Chapter VI HTTP headers
HTTP header portion comprising: request line <Method, URI, version number> / response line <version, status code>, request / response header field, general header field, the entity header field
1.HTTP header fields
HTTP header field structure: header field name: field value.
[ Request header fields ]:
[ Response header field ]:
[ General header field ]: header request packet and response packet will use.
[ Entity header fields ]: request packets and response packets for the physical part. It complements the resource content update time.
[ Non-HTTP / 1.1 header field ]: Cookie, Set-Cookie, Content -Disposition and so on.
[ Header end to end ]: points in this category will be forwarded to a header request / response corresponding to the final target received, and must be stored in a response generated by the cache, the additional provisions which must be forwarded.
[ Hop-headers ]: points in this category header to forward only valid for a single, due to cache or by proxy rather than forward. Version HTTP / 1.1 and later, if you want to use hop-by-hop header, must provide the Connection header field.
2. Cookie header field for the service
3. Other header fields
[ X-Frame-Options ] belongs to the HTTP response headers, to control site content display problems in the Frame tag of other Web sites. Its main purpose is to prevent clickjacking (clickjacking) attacks.
【X-XSS-Protection】 属于 HTTP 响应首部,它是针对跨站脚本攻击(XSS)的一种对策,用于控制浏览器 XSS 防护机制的开关。
【P3P】属于 HTTP 相应首部,通过利用 P3P(The Platform forPrivacy Preferences,在线隐私偏好平台)技术,可以让 Web 网站上的个人隐私变成一种仅供程序可理解的形式,以达到保护用户隐私的目的。