Package tech.becoming.common.constants

Class HttpHeader

  • public class HttpHeader
extends java.lang.Object
    Headers can be grouped according to their contexts:

    General headers apply to both requests and responses, but with no relation to the data transmitted in the body.
    Request headers contain more information about the resource to be fetched, or about the client requesting the resource.
    Response headers hold additional information about the response, like its location or about the server providing it.
    Entity headers contain information about the body of the resource, like its content length or MIME type.
    Other groupings are available.
    See Also:
    HTTP headers

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String Accept
      Content negotiation
      Request header

      Informs the server about the types of data that can be sent back.
      static java.lang.String ACCEPT_CH
      Client hints
      Response header
      HTML5

      Servers can advertise support for Client Hints using the Accept-CH header field or an equivalent HTML <metq> element with http-equiv attribute
      static java.lang.String ACCEPT_CH_LIFETIME
      Client hints
      Response header

      Servers can ask the client to remember the set of Client Hints that the server supports for a specified period of time, to enable delivery of Client Hints on subsequent requests to the server’s origin (RFC6454).
      static java.lang.String ACCEPT_CHARSET
      Content negotiation
      Request header

      Which character encodings the client understands.
      static java.lang.String ACCEPT_ENCODING
      Content negotiation
      Request header

      The encoding algorithm, usually a compression algorithm, that can be used on the resource sent back.
      static java.lang.String ACCEPT_LANGUAGE
      Content negotiation
      Request header

      Informs the server about the human language the server is expected to send back.
      static java.lang.String ACCEPT_PUSH_POLICY
      Other A client can express the desired push policy for a request by sending an Accept-Push-Policy header field in the request.
      static java.lang.String ACCEPT_RANGES
      Range requests
      Response header

      Indicates if the server supports range requests, and if so in which unit the range can be expressed.
      static java.lang.String ACCEPT_SIGNATURE
      Other A client can send the Accept-Signature header field to indicate intention to take advantage of any available signatures and to indicate what kinds of signatures it supports.
      static java.lang.String ACCESS_CONTROL_ALLOW_CREDENTIALS
      CORS
      Response header

      Indicates whether the response to the request can be exposed when the credentials flag is true.
      static java.lang.String ACCESS_CONTROL_ALLOW_HEADERS
      CORS
      Response header

      Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
      static java.lang.String ACCESS_CONTROL_ALLOW_METHODS
      CORS
      Response header

      Specifies the methods allowed when accessing the resource in response to a preflight request.
      static java.lang.String ACCESS_CONTROL_ALLOW_ORIGIN
      CORS
      Response header

      Indicates whether the response can be shared.
      static java.lang.String ACCESS_CONTROL_EXPOSE_HEADERS
      CORS
      Response header

      Indicates which headers can be exposed as part of the response by listing their names.
      static java.lang.String ACCESS_CONTROL_MAX_AGE
      CORS
      Response header

      Indicates how long the results of a preflight request can be cached.
      static java.lang.String ACCESS_CONTROL_REQUEST_HEADERS
      CORS
      Request header

      Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made.
      static java.lang.String ACCESS_CONTROL_REQUEST_METHOD
      CORS
      Request header

      Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made.
      static java.lang.String AGE
      Caching
      Response header

      The time, in seconds, that the object has been in a proxy cache.
      static java.lang.String ALLOW
      Response context
      Entity header

      Lists the set of HTTP request methods supported by a resource.
      static java.lang.String ALT_SVC
      Other

      Used to list alternate ways to reach this service.
      static java.lang.String AUTHORIZATION
      Authentication
      Request header

      Contains the credentials to authenticate a user-agent with a server.
      static java.lang.String CACHE_CONTROL
      Caching
      General header

      Directives for caching mechanisms in both requests and responses.
      static java.lang.String CLEAR_SITE_DATA
      Caching
      Response header

      Clears browsing data (e.g. cookies, storage, cache) associated with the requesting website.
      static java.lang.String CONNECTION
      Connection management
      General header

      Controls whether the network connection stays open after the current transaction finishes.
      static java.lang.String CONTENT_DISPOSITION
      Downloads
      Response header (for the main body)
      General header (for a subpart of a multipart

      Indicates if the resource transmitted should be displayed inline (default behavior without the header), or if it should be handled like a download and the browser should present a “Save As” dialog.
      static java.lang.String CONTENT_DPR
      Client hints

      A number that indicates the ratio between physical pixels over CSS pixels of the selected image response.
      static java.lang.String CONTENT_ENCODING
      Message body information
      Entity header

      Used to specify the compression algorithm.
      static java.lang.String CONTENT_LANGUAGE
      Message body information
      Entity header

      Describes the human language(s) intended for the audience, so that it allows a user to differentiate according to the users' own preferred language.
      static java.lang.String CONTENT_LENGTH
      Message body information
      Entity header

      The size of the resource, in decimal number of bytes.
      static java.lang.String CONTENT_LOCATION
      Message body information
      Entity header

      Indicates an alternate location for the returned data.
      static java.lang.String CONTENT_RANGE
      Range requests
      Response header

      Indicates where in a full body message a partial message belongs.
      static java.lang.String CONTENT_SECURITY_POLICY
      Security
      Response header

      Controls resources the user agent is allowed to load for a given page.
      static java.lang.String CONTENT_SECURITY_POLICY_REPORT_ONLY
      Security
      Response header

      Allows web developers to experiment with policies by monitoring, but not enforcing, their effects.
      static java.lang.String CONTENT_TYPE
      Message body information
      Entity header

      Indicates the media type of the resource.
      static java.lang.String COOKIE
      Cookies

      Contains stored HTTP cookies previously sent by the server with the Set-Cookie header.
      static java.lang.String COOKIE_2
      Deprecated.
      Cookies Contains an HTTP cookie previously sent by the server with the Set-Cookie2 header, but has been obsoleted.
      static java.lang.String CROSS_ORIGIN_EMBEDDER_POLICY
      Security

      Allows a server to declare an embedder policy for a given document.
      static java.lang.String CROSS_ORIGIN_OPENER_POLICY
      Security

      Prevents other domains from opening/controlling a window.
      static java.lang.String CROSS_ORIGIN_RESOURCE_POLICY
      Security
      Response header

      Prevents other domains from reading the response of the resources to which this header is applied.
      static java.lang.String Date
      Other

      Contains the date and time at which the message was originated.
      static java.lang.String DEVICE_MEMORY
      Client hints
      Request header

      Technically a part of Device Memory API, this header represents an approximate amount of RAM client has.
      static java.lang.String DNT
      Do Not Track
      Request header

      Expresses the user's tracking preference.
      static java.lang.String DPR
      Client hints
      Request header

      A number that indicates the client’s current Device Pixel Ratio (DPR), which is the ratio of physical pixels over CSS pixels (Section 5.2 of [CSSVAL]) of the layout viewport (Section 9.1.1 of [CSS2]) on the device.
      static java.lang.String EARLY_DATA
      Client hints
      Request header

      Indicates that the request has been conveyed in early data.
      static java.lang.String ETAG
      Conditionals
      Response header

      A unique string identifying the version of the resource.
      static java.lang.String EXPECT
      Controls
      Request header

      Indicates expectations that need to be fulfilled by the server to properly handle the request.
      static java.lang.String EXPECT_CT
      Security
      Response header

      Allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed.
      static java.lang.String EXPIRES
      Caching
      Response header

      The date/time after which the response is considered stale.
      static java.lang.String FEATURE_POLICY
      Security
      Response header

      Provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds.
      static java.lang.String FORWARDED
      Proxies
      Request header

      Contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request.
      static java.lang.String FROM
      Request context
      Request header

      Contains an Internet email address for a human user who controls the requesting user agent.
      static java.lang.String HOST
      Request context
      Request header

      Specifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening.
      static java.lang.String IF_MATCH
      Conditionals
      Request header

      Makes the request conditional, and applies the method only if the stored resource matches one of the given ETags.
      static java.lang.String IF_MODIFIED_SINCE
      Conditionals
      Request header

      Makes the request conditional, and expects the entity to be transmitted only if it has been modified after the given date.
      static java.lang.String IF_NONE_MATCH
      Conditionals
      Request header

      Makes the request conditional, and applies the method only if the stored resource doesn't match any of the given ETags.
      static java.lang.String IF_RANGE
      Range requests
      Request header

      Creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource.
      static java.lang.String IF_UNMODIFIED_SINCE
      Conditionals
      Request header

      Makes the request conditional, and expects the entity to be transmitted only if it has not been modified after the given date.
      static java.lang.String KEEP_ALIVE
      Connection management
      General header

      Controls how long a persistent connection should stay open.
      static java.lang.String LARGE_ALLOCATION
      Other
      Response header

      Tells the browser that the page being loaded is going to want to perform a large allocation.
      static java.lang.String LAST_EVENT_ID
      Server-sent events
      static java.lang.String LAST_MODIFIED
      Conditionals
      Response header

      The last modification date of the resource, used to compare several versions of the same resource.
      static java.lang.String LINK
      Other

      The Link entity-header field provides a means for serialising one or more links in HTTP headers.
      static java.lang.String LOCATION
      Redirects
      Response header

      Indicates the URL to redirect a page to.
      static java.lang.String NEL
      Server-sent events
      Response header

      Defines a mechanism that enables developers to declare a network error reporting policy.
      static java.lang.String ORIGIN
      CORS
      Request header

