如果设置为 DENY,不光在别人的网站 frame 嵌入时会无法加载,
在同域名页面中同样会无法加载。另一方面,如果设置为 SAMEORIGIN,那么页面就可以在同域名页面的 frame 中嵌套。
所有头
6. 首部
6.1 通用首部字段
| 首部字段名 | 说明 |
|---|---|
| Cache-Control | 控制缓存行为 |
| Connection | 链接的管理 |
| Date | 报文日期 |
| Pragma | 报文指令 |
| Trailer | 报文尾部的首部 |
| Trasfer-Encoding | 指定报文主体的传输编码方式 |
| Upgrade | 升级为其他协议 |
| Via | 代理服务器信息 |
| Warning | 错误通知 |
6.2 请求首部字段
| 首部字段名 | 说明 |
|---|---|
| Accept | 用户代理可处理的媒体类型 |
| Accept-Charset | 优先的字符集 |
| Accept-Encoding | 优先的编码 |
| Accept-Langulage | 优先的语言 |
| Authorization | Web认证信息 |
| Expect | 期待服务器的特定行为 |
| From | 用户的电子邮箱地址 |
| Host | 请求资源所在的服务器 |
| If-Match | 比较实体标记 |
| If-Modified-Since | 比较资源的更新时间 |
| If-None-Match | 比较实体标记 |
| If-Range | 资源未更新时发送实体Byte的范围请求 |
| If-Unmodified-Since | 比较资源的更新时间(和If-Modified-Since相反) |
| Max-Forwards | 最大传输跳数 |
| Proxy-Authorization | 代理服务器需要客户端认证 |
| Range | 实体字节范围请求 |
| Referer | 请求中的URI的原始获取方 |
| TE | 传输编码的优先级 |
| User-Agent | HTTP客户端程序的信息 |
6.3 响应首部字段
| 首部字段名 | 说明 |
|---|---|
| Accept-Ranges | 是否接受字节范围 |
| Age | 资源的创建时间 |
| ETag | 资源的匹配信息 |
| Location | 客户端重定向至指定的URI |
| Proxy-Authenticate | 代理服务器对客户端的认证信息 |
| Retry-After | 再次发送请求的时机 |
| Server | 服务器的信息 |
| Vary | 代理服务器缓存的管理信息 |
| www-Authenticate | 服务器对客户端的认证 |
6.4 实体首部字段
| 首部字段名 | 说明 |
|---|---|
| Allow | 资源可支持的HTTP方法 |
| Content-Encoding | 实体的编码方式 |
| Content-Language | 实体的自然语言 |
| Content-Length | 实体的内容大小(字节为单位) |
| Content-Location | 替代对应资源的URI |
| Content-MD5 | 实体的报文摘要 |
| Content-Range | 实体的位置范围 |
| Content-Type | 实体主体的媒体类型 |
| Expires | 实体过期时间 |
| Last-Modified | 资源的最后修改时间 |
| 请求头字段 | 说明 | 响应头字段 |
|---|---|---|
| Accept | 告知服务器发送何种媒体类型 | Content-Type |
| Accept-Language | 告知服务器发送何种语言 | Content-Language |
| Accept-Charset | 告知服务器发送何种字符集 | Content-Type |
| Accept-Encoding | 告知服务器采用何种压缩方式 | Content-Encoding |