First, what is HTTP?

Hypertext Transfer Protocol (HTTP) protocol (RFC7230)
a stateless, application layer protocol to request / response operation that uses extensible, self-describing message formats and semantics, and hypertext information system network based on flexible interactive.

Two, HTTP request and response line row

Format request line (the ABNF described)

Request-line = method SP request-target SP HTTP-version CRLF

HTTP common method (RFC7231)

GET：主要的获取信息方法，大量的性能优化都针对该方法，幂等方法
HEAD：类似GET方法，但服务器不发送BODY，用以获取HEAD元数据，幂等方法
POST：常用于提交HTML FORM表单、新增资源等
PUT：更新资源，带条件时是幂等方法
DELETE：删除资源，幂等方法
CONNECT：建立tunnel隧道
OPTIONS：显示服务器对访问资源支持的方法，幂等方法
TRACE：回显服务器收到的请求，用于定位问题。有安全风险

Request-target

origin-form：后端请求资源的路径，为空时传递/
absolute-form：用于正向代理
authority-form：用于CONNECT方法
asterisk-form：用于OPTIONS方法

HTTP-version development version history

HTTP/0.9：只支持GET，已过时
HTTP/1.0：RFC1945，1996，常见使用于代理服务器（例如NGINX默认配置）
HTTP/1.1：RFC2616，1999
HTTP/2.0：2015.5 正式发布

Response line format (the ABNF described)

Status-line = HTTP-version SP status-code SP reason-phrase CRLF
    status-code = 3DIGIT
        Reason-phrase=*（HTAB/SP/VCHAR/obs-text）

Status-code (response code) Classification

Response code specification: RFC6585 (2012.4) RFC7231 (2014.6)
1xx: The request has been received, further processing is required to complete, HTTP1.0 not supported

100 Continue: Before uploading large files
- Initiated by the client request carries Expect: 100-continue to trigger head
101 Switch Protocols: Protocol upgrade Use
- Initiated by the client request carries Upgrade: head trigger, such as upgrading websocket or http / 2.0
102 Processing: WedDAV request may contain many sub-requests design file operations take a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available. This prevents the client timeout, and assuming the request is lost.

2xx: Success processing requests

200 OK: successfully returns a response
201 Created: new resources are successfully created on the server side
202 Accepted: The server receives and begins processing the request, the request is outstanding completed. Such a vague concept is deliberately designed so you can cover more of the scene. Such as asynchronous' task requires a long processing time.
203 Non-Authoritative Information: When the proxy server to modify the original origin server when a response packet (e.g. replacement of element values in HTML), the proxy server 200 may modify 203 the fact that the way to inform the client side, the client facilitate make the appropriate treatment for this behavior. 203 response may be cached.
204 No Content: successful execution of the request does not carry the response packet body, and hinted that clients do not need to update the current page view
205 Reset Content: execution request without successful response packet carrying the body, and indicates the client to update the current page view
A partial response code is returned in response to the content using the protocol range: 206 Partial Content
207 Multi-Status: RFC4918, a plurality of resources in a return to XML protocol state WEBDAV
208 Already Reported: RFC5842, in order to avoid repeating the same set of resources reported in the response code 207, 208 can use the response code of the parent collection

3xx: Redirection of resources directed to use Location or cache resources. Provisions redirect the client should not exceed five times the number in RFC2068, to prevent infinite loop

300 Multiple Choices: There are many resources to express, through 300 returned to the client at its option, what kind of expression access. Due to the lack of specific details are rarely used 300
301 Moved Permanently: Permanent resources redirected to another URI,
302 Found: temporary redirect resources to another URI,
303 See Other: redirect to other resources, commonly used in POST / PUT or the like in the response
304 Not Modified: When the client may have expired cache, the cache will carry identification etag, time and other information can still ask whether the server cache reuse, and 304 is to tell the client cache can be reused
307 Temporary Redirect: 302 similar, but the method must explicitly redirect request requesting the same manner as the original can not be altered
308 Permanent Redirect: similar to the 301, but the method must explicitly redirect request in the same manner as the original request, shall not be changed