      Indicates where a fetch originates from.
      static java.lang.String PING_FROM
      Server-sent events
      static java.lang.String PING_TO  
      static java.lang.String PRAGMA
      Caching
      General header

      Implementation-specific header that may have various effects anywhere along the request-response chain.
      static java.lang.String PROXY_AUTHENTICATE
      Authentication
      Response header

      Defines the authentication method that should be used to access a resource behind a proxy server.
      static java.lang.String PROXY_AUTHORIZATION
      Authentication
      Request header

      Contains the credentials to authenticate a user agent with a proxy server.
      static java.lang.String PUBLIC_KEY_PINS
      Deprecated.
      Security
      HTTP Public Key Pinning (HPKP)

      Associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates.
      static java.lang.String PUBLIC_KEY_PINS_REPORT_ONLY
      Deprecated.
      Security
      HTTP Public Key Pinning (HPKP)
      Response header

      Sends reports to the report-uri specified in the header and does still allow clients to connect to the server even if the pinning is violated.
      static java.lang.String PUSH_POLICY
      Other

      A Push-Policy defines the server behaviour regarding push when processing a request.
      static java.lang.String RANGE
      Range requests
      Request header

      Indicates the part of a document that the server should return.
      static java.lang.String REFERER
      Request context
      Request header

      The address of the previous web page from which a link to the currently requested page was followed.
      static java.lang.String REFERRER_POLICY
      Request context
      Response header

      Governs which referrer information sent in the Referer header should be included with requests made.
      static java.lang.String REPORT_TO
      Server-sent events

      Used to specify a server endpoint for the browser to send warning and error reports to.
      static java.lang.String RETRY_AFTER
      Other

      Indicates how long the user agent should wait before making a follow-up request.
      static java.lang.String SAVE_DATA
      Client hints

      A boolean that indicates the user agent's preference for reduced data usage.
      static java.lang.String SEC_FETCH_DEST
      Security
      Fetch metadata request headers

      It is a request header that indicates the request's destination to a server.
      static java.lang.String SEC_FETCH_MODE
      Security
      Fetch metadata request headers

      It is a request header that indicates the request's mode to a server.
      static java.lang.String SEC_FETCH_SITE
      Security
      Fetch metadata request headers

      It is a request header that indicates the relationship between a request initiator's origin and its target's origin.
      static java.lang.String SEC_FETCH_USER
      Security
      Fetch metadata request headers

      It is a request header that indicates whether or not a navigation request was triggered by user activation.
      static java.lang.String SEC_WEBSOCKET_ACCEPT
      WebSockets
      static java.lang.String SEC_WEBSOCKET_EXTENSIONS
      WebSockets
      static java.lang.String SEC_WEBSOCKET_KEY
      WebSockets
      static java.lang.String SEC_WEBSOCKET_PROTOCOL
      WebSockets
      static java.lang.String SEC_WEBSOCKET_VERSION
      WebSockets
      static java.lang.String SERVER
      Response context
      Response header

      Contains information about the software used by the origin server to handle the request.
      static java.lang.String SERVER_TIMING
      Other

      Communicates one or more metrics and descriptions for the given request-response cycle.
      static java.lang.String SERVICE_WORKER_ALLOWED
      Other

      Used to remove the path restriction by including this header in the response of the Service Worker script.
      static java.lang.String SET_COOKIE
      Cookies
      Response header

      Send cookies from the server to the user-agent.
      static java.lang.String SET_COOKIE_2
      Deprecated.
      Cookies Contains an HTTP cookie previously sent by the server with the Set-Cookie2 header, but has been obsoleted.
      static java.lang.String SIGNATURE
      Other

      The Signature header field conveys a list of signatures for an exchange, each one accompanied by information about how to determine the authority of and refresh that signature.
      static java.lang.String SIGNED_HEADERS
      Other

      The Signed-Headers header field identifies an ordered list of response header fields to include in a signature.
      static java.lang.String SOURCEMAP
      Other
      Response header

      Links generated code to a source map.
      static java.lang.String STRICT_TRANSPORT_SECURITY
      Security
      Response header

      Force communication using HTTPS instead of HTTP.
      static java.lang.String TE
      Transfer Encoding
      Request header

      Specifies the transfer encodings the user agent is willing to accept.
      static java.lang.String TIMING_ALLOW_ORIGIN
      CORS
      Response header

      Specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions.
      static java.lang.String TK
      Do Not Track
      Response header

      Indicates the tracking status of the corresponding response.
      static java.lang.String TRAILER
      Transfer Encoding
      Response header

      Allows the sender to include additional fields at the end of chunked message.
      static java.lang.String TRANSFER_ENCODING
      Transfer coding
      Response header

      Specifies the form of encoding used to safely transfer the entity to the user.
      static java.lang.String UPGRADE
      Other

      The relevant RFC document for the Upgrade header field is RFC 7230, section 6.7.
      static java.lang.String UPGRADE_INSECURE_REQUESTS
      Security
      Request header

      Sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests directive.
      static java.lang.String USER_AGENT
      Request context
      Request header

      Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent.
      static java.lang.String VARY
      Conditionals
      Response header

      Determines how to match request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server.
      static java.lang.String VIA
      Proxies
      General header

      Added by proxies, both forward and reverse proxies, and can appear in the request headers and the response headers.
      static java.lang.String VIEWPORT_WIDTH
      Client hints

      A number that indicates the layout viewport width in CSS pixels.
      static java.lang.String WARNING
      Caching
      General header

      General warning information about possible problems.
      static java.lang.String WIDTH
      Client hints

      The Width request header field is a number that indicates the desired resource width in physical pixels (i.e. intrinsic size of an image).
      static java.lang.String WWW_AUTHENTICATE
      Authentication
      Response header

      Defines the authentication method that should be used to access a resource.
      static java.lang.String X_CONTENT_TYPE_OPTIONS
      Security
      Response header

      Disables MIME sniffing and forces browser to use the type given in Content-Type.
      static java.lang.String X_DNS_PREFETCH_CONTROL
      Other

      Controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
      static java.lang.String X_DOWNLOAD_OPTIONS
      Security

      The X-Download-Options HTTP header indicates that the browser (Internet Explorer) should not display the option to "Open" a file that has been downloaded from an application, to prevent phishing attacks as the file otherwise would gain access to execute in the context of the application.
      static java.lang.String X_FIREFOX_SPDY
      Deprecated.
      Other
      static java.lang.String X_FORWARDED_FOR
      Proxies
      Request header

      Identifies the originating IP addresses of a client connecting to a web server through an HTTP proxy or a load balancer.
      static java.lang.String X_FORWARDED_HOST
      Proxies
      Request header

      Identifies the original host requested that a client used to connect to your proxy or load balancer.
      static java.lang.String X_FORWARDED_PROTO
      Proxies
      Request header

      Identifies the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer.
      static java.lang.String X_FRAME_OPTIONS
      Security
      Response header
      static java.lang.String X_PERMITTED_CROSS_DOMAIN_POLICIES
      Security

      Specifies if a cross-domain policy file (crossdomain.xml) is allowed.
      static java.lang.String X_PINGBACK
      Other
      static java.lang.String X_POWERED_BY
      Security

      May be set by hosting environments or other frameworks and contains information about them while not providing any usefulness to the application or its visitors.
      static java.lang.String X_REQUESTED_WITH
      Other
      static java.lang.String X_ROBOTS_TAG
      Other

      The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results.
      static java.lang.String X_UA_COMPATIBLE
      Other

      Used by Internet Explorer to signal which document mode to use.
      static java.lang.String X_XSS_PROTECTION
      Security
      Response header

      Enables cross-site scripting filtering.

    • Method Summary

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • WWW_AUTHENTICATE

        public static final java.lang.String WWW_AUTHENTICATE
        Authentication
        Response header

        Defines the authentication method that should be used to access a resource. 
        
 WWW-Authenticate: <type> realm=<realm>
        See Also:
        Constant Field Values

      • AUTHORIZATION

        public static final java.lang.String AUTHORIZATION
        Authentication
        Request header

        Contains the credentials to authenticate a user-agent with a server. 
        
  Authorization: <type> <credentials>

        See Also:
        Constant Field Values

      • PROXY_AUTHENTICATE

        public static final java.lang.String PROXY_AUTHENTICATE
        Authentication
        Response header

        Defines the authentication method that should be used to access a resource behind a proxy server. 
        
 Proxy-Authenticate: <type> realm=<realm>
        See Also:
        Constant Field Values

      • PROXY_AUTHORIZATION

        public static final java.lang.String PROXY_AUTHORIZATION
        Authentication
        Request header

        Contains the credentials to authenticate a user agent with a proxy server. 
        
 Proxy-Authorization: <type> <credentials>
        See Also:
        Constant Field Values

      • AGE

        public static final java.lang.String AGE
        Caching
        Response header

        The time, in seconds, that the object has been in a proxy cache. 
        
 Age: <delta-seconds>
        See Also:
        Constant Field Values

      • CACHE_CONTROL

        public static final java.lang.String CACHE_CONTROL
        Caching
        General header

        Directives for caching mechanisms in both requests and responses. 
        
 Cache-Control: max-age=<seconds>
 Cache-Control: max-stale[=<seconds>]
 Cache-Control: min-fresh=<seconds>
 Cache-Control: no-cache
 Cache-Control: no-store
 Cache-Control: no-transform
 Cache-Control: only-if-cached
        See Also:
        Constant Field Values

      • CLEAR_SITE_DATA

        public static final java.lang.String CLEAR_SITE_DATA
        Caching
        Response header

        Clears browsing data (e.g. cookies, storage, cache) associated with the requesting website. 
        
 // Single directive
 Clear-Site-Data: "cache"

 // Multiple directives (comma separated)
 Clear-Site-Data: "cache", "cookies", "storage", "executionContexts"

 // Wild card
 Clear-Site-Data: "*"
        See Also:
        Directives, Constant Field Values

      • EXPIRES

        public static final java.lang.String EXPIRES
        Caching
        Response header

        The date/time after which the response is considered stale. 
        
 Expires: <http-date>
        See Also:
        Constant Field Values

      • PRAGMA

        public static final java.lang.String PRAGMA
        Caching
        General header

        Implementation-specific header that may have various effects anywhere along the request-response chain. Used for backwards compatibility with HTTP/1.0 caches where the Cache-Control header is not yet present.

        Note: Pragma is not specified for HTTP responses and is therefore not a reliable replacement for the general HTTP/1.1 Cache-Control header, although it does behave the same as Cache-Control: no-cache, if the Cache-Control header field is omitted in a request. Use Pragma only for backwards compatibility with HTTP/1.0 clients. 
        
 Pragma: no-cache
        See Also:
        Constant Field Values

      • WARNING

        public static final java.lang.String WARNING
        Caching
        General header

        General warning information about possible problems. 
        
 Warning: <warn-code> <warn-agent> <warn-text> [<warn-date>]
 Example:
 Warning: 110 anderson/1.3.37 "Response is stale"
 Warning: 112 - "cache down" "Wed, 21 Oct 2015 07:28:00 GMT"
        See Also:
        Directives, Constant Field Values

      • ACCEPT_CH

        public static final java.lang.String ACCEPT_CH
        Client hints
        Response header
        HTML5

        Servers can advertise support for Client Hints using the Accept-CH header field or an equivalent HTML <metq> element with http-equiv attribute 
        
 Accept-CH: <list of client hints>

 Examples
 Accept-CH: DPR, Viewport-Width
 Accept-CH: Width
 Accept-CH-Lifetime: 86400
 Vary: DPR, Viewport-Width, Width
        See Also:
        Constant Field Values

      • ACCEPT_CH_LIFETIME

        public static final java.lang.String ACCEPT_CH_LIFETIME
        Client hints
        Response header

        Servers can ask the client to remember the set of Client Hints that the server supports for a specified period of time, to enable delivery of Client Hints on subsequent requests to the server’s origin (RFC6454). 
        
 Accept-CH-Lifetime: <age>

 Examples
 Accept-CH: Viewport-Width, DPR
 Accept-CH-Lifetime: 86400
        See Also:
        Constant Field Values

      • EARLY_DATA

        public static final java.lang.String EARLY_DATA
        Client hints
        Request header

        Indicates that the request has been conveyed in early data. 
        
 Early-Data: 1
        See Also:
        Constant Field Values

      • CONTENT_DPR

        public static final java.lang.String CONTENT_DPR
        Client hints

        A number that indicates the ratio between physical pixels over CSS pixels of the selected image response.
        See Also:
        Constant Field Values

      • DPR

        public static final java.lang.String DPR
        Client hints
        Request header

        A number that indicates the client’s current Device Pixel Ratio (DPR), which is the ratio of physical pixels over CSS pixels (Section 5.2 of [CSSVAL]) of the layout viewport (Section 9.1.1 of [CSS2]) on the device. 
        
 DPR: <number>

 Examples
 Server first needs to opt in to receive DPR header by sending the response headers Accept-CH containing DPR and Accept-CH-Lifetime.

 Accept-CH: DPR
 Accept-CH-Lifetime: 86400

 Then on subsequent requests the client might send DPR header back:

 DPR: 1.0
        See Also:
        Constant Field Values

      • DEVICE_MEMORY

        public static final java.lang.String DEVICE_MEMORY
        Client hints
        Request header

        Technically a part of Device Memory API, this header represents an approximate amount of RAM client has. 
        
 Device-Memory: <number>

 Examples

 Server first needs to opt in to receive Device-Memory header by sending the response headers Accept-CH containing Device-Memory and Accept-CH-Lifetime.

 Accept-CH: Device-Memory
 Accept-CH-Lifetime: 86400

 Then on subsequent requests the client might send Device-Memory header back:

 Device-Memory: 1
        See Also:
        Constant Field Values

      • SAVE_DATA

        public static final java.lang.String SAVE_DATA
        Client hints

        A boolean that indicates the user agent's preference for reduced data usage. 
        
 Save-Data: <sd-token>

 <sd-token> A numerical value indicating whether the client wants to opt in to reduced data usage mode. "on" indicates yes, while "off" (the default) indicates no.
        See Also:
        Constant Field Values

      • VIEWPORT_WIDTH

        public static final java.lang.String VIEWPORT_WIDTH
        Client hints

        A number that indicates the layout viewport width in CSS pixels. The provided pixel value is a number rounded to the smallest following integer (i.e. ceiling value).

        If Viewport-Width occurs in a message more than once, the last value overrides all previous occurrences.
        See Also:
        Constant Field Values

      • WIDTH

        public static final java.lang.String WIDTH
        Client hints

        The Width request header field is a number that indicates the desired resource width in physical pixels (i.e. intrinsic size of an image). The provided pixel value is a number rounded to the smallest following integer (i.e. ceiling value).

        If the desired resource width is not known at the time of the request or the resource does not have a display width, the Width header field can be omitted. If Width occurs in a message more than once, the last value overrides all previous occurrences
        See Also:
        Constant Field Values

      • LAST_MODIFIED

        public static final java.lang.String LAST_MODIFIED
        Conditionals
        Response header

        The last modification date of the resource, used to compare several versions of the same resource. It is less accurate than ETag, but easier to calculate in some environments. Conditional requests using If-Modified-Since and If-Unmodified-Since use this value to change the behavior of the request. 
        
 Last-Modified: &lt;day-name&gt;, &lt;day&gt; &lt;month&gt; &lt;year&gt; &lt;hour&gt;:&lt;minute&gt;:&lt;second&gt; GMT

 <month> One of "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" (case sensitive).

 Examples

 Last-Modified: Wed, 21 Oct 2015 07:28:00 GMT
 Last-Modified: Wed, 04 Jan 2015 07:28:00 GMT
        See Also:
        Directives, Constant Field Values

      • ETAG

        public static final java.lang.String ETAG
        Conditionals
        Response header

        A unique string identifying the version of the resource. Conditional requests using If-Match and If-None-Match use this value to change the behavior of the request. 
        
 ETag: W/"<etag_value>"
 ETag: "<etag_value>"

 Examples

 ETag: "33a64df551425fcc55e4d42a148795d9f25f89d4"
 ETag: W/"0815"
        Directives
        See Also:
        Constant Field Values

      • IF_MATCH

        public static final java.lang.String IF_MATCH
        Conditionals
        Request header

        Makes the request conditional, and applies the method only if the stored resource matches one of the given ETags. 
        
 If-Match: <etag_value>
 If-Match: <etag_value>, <etag_value>, …

 <etag_value> Entity tags uniquely representing the requested
 resources. They are a string of ASCII characters placed
 between double quotes (like "675af34563dc-tr34").
 They may be prefixed by W/ to indicate that they are "weak",
 i.e. that they represent the resource semantically,
 but not byte-for-byte. However, in an If-Match header,
 weak entity tags will never match.

 Examples

 If-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
 If-Match: "67ab43", "54ed21", "7892dd"
 If-Match: *
        See Also:
        Constant Field Values

      • IF_NONE_MATCH

        public static final java.lang.String IF_NONE_MATCH
        Conditionals
        Request header

        Makes the request conditional, and applies the method only if the stored resource doesn't match any of the given ETags. This is used to update caches (for safe requests), or to prevent to upload a new resource when one already exists. 
        
 If-None-Match: "<etag_value>"
 If-None-Match: "<etag_value>", "<etag_value>", …
 If-None-Match: *

 Examples

 If-None-Match: "bfc13a64729c4290ef5b2c2730249c88ca92d82d"
 If-None-Match: W/"67ab43", "54ed21", "7892dd"
 If-None-Match: *
        See Also:
        Constant Field Values

      • IF_MODIFIED_SINCE

        public static final java.lang.String IF_MODIFIED_SINCE
        Conditionals
        Request header

        Makes the request conditional, and expects the entity to be transmitted only if it has been modified after the given date. This is used to transmit data only when the cache is out of date. 
        
 If-Modified-Since: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT

 Examples

 If-Modified-Since: Wed, 21 Oct 2015 07:28:00 GMT
        See Also:
        Directives, Constant Field Values

      • IF_UNMODIFIED_SINCE

        public static final java.lang.String IF_UNMODIFIED_SINCE
        Conditionals
        Request header

        Makes the request conditional, and expects the entity to be transmitted only if it has not been modified after the given date. This ensures the coherence of a new fragment of a specific range with previous ones, or to implement an optimistic concurrency control system when modifying existing documents. 
        
 If-Unmodified-Since: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT

 Examples

 If-Unmodified-Since: Wed, 21 Oct 2015 07:28:00 GMT
        See Also:
        Directives, Constant Field Values

      • VARY

        public static final java.lang.String VARY
        Conditionals
        Response header

        Determines how to match request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. 
        