4xx: Client error occurs

400 Bad Request: think client server error occurred, but can not clearly determine the use of this kind of error error code is less. For example, the HTTP request is malformed
401 Unauthorized: user authentication information is missing or incorrect, causing the server to process the request
407 Proxy Authentication Required: the need to verify the request via proxy authentication information through the proxy server is not
403 Forbidden: understanding the meaning of server requests, but does not have permission to perform this request
404 Not Found: The server does not find the corresponding resource
410 Gone: The server does not find the corresponding resources, and know exactly the location of the resource can not find permanent
405 Method Not Allowed: the server does not support the method of the method of the request line
406 Not Acceptable: the client specified resource representation is present (for example, requirements of the language or code), the server returns the list of representation for clients to choose
408 Request Timeout: the server receiving a request timeout
409 Conflict: resource conflicts, such as the target location has been updated version of the resource exists when uploading files
411 Length Required: if the request contains inclusions and not carrying Content-Length header, does not belong to the class chunk request, returns 411
412 Precondition Failed: when multiplexing transmission buffer If-Unmodified-Since or If-None-Match header is not satisfied
413 Payload Too Large / Request Entity Too Large: requested packet exceeds the maximum length of the body server can handle
414 URI Too Long: URI requested length exceeds the maximum acceptable server
415 Unsupported Media Type: The uploaded file type is not supported server
416 Range Not Satisfiable: not available for the period specified in the request packet body Range of
For the case when the response code Expect request header can not meet expectations: 417 Expectation Failed
421 Misdirected Request: server believes the request should not be sent to it, because he has no capacity to deal with
426 Upgrade Required: The server is refusing to provide services based on the current HTTP protocol, the protocol must be upgraded in order to continue processing the client informed by the head Upgrade
428 Precondition Required: the user requests deletion of a class head conditions, such as If-Match
429 Too Many Requests: client sends a request rate is too fast
431 Request Header Fields Too Large: request header size exceeds the limit HEADER
451 Unavailable For Legal Reasons: RFC7725, for legal reasons resources are not accessible

5xx: server-side error occurs

500 Internal Server Error: Internal server error, and does not belong to the following types of errors
501 Not Implemented: The server does not support the achievement of the desired feature request
502 Bad Gateway: the proxy server can not obtain legitimate response
503 Service Unavailable: the server resources are not yet ready to handle the current request
504 Gateway Timeout: the proxy server can not get a timely response from the upstream
505 HTTP Version Not Supported: request using HTTP protocol version does not support
507 Insufficient Storage: Server processing request is not enough space
508 Loop Detected: resource access cycle is detected
511 Network Authentication Required: the proxy server found a client needs to authenticate to get access to the network

三、HTTP/1.1

1, connection head

connection: keep-alive long link (HTTP / 1.1 default long connection, keep-alive meaningless)
Connection: Close short connection

2, host head

HTTP / 1.1 specification requirements, the Host header 400 does not transmit an error code is returned in response to
host http header for routing the message server
Host header of the message routing

1、建立TCP连接
    确定服务器的IP地址
2、接收请求
3、寻找虚拟主机
    匹配Host头部与域名
4、寻找URI的处理代码
    匹配URI
5、执行处理请求的代码
    访问资源
6、生成HTTP响应
    各中间件基于PF架构串行修改响应
7、发送HTTP响应
8、记录访问日志

3, when the head of the proxy server forwards the message

X-Forwarded-For: a proxy server for transmitting the IP
X-Real-the IP-: for transmitting user the IP
Max-the Forwards: Proxy limit the maximum number of forward proxy, only TRACE / OPTIONS method is effective
Via: After the specified proxy server the name and version of the
Cache-Control: prohibit proxy server to modify the response packet body

4, the head context request and response

User-Agent: specify the type of client information, the server could then make choices on the representation of the resource
Referer: browser requests a page from automatically add the head
From: mainly used for web crawler, how to tell the server to contact by e-mail the person in charge crawlers
server: on the specified server information software used to help clients locate problems or statistical data
allow: the implementation of telling the client, which methods on the server corresponding to the URI resources permit
Accept-Ranges: tell the client the server requests the resource is allowed range (only allow the server to transmit a response packet to the body portion to the client based on the request of the client, and the client automatically combining a plurality of packet fragments into a complete body of a larger volume of inclusions)

5, content negotiation and resource representation

Accept-Encoding: content encoding, mainly refers to the compression algorithm negotiation
Accept-Language: language negotiation
Content-type: resource representation, media type, encoding
Content-encoding: resource representation, content encoding
Content-Language: resource representation, language

6, HTTP header packet transmission member

Content-Length: using Content-Length header clear that the length packet
Transfer-Encoding: Chunk specified using transmission mode, Content-Length header should be ignored Transfer-Encoding header containing the
TE header: the client request statement whether to accept the head Trailer
Trailer head: server inform the next chunk packet transmission experience which head Trailer