 Vary: *
 Vary: <header-name>, <header-name>, ...

 Examples
 Dynamic serving

 When using the Vary: User-Agent header, caching servers should
 consider the user agent when deciding whether to serve the page
 from cache. For example, if you are serving different content
 to mobile users, it can help you to avoid that a cache may
 mistakenly serve a desktop version of your site to
 your mobile users. It can help Google and other
 search engines to discover the mobile version of a page,
 and might also tell them that no Cloaking is intended.

 Vary: User-Agent
        See Also:
        Constant Field Values

      • CONNECTION

        public static final java.lang.String CONNECTION
        Connection management
        General header

        Controls whether the network connection stays open after the current transaction finishes. 
        
 Connection: keep-alive
 Connection: close
        See Also:
        Constant Field Values

      • KEEP_ALIVE

        public static final java.lang.String KEEP_ALIVE
        Connection management
        General header

        Controls how long a persistent connection should stay open. 
        
 Keep-Alive: parameters

 Examples

 A response containing a Keep-Alive header:

 HTTP/1.1 200 OK
 Connection: Keep-Alive
 Content-Encoding: gzip
 Content-Type: text/html; charset=utf-8
 Date: Thu, 11 Aug 2016 15:23:13 GMT
 Keep-Alive: timeout=5, max=1000
 Last-Modified: Mon, 25 Jul 2016 04:32:39 GMT
 Server: Apache

 (body)
        See Also:
        Directives, Constant Field Values

      • Accept

        public static final java.lang.String Accept
        Content negotiation
        Request header

        Informs the server about the types of data that can be sent back. 
        
 Accept: <MIME_type>/<MIME_subtype>
 Accept: <MIME_type>/*
 Accept: * / *
 --> no spaces between wildcard and slash

 // Multiple types, weighted with the quality value syntax:
 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp, * / *;q=0.8

 Examples

 Accept: text/html

 Accept: image/*

 // General default
 Accept: * / *
 --> no spaces between wildcard and slash

 // Default for navigation requests
 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,* / *;q=0.8
        See Also:
        Constant Field Values

      • ACCEPT_CHARSET

        public static final java.lang.String ACCEPT_CHARSET
        Content negotiation
        Request header

        Which character encodings the client understands. 
        
 Accept-Charset: <charset>

 // Multiple types, weighted with the quality value syntax:
 Accept-Charset: utf-8, iso-8859-1;q=0.5

 Examples

 Accept-Charset: iso-8859-1
 Accept-Charset: utf-8, iso-8859-1;q=0.5
 Accept-Charset: utf-8, iso-8859-1;q=0.5, *;q=0.1
        See Also:
        Constant Field Values

      • ACCEPT_ENCODING

        public static final java.lang.String ACCEPT_ENCODING
        Content negotiation
        Request header

        The encoding algorithm, usually a compression algorithm, that can be used on the resource sent back. 
        
 Accept-Encoding: gzip
 Accept-Encoding: compress
 Accept-Encoding: deflate
 Accept-Encoding: br
 Accept-Encoding: identity
 Accept-Encoding: *

 // Multiple algorithms, weighted with the quality value syntax:
 Accept-Encoding: deflate, gzip;q=1.0, *;q=0.5

 Examples

 Accept-Encoding: gzip
 Accept-Encoding: gzip, compress, br
 Accept-Encoding: br;q=1.0, gzip;q=0.8, *;q=0.1
        See Also:
        Constant Field Values

      • ACCEPT_LANGUAGE

        public static final java.lang.String ACCEPT_LANGUAGE
        Content negotiation
        Request header

        Informs the server about the human language the server is expected to send back. This is a hint and is not necessarily under the full control of the user: the server should always pay attention not to override an explicit user choice (like selecting a language from a dropdown). 
        
 Accept-Language: <language>
 Accept-Language: *

 // Multiple types, weighted with the quality value syntax:
 Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5

 Examples

 Accept-Language: de
 Accept-Language: de-CH
 Accept-Language: en-US,en;q=0.5
        See Also:
        Constant Field Values

      • EXPECT

        public static final java.lang.String EXPECT
        Controls
        Request header

        Indicates expectations that need to be fulfilled by the server to properly handle the request. 
        
 Expect: 100-continue

        Examples
        Large message body
        A client sends a request with a Expect header and waits for the server to respond before sending the message body.
        PUT /somewhere/fun HTTP/1.1
        Host: origin.example.com
        Content-Type: video/h264
        Content-Length: 1234567890987
        Expect: 100-continue

        The server now checks the request headers and may respond with a 100 (Continue) response to instruct the client to go ahead and send the message body, or it will send a 417 (Expectation Failed) status if any of the expectations cannot be met.
        See Also:
        Constant Field Values

      • COOKIE

        public static final java.lang.String COOKIE
        Cookies

        Contains stored HTTP cookies previously sent by the server with the Set-Cookie header. 
        
 Cookie: <cookie-list>
 Cookie: name=value
 Cookie: name=value; name2=value2; name3=value3

 Examples

 Cookie: PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1;
        See Also:
        Constant Field Values

      • SET_COOKIE

        public static final java.lang.String SET_COOKIE
        Cookies
        Response header

        Send cookies from the server to the user-agent. 
        
 Set-Cookie: <cookie-name>=<cookie-value>
 Set-Cookie: <cookie-name>=<cookie-value>; Expires=<date>
 Set-Cookie: <cookie-name>=<cookie-value>; Max-Age=<non-zero-digit>
 Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>
 Set-Cookie: <cookie-name>=<cookie-value>; Path=<path-value>
 Set-Cookie: <cookie-name>=<cookie-value>; Secure
 Set-Cookie: <cookie-name>=<cookie-value>; HttpOnly

 Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict
 Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Lax
 Set-Cookie: <cookie-name>=<cookie-value>; SameSite=None

 // Multiple directives are also possible, for example:
 Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly

 Examples
 Session cookie

 Session cookies are removed when the client shuts down. Cookies are session cookies if they don't specify the Expires or Max-Age directives.

 Set-Cookie: sessionId=38afes7a8

 Permanent cookie

 Instead of expiring when the client is closed, permanent cookies expire at a specific date (Expires) or after a specific length of time (Max-Age).

 Set-Cookie: id=a3fWa; Expires=Wed, 21 Oct 2015 07:28:00 GMT

 Set-Cookie: id=a3fWa; Max-Age=2592000
        See Also:
        Directives, Constant Field Values

      • COOKIE_2

        @Deprecated
public static final java.lang.String COOKIE_2
        Deprecated.
        Cookies Contains an HTTP cookie previously sent by the server with the Set-Cookie2 header, but has been obsoleted. Use Cookie instead
        See Also:
        Constant Field Values

      • SET_COOKIE_2

        @Deprecated
public static final java.lang.String SET_COOKIE_2
        Deprecated.
        Cookies Contains an HTTP cookie previously sent by the server with the Set-Cookie2 header, but has been obsoleted. Use Cookie instead
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_ALLOW_ORIGIN

        public static final java.lang.String ACCESS_CONTROL_ALLOW_ORIGIN
        CORS
        Response header

        Indicates whether the response can be shared. 
        
 Access-Control-Allow-Origin: *
 Access-Control-Allow-Origin: <origin>
 Access-Control-Allow-Origin: null

 Examples

 Access-Control-Allow-Origin: *
 Access-Control-Allow-Origin: https://developer.mozilla.org
        See Also:
        Directives, Constant Field Values

      • ACCESS_CONTROL_ALLOW_CREDENTIALS

        public static final java.lang.String ACCESS_CONTROL_ALLOW_CREDENTIALS
        CORS
        Response header

        Indicates whether the response to the request can be exposed when the credentials flag is true. 
        
 Access-Control-Allow-Credentials: true

 Examples

 Allow credentials:

 Access-Control-Allow-Credentials: true

 Using XHR with credentials:

 var xhr = new XMLHttpRequest();
 xhr.open('GET', 'http://example.com/', true);
 xhr.withCredentials = true;
 xhr.send(null);

 Using Fetch with credentials:

 fetch(url, {
   credentials: 'include'
 })
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_ALLOW_HEADERS

        public static final java.lang.String ACCESS_CONTROL_ALLOW_HEADERS
        CORS
        Response header

        Used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. 
        
 Access-Control-Allow-Headers: <header-name>[, <header-name>]*
 Access-Control-Allow-Headers: *

 Examples

 Access-Control-Allow-Headers: X-Custom-Header
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_ALLOW_METHODS

        public static final java.lang.String ACCESS_CONTROL_ALLOW_METHODS
        CORS
        Response header

        Specifies the methods allowed when accessing the resource in response to a preflight request. 
        
 Access-Control-Allow-Methods: <method>, <method>, ...
 Access-Control-Allow-Methods: *

 Examples

 Access-Control-Allow-Methods: POST, GET, OPTIONS
 Access-Control-Allow-Methods: *
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_EXPOSE_HEADERS

        public static final java.lang.String ACCESS_CONTROL_EXPOSE_HEADERS
        CORS
        Response header

        Indicates which headers can be exposed as part of the response by listing their names. 
        
 Access-Control-Expose-Headers: <header-name>, <header-name>, ...
 Access-Control-Expose-Headers: *

 Examples

 To expose a non-CORS-safelisted request header,
 you can specify:

 Access-Control-Expose-Headers: Content-Length

 To additionally expose a custom header,
 like X-Kuma-Revision, you can specify
 multiple headers separated by a comma:

 Access-Control-Expose-Headers: Content-Length, X-Kuma-Revision

 In requests without credentials,
 you can also use a wildcard value:

 Access-Control-Expose-Headers: *

 However, this won't wildcard the Authorization header,
 so if you need to expose that,
 you will need to list it explicitly:

 Access-Control-Expose-Headers: *, Authorization
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_MAX_AGE

        public static final java.lang.String ACCESS_CONTROL_MAX_AGE
        CORS
        Response header

        Indicates how long the results of a preflight request can be cached. 
        
 Access-Control-Max-Age: <delta-seconds>

     Examples

 Cache results of a preflight request for 10 minutes:

 Access-Control-Max-Age: 600
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_REQUEST_HEADERS

        public static final java.lang.String ACCESS_CONTROL_REQUEST_HEADERS
        CORS
        Request header

        Used when issuing a preflight request to let the server know which HTTP headers will be used when the actual request is made. 
        
 Access-Control-Request-Headers: <header-name>, <header-name>, ...

 Examples

 Access-Control-Request-Headers: X-PINGOTHER, Content-Type
        See Also:
        Constant Field Values

      • ACCESS_CONTROL_REQUEST_METHOD

        public static final java.lang.String ACCESS_CONTROL_REQUEST_METHOD
        CORS
        Request header

        Used when issuing a preflight request to let the server know which HTTP method will be used when the actual request is made. 
        
 Access-Control-Request-Method: <method>

 Examples

 Access-Control-Request-Method: POST
        See Also:
        Constant Field Values

      • ORIGIN

        public static final java.lang.String ORIGIN
        CORS
        Request header

        Indicates where a fetch originates from. 
        
 Origin: null
 Origin: <scheme> "://" <hostname> [ ":" <port> ]

 Examples

 Origin: https://developer.mozilla.org
        See Also:
        Constant Field Values

      • TIMING_ALLOW_ORIGIN

        public static final java.lang.String TIMING_ALLOW_ORIGIN
        CORS
        Response header

        Specifies origins that are allowed to see values of attributes retrieved via features of the Resource Timing API, which would otherwise be reported as zero due to cross-origin restrictions. 
        
 Timing-Allow-Origin: *
 Timing-Allow-Origin: <origin>[, <origin>]*

 Examples

 To allow any resource to see timing resources:

 Timing-Allow-Origin: *

 To allow https://developer.mozilla.org
 to see timing resources, you can specify:

 Timing-Allow-Origin: https://developer.mozilla.org
        See Also:
        Constant Field Values

      • DNT

        public static final java.lang.String DNT
        Do Not Track
        Request header

        Expresses the user's tracking preference. 
        
 DNT: 0
 DNT: 1

 Examples
 Reading Do Not Track status from JavaScript

 The user's DNT preference can also be read
 from JavaScript using the
 Navigator.doNotTrack property:

 navigator.doNotTrack; // "0" or "1"
        See Also:
        Constant Field Values

      • TK

        public static final java.lang.String TK
        Do Not Track
        Response header

        Indicates the tracking status of the corresponding response. 
        
 Tk: !  (under construction)
 Tk: ?  (dynamic)
 Tk: G  (gateway or multiple parties)
 Tk: N  (not tracking)
 Tk: T  (tracking)
 Tk: C  (tracking with consent)
 Tk: P  (potential consent)
 Tk: D  (disregarding DNT)
 Tk: U  (updated)

 Examples

 A Tk header for a resource that claims
 not to be tracking would look like:

 Tk: N
        See Also:
        Constant Field Values

      • CONTENT_DISPOSITION

        public static final java.lang.String CONTENT_DISPOSITION
        Downloads
        Response header (for the main body)
        General header (for a subpart of a multipart

        Indicates if the resource transmitted should be displayed inline (default behavior without the header), or if it should be handled like a download and the browser should present a “Save As” dialog. 
        
 As a response header for the main body

 Content-Disposition: inline
 Content-Disposition: attachment
 Content-Disposition: attachment; filename="filename.jpg"

 As a header for a multipart body

 Content-Disposition: form-data
 Content-Disposition: form-data; name="fieldName"
 Content-Disposition: form-data; name="fieldName"; filename="filename.jpg"

 Examples

 A response triggering the "Save As" dialog:

 200 OK
 Content-Type: text/html; charset=utf-8
 Content-Disposition: attachment; filename="cool.html"
 Content-Length: 21

 <HTML>Save me!</HTML>

 -------------------------

 An example of an HTML form posted
 using the multipart/form-data format
 that makes use of the Content-Disposition header:

 POST /test.html HTTP/1.1
 Host: example.org
 Content-Type: multipart/form-data;boundary="boundary"

 --boundary
 Content-Disposition: form-data; name="field1"

 value1
 --boundary
 Content-Disposition: form-data; name="field2"; filename="example.txt"

 value2
 --boundary--
        See Also:
        Constant Field Values

      • CONTENT_LENGTH

        public static final java.lang.String CONTENT_LENGTH
        Message body information
        Entity header

        The size of the resource, in decimal number of bytes. 
        
 Content-Length: <length>

 <length> The length in decimal number of octets.
        See Also:
        Constant Field Values

      • CONTENT_TYPE

        public static final java.lang.String CONTENT_TYPE
        Message body information
        Entity header

        Indicates the media type of the resource. 
        
 Content-Type: text/html; charset=UTF-8
 Content-Type: multipart/form-data; boundary=something

 Examples

 POST /foo HTTP/1.1
 Content-Length: 68137
 Content-Type: multipart/form-data; boundary=---------------------------974767299852498929531610575

 -----------------------------974767299852498929531610575
 Content-Disposition: form-data; name="description"

 some text
 -----------------------------974767299852498929531610575
 Content-Disposition: form-data; name="myFile"; filename="foo.txt"
 Content-Type: text/plain

 (content of the uploaded file foo.txt)
 -----------------------------974767299852498929531610575--
        See Also:
        Constant Field Values

      • CONTENT_ENCODING

        public static final java.lang.String CONTENT_ENCODING
        Message body information
        Entity header

        Used to specify the compression algorithm. 
        
 Content-Encoding: gzip
 Content-Encoding: compress
 Content-Encoding: deflate
 Content-Encoding: identity
 Content-Encoding: br

 // Multiple, in the order in which they were applied
 Content-Encoding: gzip, identity
 Content-Encoding: deflate, gzip

 Examples
 Compressing with gzip

 On the client side, you can advertise a list
 of compression schemes that will be sent along
 in an HTTP request. The Accept-Encoding header
 is used for negotiating content encoding.

 Accept-Encoding: gzip, deflate

 The server responds with the scheme used,
 indicated by the Content-Encoding response header.

 Content-Encoding: gzip

 Note that the server is not obligated
 to use any compression method. Compression highly
 depends on server settings and used server modules.
        See Also:
        Constant Field Values

      • CONTENT_LANGUAGE

        public static final java.lang.String CONTENT_LANGUAGE
        Message body information
        Entity header

        Describes the human language(s) intended for the audience, so that it allows a user to differentiate according to the users' own preferred language. 
        
 Content-Language: de-DE
 Content-Language: en-US
 Content-Language: de-DE, en-CA

 Examples
 Indicating the language a document is written in

 The global lang attribute is used on HTML elements
 to indicate the language of an entire HTML document
 or parts of it.

 &lt;html lang="de"&gt;

 Do not use this meta element like this
 for stating a document language:

 <!-- /!\ This is bad practice -->
 &lt;meta http-equiv="content-language" content="de"&gt;

 Indicating a target audience for a resource

 The Content-Language header is used to specify
 the intended audience of the page,
 and can indicate that this is more than one language.

 Content-Language: de, en
        See Also:
        Constant Field Values

      • CONTENT_LOCATION

        public static final java.lang.String CONTENT_LOCATION
        Message body information
        Entity header

        Indicates an alternate location for the returned data. 
        
 Content-Location: <url>

 Examples

 Accept: application/json, text/json   -->   Content-Location: /documents/foo.json
 Accept: application/xml, text/xml   -->   Content-Location: /documents/foo.xml
 Accept: text/plain, text/*  -->  Content-Location: /documents/foo.txt
        See Also:
        Constant Field Values

      • FORWARDED

        public static final java.lang.String FORWARDED
        Proxies
        Request header

        Contains information from the client-facing side of proxy servers that is altered or lost when a proxy is involved in the path of the request. 
        
 Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

 Examples

 Using the Forwarded header

 Forwarded: for="_mdn"

 # case insensitive
 Forwarded: For="[2001:db8:cafe::17]:4711"

 # separated by semicolon
 Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43

 # multiple values can be appended using a comma
 Forwarded: for=192.0.2.43, for=198.51.100.17

 Transitioning from X-Forwarded-For to Forwarded

 X-Forwarded-For: 123.34.567.89
 Forwarded: for=123.34.567.89

 X-Forwarded-For: 192.0.2.43, "[2001:db8:cafe::17]"
 Forwarded: for=192.0.2.43, for="[2001:db8:cafe::17]"
        See Also:
        Constant Field Values

      • X_FORWARDED_FOR

        public static final java.lang.String X_FORWARDED_FOR
        Proxies
        Request header

        Identifies the originating IP addresses of a client connecting to a web server through an HTTP proxy or a load balancer. 
        