        以下头部不允许出现在Trailer 的值中：
        用于信息分帧的首部（例如Transfer-Encoding 和Content-Length）
        用于路由用途的首部（例如Host）
        请求修饰首部（例如控制类和条件类的，如Cache-Control， Max-Forwards， 或者TE）
        身份验证首部（例如Authorization或者Set-Cookie）
        Content-Encoding， Content-Type， Content-Range， 以及Trailer 自身

7, Content-Disposition header (RFC6266)

= of the type-Disposition "inline" | "Attachment" | the DISP-EXT-of the type
inline: Specifies the inclusion inline inline mode is, as part of a page
attachment: Specifies the browser inclusion as an attachment to download
the multipart / form-data type response, the message may be a sub-portion

8, Cookie and Set-Cookie header

Cookie-header: Cookie header can be stored in a plurality of name / value name-value pairs
Set-Cookie: Set-Cookie header can only pass a name / value name-value pairs in the response header may include a plurality of

9, cross-domain requests a resource request header

Access-Control-Request-Method: In preflight preflight request (the OPTIONS), telling the server which requests the next method
Access-Control-Request-Headers: preflight preflight in the request (the OPTIONS), telling the server next the head-related transfer requests which

10, cross-domain resource request response header

Access-Control-Allow-Methods: In response preflight preflight request, to inform the client side method allows subsequent requests to use
Access-Control-Allow-Headers: in response preflight preflight request, the subsequent request to inform the client allowed the head of
Access-Control-Max-Age: in response preflight preflight request to inform the client can cache the response information how long
Access-Control-Expose-Headers: response header tells the browser which can be used for client use , by default, only Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma available.
access-Control-the allow-Origin: tell the browser which domains are allowed access to current resources, * denotes allow all area. To avoid confusion cache, the response needs to carry Vary: Origin
Access-Control-the Allow-Credentials: You can tell the browser whether Credentials exposed to the client use, Credentials include cookie, authorization class head, TLS certificate.

11, the authenticator response header

Etag: the current resource representation is given tag
Last-Modified: indicates that the corresponding resource representation Last Modified

12, verification request and response header

Verification request
if the cache contains a Last-Modified response header

If-Unmodified-Since
If-Modified-Since
If-Range

If the cached response Etag header comprising

If-None-Match
If-Match
If-Range

13, cache-related head

Age: Age expressed from the source server sends a response (or authentication cache expires), over which the response sent seconds using cache
Cache-Control: cache control header
value Cache-Control header in the request

Max-age：告诉服务器，客户端不会接受Age超出max-age秒的缓存
Max-stale：告诉服务器，即使缓存不再新鲜，但陈旧秒数没有超出max-stale时，客户端扔打算使用。若max-stale后没有值，则表示无论过期多久客户端都可使用
Min-fresh：告诉服务器，Age至少经过min-fresh秒后缓存才可使用
No-cache：告诉服务器，不能直接使用已有缓存作为响应返回，除非带着缓存条件到上游服务端得到304验证返回码才可使用现有缓存
No-store：告诉各代理服务器不要对该请求的响应缓存（实际有不少不遵守该规定的代理服务器）
No-transform：告诉代理服务器不要修改消息包体的内容
Only-if-cached：告诉服务器仅能返回缓存的响应，否则若没有缓存则返回504错误码

Cache-Control header value in the response

Must-revalidate：告诉客户端一旦缓存过期，必须向服务器验证后才可使用
Proxy-revalidate：与Must-revalidate类似，但它仅对代理服务器的共享缓存有效
No-cache：告诉客户端不能直接使用缓存的响应，使用前必须在源服务器验证得到304返回码。如果no-cache后指定头部，则若客户端的后续请求及响应中不含有这些头则可直接使用缓存
Max-age：告诉客户端缓存Age超出max-age秒后则缓存过期
S-maxage：与max-age相似，但仅对共享缓存，且优先级高于max-age和Expires
public：表示无论私有缓存或者共享缓存，皆可将该响应缓存
private：表示该响应不能被代理服务器作为共享缓存使用。若private后指定头部，则在告诉代理服务器不能缓存指定的头部，但可缓存其他部分
No-store：告诉所有下游节点不能对响应进行缓存
No-transform：告诉代理服务器不能修改消息包体的内容

14, redirection head

Location: When the browser receives the redirect response code, you need to read the response of the head of the head Location, access to the new URI and then jump to access the page

reference article: http://taohui.pub/

HTTP exploration beginner training