 X-Forwarded-For: <client>, <proxy1>, <proxy2>

 Examples

 X-Forwarded-For: 2001:db8:85a3:8d3:1319:8a2e:370:7348
 X-Forwarded-For: 203.0.113.195
 X-Forwarded-For: 203.0.113.195, 70.41.3.18, 150.172.238.178

 Other non-standard forms:

 # Used for some Google services
 X-ProxyUser-Ip: 203.0.113.19
        See Also:
        Constant Field Values

      • X_FORWARDED_HOST

        public static final java.lang.String X_FORWARDED_HOST
        Proxies
        Request header

        Identifies the original host requested that a client used to connect to your proxy or load balancer. 
        
 X-Forwarded-Host: <host>

 Examples

 X-Forwarded-Host: id42.example-cdn.com
        See Also:
        Constant Field Values

      • X_FORWARDED_PROTO

        public static final java.lang.String X_FORWARDED_PROTO
        Proxies
        Request header

        Identifies the protocol (HTTP or HTTPS) that a client used to connect to your proxy or load balancer. 
        
 X-Forwarded-Proto: <protocol>

 Examples

 X-Forwarded-Proto: https

 Other non-standard forms:

 # Microsoft
 Front-End-Https: on

 X-Forwarded-Protocol: https
 X-Forwarded-Ssl: on
 X-Url-Scheme: https
        See Also:
        Constant Field Values

      • VIA

        public static final java.lang.String VIA
        Proxies
        General header

        Added by proxies, both forward and reverse proxies, and can appear in the request headers and the response headers. 
        
 Via: [ <protocol-name> "/" ] <protocol-version> <host> [ ":" <port> ]
 or
 Via: [ <protocol-name> "/" ] <protocol-version> <pseudonym>

 Examples

 Via: 1.1 vegur
 Via: HTTP/1.1 GWA
 Via: 1.0 fred, 1.1 p.example.net
        See Also:
        Constant Field Values

      • LOCATION

        public static final java.lang.String LOCATION
        Redirects
        Response header

        Indicates the URL to redirect a page to. 
        
 Location: <url>

 Examples

 Location: /index.html
        See Also:
        Constant Field Values

      • FROM

        public static final java.lang.String FROM
        Request context
        Request header

        Contains an Internet email address for a human user who controls the requesting user agent. 
        
 From: <email>

 Examples

 From: webmaster@example.org
        See Also:
        Constant Field Values

      • HOST

        public static final java.lang.String HOST
        Request context
        Request header

        Specifies the domain name of the server (for virtual hosting), and (optionally) the TCP port number on which the server is listening. 
        
 Host: <host>:<port>

 Examples

 Host: developer.cdn.mozilla.net
        See Also:
        Constant Field Values

      • REFERER

        public static final java.lang.String REFERER
        Request context
        Request header

        The address of the previous web page from which a link to the currently requested page was followed. 
        
 Referer: <url>

 Examples

 Referer: https://developer.mozilla.org/en-US/docs/Web/JavaScript
        See Also:
        Constant Field Values

      • REFERRER_POLICY

        public static final java.lang.String REFERRER_POLICY
        Request context
        Response header

        Governs which referrer information sent in the Referer header should be included with requests made. 
        
 Referrer-Policy: no-referrer
 Referrer-Policy: no-referrer-when-downgrade
 Referrer-Policy: origin
 Referrer-Policy: origin-when-cross-origin
 Referrer-Policy: same-origin
 Referrer-Policy: strict-origin
 Referrer-Policy: strict-origin-when-cross-origin
 Referrer-Policy: unsafe-url
        See Also:
        Directives, Constant Field Values

      • USER_AGENT

        public static final java.lang.String USER_AGENT
        Request context
        Request header

        Contains a characteristic string that allows the network protocol peers to identify the application type, operating system, software vendor or software version of the requesting software user agent. 
        
 User-Agent: <product> / <product-version> <comment>

 Common format for web browsers:

 User-Agent: Mozilla/5.0 (<system-information>) <platform> (<platform-details>) <extensions>

     Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0
 Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0
        See Also:
        Firefox user agent string reference., Syntax., Constant Field Values

      • ALLOW

        public static final java.lang.String ALLOW
        Response context
        Entity header

        Lists the set of HTTP request methods supported by a resource. 
        
 Allow: <http-methods>

 Examples

 Allow: GET, POST, HEAD
        See Also:
        Constant Field Values

      • SERVER

        public static final java.lang.String SERVER
        Response context
        Response header

        Contains information about the software used by the origin server to handle the request. 
        
 Server: <product>

 Examples

 Server: Apache/2.4.1 (Unix)
        See Also:
        Constant Field Values

      • ACCEPT_RANGES

        public static final java.lang.String ACCEPT_RANGES
        Range requests
        Response header

        Indicates if the server supports range requests, and if so in which unit the range can be expressed. 
        
 Accept-Ranges: <range-unit>
 Accept-Ranges: none

 Examples

 Accept-Ranges: bytes
        See Also:
        Constant Field Values

      • RANGE

        public static final java.lang.String RANGE
        Range requests
        Request header

        Indicates the part of a document that the server should return. 
        
 Range: <unit>=<range-start>-
 Range: <unit>=<range-start>-<range-end>
 Range: <unit>=<range-start>-<range-end>, <range-start>-<range-end>
 Range: <unit>=<range-start>-<range-end>, <range-start>-<range-end>, <range-start>-<range-end>
 Range: <unit>=-<suffix-length>

 Examples

 Requesting three ranges from the file.

 Range: bytes=200-1000, 2000-6576, 19000-

 Requesting the first 500 and last 500 bytes of the file.
 The request may be rejected by the server
 if the ranges overlap.

 Range: bytes=0-499, -500
        See Also:
        Constant Field Values

      • IF_RANGE

        public static final java.lang.String IF_RANGE
        Range requests
        Request header

        Creates a conditional range request that is only fulfilled if the given etag or date matches the remote resource. Used to prevent downloading two ranges from incompatible version of the resource. 
        
 If-Range: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT
 If-Range: <etag>

 Examples

 If-Range: Wed, 21 Oct 2015 07:28:00 GMT
        See Also:
        Docs, Constant Field Values

      • CONTENT_RANGE

        public static final java.lang.String CONTENT_RANGE
        Range requests
        Response header

        Indicates where in a full body message a partial message belongs. 
        
 Content-Range: <unit> <range-start>-<range-end>/<size>
 Content-Range: <unit> <range-start>-<range-end>/*
 Content-Range: <unit> * /<size>

 Examples

 Content-Range: bytes 200-1000/67589
        See Also:
        Constant Field Values

      • CROSS_ORIGIN_EMBEDDER_POLICY

        public static final java.lang.String CROSS_ORIGIN_EMBEDDER_POLICY
        Security

        Allows a server to declare an embedder policy for a given document.
        See Also:
        Constant Field Values

      • CROSS_ORIGIN_OPENER_POLICY

        public static final java.lang.String CROSS_ORIGIN_OPENER_POLICY
        Security

        Prevents other domains from opening/controlling a window.
        See Also:
        Constant Field Values

      • CROSS_ORIGIN_RESOURCE_POLICY

        public static final java.lang.String CROSS_ORIGIN_RESOURCE_POLICY
        Security
        Response header

        Prevents other domains from reading the response of the resources to which this header is applied. 
        
 Cross-Origin-Resource-Policy: same-site | same-origin | cross-origin

 Examples

 The response header below will cause compatible user agents to disallow cross-origin no-cors requests:

 Cross-Origin-Resource-Policy: same-origin
        See Also:
        resourcepolicy.fyi, Constant Field Values

      • CONTENT_SECURITY_POLICY

        public static final java.lang.String CONTENT_SECURITY_POLICY
        Security
        Response header

        Controls resources the user agent is allowed to load for a given page. 
        
 Content-Security-Policy: <policy-directive>; <policy-directive>

 Example: Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https:

 // header
 Content-Security-Policy: default-src https:

 // meta tag
 &lt;meta http-equiv="Content-Security-Policy" content="default-src https:"&gt;

 Example: Pre-existing site that uses too much inline code to fix but wants to ensure resources are loaded only over https and disable plugins:

 Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
        See Also:
        Documentation, Constant Field Values

      • CONTENT_SECURITY_POLICY_REPORT_ONLY

        public static final java.lang.String CONTENT_SECURITY_POLICY_REPORT_ONLY
        Security
        Response header

        Allows web developers to experiment with policies by monitoring, but not enforcing, their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI. 
        
 Content-Security-Policy-Report-Only: <policy-directive>; <policy-directive>

 Examples

 This header reports violations that would have occurred.
 You can use this to iteratively work on your
 content security policy. You observe how your site behaves,
 watching for violation reports, or malware redirects,
 then choose the desired policy enforced by
 the Content-Security-Policy header.

 Content-Security-Policy-Report-Only: default-src https:; report-uri /csp-violation-report-endpoint/
        See Also:
        Constant Field Values

      • EXPECT_CT

        public static final java.lang.String EXPECT_CT
        Security
        Response header

        Allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs. 
        
 Expect-CT: report-uri="<uri>",
            enforce,
            max-age=<age>

 Examples

 Expect-CT: max-age=86400, enforce, report-uri="https://foo.example/report"
        See Also:
        Documentation, Constant Field Values

      • FEATURE_POLICY

        public static final java.lang.String FEATURE_POLICY
        Security
        Response header

        Provides a mechanism to allow and deny the use of browser features in its own frame, and in iframes that it embeds. 
        
 Feature-Policy: <directive> <allowlist>

 Example

 SecureCorp Inc. wants to disable Microphone and Geolocation APIs
 in its application. It can do so by delivering
 the following HTTP response header to define a feature policy:

 Feature-Policy: microphone 'none'; geolocation 'none'

 By specifying the 'none' keyword for the origin list,
 the specified features will be disabled for all browsing contexts
 (this includes all iframes), regardless of their origin.
        See Also:
        Documentation, Constant Field Values

      • STRICT_TRANSPORT_SECURITY

        public static final java.lang.String STRICT_TRANSPORT_SECURITY
        Security
        Response header

        Force communication using HTTPS instead of HTTP. 
        
 Strict-Transport-Security: max-age=<expire-time>
 Strict-Transport-Security: max-age=<expire-time>; includeSubDomains
 Strict-Transport-Security: max-age=<expire-time>; preload

 Examples

 All present and future subdomains will be HTTPS for a max-age of
 1 year. This blocks access to pages or sub domains that can
 only be served over HTTP.

 Strict-Transport-Security: max-age=31536000; includeSubDomains

 In the following example, max-age is set to 2 years, raised from
 what was a former limit max-age of 1 year. Note that 1 year is
 acceptable for a domain to be included in browsers' HSTS preload
 lists. 2 years is, however, the recommended goal as a website's
 final HSTS configuration as explained on https://hstspreload.org.
 It also suffixed with preload which is necessary for inclusion
 in most major web browsers' HSTS preload lists,
 e.g. Chromium, Edge, & Firefox.

 Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
        See Also:
        Documentation, Constant Field Values

      • UPGRADE_INSECURE_REQUESTS

        public static final java.lang.String UPGRADE_INSECURE_REQUESTS
        Security
        Request header

        Sends a signal to the server expressing the client’s preference for an encrypted and authenticated response, and that it can successfully handle the upgrade-insecure-requests directive. 
        
 Upgrade-Insecure-Requests: 1

  Examples

 A client requests  signals to the server that it supports
 the upgrade mechanisms of upgrade-insecure-requests:

 GET / HTTP/1.1
 Host: example.com
 Upgrade-Insecure-Requests: 1

 The server can now redirect to a secure version of the site.
 A Vary header can be used so that the site isn't served by
 caches to clients that don’t support the upgrade mechanism.

 Location: https://example.com/
 Vary: Upgrade-Insecure-Requests
        See Also:
        Constant Field Values

      • X_CONTENT_TYPE_OPTIONS

        public static final java.lang.String X_CONTENT_TYPE_OPTIONS
        Security
        Response header

        Disables MIME sniffing and forces browser to use the type given in Content-Type. 
        
 X-Content-Type-Options: nosniff
        See Also:
        Constant Field Values

      • X_DOWNLOAD_OPTIONS

        public static final java.lang.String X_DOWNLOAD_OPTIONS
        Security

        The X-Download-Options HTTP header indicates that the browser (Internet Explorer) should not display the option to "Open" a file that has been downloaded from an application, to prevent phishing attacks as the file otherwise would gain access to execute in the context of the application. (Note: related MS Edge bug).
        See Also:
        Constant Field Values

      • X_FRAME_OPTIONS

        public static final java.lang.String X_FRAME_OPTIONS
        Security
        Response header 
        
 Indicates whether a browser should be allowed to render
 a page in a <frame>, <iframe>, <embed> or <object>.
 
        
 X-Frame-Options: DENY
 X-Frame-Options: SAMEORIGIN
        See Also:
        Documentation, Constant Field Values

      • X_PERMITTED_CROSS_DOMAIN_POLICIES

        public static final java.lang.String X_PERMITTED_CROSS_DOMAIN_POLICIES
        Security

        Specifies if a cross-domain policy file (crossdomain.xml) is allowed. The file may define a policy to grant clients, such as Adobe's Flash Player, Adobe Acrobat, Microsoft Silverlight, or Apache Flex, permission to handle data across domains that would otherwise be restricted due to the Same-Origin Policy. See the Cross-domain Policy File Specification for more information.
        See Also:
        Constant Field Values

      • X_POWERED_BY

        public static final java.lang.String X_POWERED_BY
        Security

        May be set by hosting environments or other frameworks and contains information about them while not providing any usefulness to the application or its visitors. Unset this header to avoid exposing potential vulnerabilities.
        See Also:
        Constant Field Values

      • X_XSS_PROTECTION

        public static final java.lang.String X_XSS_PROTECTION
        Security
        Response header

        Enables cross-site scripting filtering. 
        
 X-XSS-Protection: 0
 X-XSS-Protection: 1
 X-XSS-Protection: 1; mode=block
 X-XSS-Protection: 1; report=<reporting-uri>

 Example

 Block pages from loading when they detect reflected XSS attacks:

 X-XSS-Protection: 1; mode=block

 PHP

 header("X-XSS-Protection: 1; mode=block");

 Apache (.htaccess)

 <IfModule mod_headers.c>
   Header set X-XSS-Protection "1; mode=block"
 </IfModule>

 Nginx

 add_header "X-XSS-Protection" "1; mode=block";
        See Also:
        Documentation, Constant Field Values

      • PUBLIC_KEY_PINS

        @Deprecated
public static final java.lang.String PUBLIC_KEY_PINS
        Deprecated.
        Security
        HTTP Public Key Pinning (HPKP)

        Associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. 
        
 Public-Key-Pins: pin-sha256="<pin-value>";
                  max-age=<expire-time>;
                  includeSubDomains;
                  report-uri="<uri>"

 Examples

 Public-Key-Pins:
   pin-sha256="cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=";
   pin-sha256="M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=";
   max-age=5184000; includeSubDomains;
   report-uri="https://www.example.org/hpkp-report"
        See Also:
        Constant Field Values

      • PUBLIC_KEY_PINS_REPORT_ONLY

        @Deprecated
public static final java.lang.String PUBLIC_KEY_PINS_REPORT_ONLY
        Deprecated.
        Security
        HTTP Public Key Pinning (HPKP)
        Response header

        Sends reports to the report-uri specified in the header and does still allow clients to connect to the server even if the pinning is violated. 
        
 Public-Key-Pins-Report-Only: pin-sha256="<pin-value>";
                              max-age=<expire-time>;
                              includeSubDomains;
                              report-uri="<uri>"

 Public-Key-Pins-Report-Only:
   pin-sha256="cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=";
   pin-sha256="M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=";
   includeSubDomains;
   report-uri="https://www.example.org/hpkp-report"
        See Also:
        Constant Field Values

      • SEC_FETCH_SITE

        public static final java.lang.String SEC_FETCH_SITE
        Security
        Fetch metadata request headers

        It is a request header that indicates the relationship between a request initiator's origin and its target's origin. It is a Structured Header whose value is a token with possible values cross-site, same-origin, same-site, and none. 
        
 Sec-Fetch-Site: cross-site
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Site: same-site
 Sec-Fetch-Site: none
        See Also:
        Documentation, Constant Field Values

      • SEC_FETCH_MODE

        public static final java.lang.String SEC_FETCH_MODE
        Security
        Fetch metadata request headers

        It is a request header that indicates the request's mode to a server. It is a Structured Header whose value is a token with possible values cors, navigate, nested-navigate, no-cors, same-origin, and websocket. 
        
 Sec-Fetch-Mode: cors
 Sec-Fetch-Mode: navigate
 Sec-Fetch-Mode: nested-navigate
 Sec-Fetch-Mode: no-cors
 Sec-Fetch-Mode: same-origin
 Sec-Fetch-Mode: websocket
        See Also:
        Constant Field Values

      • SEC_FETCH_USER

        public static final java.lang.String SEC_FETCH_USER
        Security
        Fetch metadata request headers

        It is a request header that indicates whether or not a navigation request was triggered by user activation. It is a Structured Header whose value is a boolean so possible values are ?0 for false and ?1 for true. 
        
 Sec-Fetch-User: ?0
 Sec-Fetch-User: ?1
        See Also:
        Constant Field Values

      • SEC_FETCH_DEST

        public static final java.lang.String SEC_FETCH_DEST
        Security
        Fetch metadata request headers

        It is a request header that indicates the request's destination to a server. It is a Structured Header whose value is a token with possible values audio, audioworklet, document, embed, empty, font, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt, and nested-document. 
        
 Sec-Fetch-Dest: audio
 Sec-Fetch-Dest: audioworklet
 Sec-Fetch-Dest: document
 Sec-Fetch-Dest: embed
 Sec-Fetch-Dest: empty
 Sec-Fetch-Dest: font
 Sec-Fetch-Dest: image
 Sec-Fetch-Dest: manifest
 Sec-Fetch-Dest: nested-document
 Sec-Fetch-Dest: object
 Sec-Fetch-Dest: paintworklet
 Sec-Fetch-Dest: report
 Sec-Fetch-Dest: script
 Sec-Fetch-Dest: serviceworker
 Sec-Fetch-Dest: sharedworker
 Sec-Fetch-Dest: style
 Sec-Fetch-Dest: track
 Sec-Fetch-Dest: video
 Sec-Fetch-Dest: worker
 Sec-Fetch-Dest: xslt
 Sec-Fetch-Dest: audioworklet
 Sec-Fetch-Dest: audioworklet
        See Also:
        Constant Field Values

      • LAST_EVENT_ID

        public static final java.lang.String LAST_EVENT_ID
        Server-sent events
        See Also:
        Constant Field Values

      • NEL

        public static final java.lang.String NEL
        Server-sent events
        Response header

        Defines a mechanism that enables developers to declare a network error reporting policy. 
        
 NEL: { "report_to": "name_of_reporting_group", "max_age": 12345, "include_subdomains": false, "success_fraction": 0.0, "failure_fraction": 1.0 }
        See Also:
        Network Error Logging (NEL) explainer, Constant Field Values

      • PING_FROM

        public static final java.lang.String PING_FROM
        Server-sent events
        See Also:
        Constant Field Values

      • REPORT_TO

        public static final java.lang.String REPORT_TO
        Server-sent events

        Used to specify a server endpoint for the browser to send warning and error reports to.
        See Also:
        Constant Field Values

      • TRANSFER_ENCODING

        public static final java.lang.String TRANSFER_ENCODING
        Transfer coding
        Response header

        Specifies the form of encoding used to safely transfer the entity to the user. 
        
 Transfer-Encoding: chunked
 Transfer-Encoding: compress
 Transfer-Encoding: deflate
 Transfer-Encoding: gzip
 Transfer-Encoding: identity

 // Several values can be listed, separated by a comma
 Transfer-Encoding: gzip, chunked

 Examples

 HTTP/1.1 200 OK
 Content-Type: text/plain
 Transfer-Encoding: chunked

 7\r\n
 Mozilla\r\n
 9\r\n
 Developer\r\n
 7\r\n
 Network\r\n
 0\r\n
 \r\n
        See Also:
        Documentation, Constant Field Values

      • TE

        public static final java.lang.String TE
        Transfer Encoding
        Request header

        Specifies the transfer encodings the user agent is willing to accept. 
        
  TE: compress
 TE: deflate
 TE: gzip
 TE: trailers

 // Multiple directives, weighted with the quality value syntax:
 TE: trailers, deflate;q=0.5
        See Also:
        Constant Field Values

      • TRAILER

        public static final java.lang.String TRAILER
        Transfer Encoding
        Response header

        Allows the sender to include additional fields at the end of chunked message. 
        
 Trailer: header-names

 Examples
 Chunked transfer encoding using a trailing header

 In this example, the Expires header is used at the
 end of the chunked message and serves as a trailing header.

 HTTP/1.1 200 OK
 Content-Type: text/plain
 Transfer-Encoding: chunked
 Trailer: Expires

 7\r\n
 Mozilla\r\n
 9\r\n
 Developer\r\n
 7\r\n
 Network\r\n
 0\r\n
 Expires: Wed, 21 Oct 2015 07:28:00 GMT\r\n
 \r\n
        See Also:
        Documentation, Constant Field Values

      • SEC_WEBSOCKET_KEY

        public static final java.lang.String SEC_WEBSOCKET_KEY
        WebSockets
        See Also:
        Constant Field Values

      • SEC_WEBSOCKET_EXTENSIONS

        public static final java.lang.String SEC_WEBSOCKET_EXTENSIONS
        WebSockets
        See Also:
        Constant Field Values

      • SEC_WEBSOCKET_ACCEPT

        public static final java.lang.String SEC_WEBSOCKET_ACCEPT
        WebSockets
        See Also:
        Constant Field Values

      • SEC_WEBSOCKET_PROTOCOL

        public static final java.lang.String SEC_WEBSOCKET_PROTOCOL
        WebSockets
        See Also:
        Constant Field Values

      • SEC_WEBSOCKET_VERSION

        public static final java.lang.String SEC_WEBSOCKET_VERSION
        WebSockets
        See Also:
        Constant Field Values

      • ACCEPT_PUSH_POLICY

        public static final java.lang.String ACCEPT_PUSH_POLICY
        Other A client can express the desired push policy for a request by sending an Accept-Push-Policy header field in the request.
        See Also:
        Constant Field Values

      • ACCEPT_SIGNATURE

        public static final java.lang.String ACCEPT_SIGNATURE
        Other A client can send the Accept-Signature header field to indicate intention to take advantage of any available signatures and to indicate what kinds of signatures it supports.
        See Also:
        Constant Field Values

      • ALT_SVC

        public static final java.lang.String ALT_SVC
        Other

        Used to list alternate ways to reach this service. 
        
 Alt-Svc: clear
 Alt-Svc: <protocol-id>=<alt-authority>; ma=<max-age>
 Alt-Svc: <protocol-id>=<alt-authority>; ma=<max-age>; persist=1

 Example

 Alt-Svc: h2=":443"; ma=2592000;
 Alt-Svc: h2=":443"; ma=2592000; persist=1
 Alt-Svc: h2="alt.example.com:443", h2=":443"
 Alt-Svc: h3-25=":443"; ma=3600, h2=":443"; ma=3600
        See Also:
        Constant Field Values

      • Date

        public static final java.lang.String Date
        Other

        Contains the date and time at which the message was originated. 
        
 Date: <day-name>, <day> <month> <year> <hour>:<minute>:<second> GMT

 Examples

 Date: Wed, 21 Oct 2015 07:28:00 GMT
        See Also:
        Constant Field Values

      • LARGE_ALLOCATION

        public static final java.lang.String LARGE_ALLOCATION
        Other
        Response header

        Tells the browser that the page being loaded is going to want to perform a large allocation. 
        
 Large-Allocation: 0
 Large-Allocation: <megabytes>

 0 is a special value which represents uncertainty as to what the size of the allocation is.

 <megabytes> The expected size of the allocation to be performed, in megabytes.

 Examples

 Large-Allocation: 0
 Large-Allocation: 500
        See Also:
        Constant Field Values

      • LINK

        public static final java.lang.String LINK
        Other

        The Link entity-header field provides a means for serialising one or more links in HTTP headers. It is semantically equivalent to the HTML <link> element. 
        
 Link: < uri-reference >; param1=value1; param2="value2"

 Examples

 GOOD Link: <https://example.com>; rel="preconnect"

 WRONG Link: https://bad.example; rel="preconnect"
        See Also:
        Constant Field Values

      • PUSH_POLICY

        public static final java.lang.String PUSH_POLICY
        Other

        A Push-Policy defines the server behaviour regarding push when processing a request.
        See Also:
        Constant Field Values

      • RETRY_AFTER

        public static final java.lang.String RETRY_AFTER
        Other

        Indicates how long the user agent should wait before making a follow-up request.
        See Also:
        Constant Field Values

      • SIGNATURE

        public static final java.lang.String SIGNATURE
        Other

        The Signature header field conveys a list of signatures for an exchange, each one accompanied by information about how to determine the authority of and refresh that signature.
        See Also:
        Constant Field Values

      • SIGNED_HEADERS

        public static final java.lang.String SIGNED_HEADERS
        Other

        The Signed-Headers header field identifies an ordered list of response header fields to include in a signature.
        See Also:
        Constant Field Values

      • SERVER_TIMING

        public static final java.lang.String SERVER_TIMING
        Other

        Communicates one or more metrics and descriptions for the given request-response cycle.
        See Also:
        Constant Field Values

      • SERVICE_WORKER_ALLOWED

        public static final java.lang.String SERVICE_WORKER_ALLOWED
        Other

        Used to remove the path restriction by including this header in the response of the Service Worker script.
        See Also:
        Constant Field Values

      • SOURCEMAP

        public static final java.lang.String SOURCEMAP
        Other
        Response header

        Links generated code to a source map. 
        
 SourceMap: <url>
 X-SourceMap: <url> (deprecated)

 Examples

 SourceMap: /path/to/file.js.map
        See Also:
        Constant Field Values

      • UPGRADE

        public static final java.lang.String UPGRADE
        Other

        The relevant RFC document for the Upgrade header field is RFC 7230, section 6.7. The standard establishes rules for upgrading or changing to a different protocol on the current client, server, transport protocol connection. For example, this header standard allows a client to change from HTTP 1.1 to HTTP 2.0, assuming the server decides to acknowledge and implement the Upgrade header field. Neither party is required to accept the terms specified in the Upgrade header field. It can be used in both client and server headers. If the Upgrade header field is specified, then the sender MUST also send the Connection header field with the upgrade option specified. For details on the Connection header field please see section 6.1 of the aforementioned RFC.
        See Also:
        Constant Field Values

      • X_DNS_PREFETCH_CONTROL

        public static final java.lang.String X_DNS_PREFETCH_CONTROL
        Other

        Controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
        See Also:
        Constant Field Values

      • X_FIREFOX_SPDY

        @Deprecated
public static final java.lang.String X_FIREFOX_SPDY
        Deprecated.
        Other
        See Also:
        Constant Field Values

      • X_REQUESTED_WITH

        public static final java.lang.String X_REQUESTED_WITH
        Other
        See Also:
        Constant Field Values

      • X_ROBOTS_TAG

        public static final java.lang.String X_ROBOTS_TAG
        Other

        The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <meta name="robots" content="...">.
        See Also:
        Constant Field Values

      • X_UA_COMPATIBLE

        public static final java.lang.String X_UA_COMPATIBLE
        Other

        Used by Internet Explorer to signal which document mode to use.
        See Also:
        Constant Field Values