source: draft-ietf-httpbis/latest/p3-payload.html @ 964

Last change on this file since 964 was 964, checked in by fielding@…, 9 years ago

generate html

  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/html;charset=utf-8
File size: 208.8 KB
RevLine 
[52]1<!DOCTYPE html
2  PUBLIC "-//W3C//DTD HTML 4.01//EN">
3<html lang="en">
[573]4   <head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
[52]5      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
6      <title>HTTP/1.1, part 3: Message Payload and Content Negotiation</title><style type="text/css" title="Xml2Rfc (sans serif)">
7a {
8  text-decoration: none;
9}
10a.smpl {
11  color: black;
12}
13a:hover {
14  text-decoration: underline;
15}
16a:active {
17  text-decoration: underline;
18}
19address {
20  margin-top: 1em;
21  margin-left: 2em;
22  font-style: normal;
23}
24body {
25  color: black;
26  font-family: verdana, helvetica, arial, sans-serif;
27  font-size: 10pt;
28}
29cite {
30  font-style: normal;
31}
[563]32div.note {
33  margin-left: 2em;
34}
[52]35dd {
36  margin-right: 2em;
37}
38dl {
39  margin-left: 2em;
40}
41
[729]42ul.empty {
43  list-style-type: none;
44}
45ul.empty li {
[52]46  margin-top: .5em;
47}
48dl p {
49  margin-left: 0em;
50}
51dt {
52  margin-top: .5em;
53}
54h1 {
55  font-size: 14pt;
56  line-height: 21pt;
57  page-break-after: avoid;
58}
59h1.np {
60  page-break-before: always;
61}
62h1 a {
63  color: #333333;
64}
65h2 {
66  font-size: 12pt;
67  line-height: 15pt;
68  page-break-after: avoid;
69}
[446]70h3, h4, h5, h6 {
[52]71  font-size: 10pt;
72  page-break-after: avoid;
73}
[446]74h2 a, h3 a, h4 a, h5 a, h6 a {
[52]75  color: black;
76}
77img {
78  margin-left: 3em;
79}
80li {
81  margin-left: 2em;
82  margin-right: 2em;
83}
84ol {
85  margin-left: 2em;
86  margin-right: 2em;
87}
88ol p {
89  margin-left: 0em;
90}
91p {
92  margin-left: 2em;
93  margin-right: 2em;
94}
95pre {
96  margin-left: 3em;
97  background-color: lightyellow;
98  padding: .25em;
99}
100pre.text2 {
101  border-style: dotted;
102  border-width: 1px;
103  background-color: #f0f0f0;
104  width: 69em;
105}
106pre.inline {
107  background-color: white;
108  padding: 0em;
109}
110pre.text {
111  border-style: dotted;
112  border-width: 1px;
113  background-color: #f8f8f8;
114  width: 69em;
115}
116pre.drawing {
117  border-style: solid;
118  border-width: 1px;
119  background-color: #f8f8f8;
120  padding: 2em;
121}
122table {
123  margin-left: 2em;
124}
[253]125table.tt {
126  vertical-align: top;
127}
128table.full {
129  border-style: outset;
130  border-width: 1px;
131}
132table.headers {
133  border-style: outset;
134  border-width: 1px;
135}
136table.tt td {
137  vertical-align: top;
138}
139table.full td {
140  border-style: inset;
141  border-width: 1px;
142}
143table.tt th {
144  vertical-align: top;
145}
146table.full th {
147  border-style: inset;
148  border-width: 1px;
149}
150table.headers th {
151  border-style: none none inset none;
152  border-width: 1px;
153}
[663]154table.left {
155  margin-right: auto;
156}
157table.right {
158  margin-left: auto;
159}
160table.center {
161  margin-left: auto;
162  margin-right: auto;
163}
[454]164caption {
165  caption-side: bottom;
166  font-weight: bold;
167  font-size: 9pt;
168  margin-top: .5em;
169}
170
[52]171table.header {
[729]172  border-spacing: 1px;
[52]173  width: 95%;
174  font-size: 10pt;
175  color: white;
176}
177td.top {
178  vertical-align: top;
179}
180td.topnowrap {
181  vertical-align: top;
182  white-space: nowrap; 
183}
[729]184table.header td {
[52]185  background-color: gray;
186  width: 50%;
187}
[729]188table.header a {
[227]189  color: white;
190}
[52]191td.reference {
192  vertical-align: top;
193  white-space: nowrap;
194  padding-right: 1em;
195}
196thead {
197  display:table-header-group;
198}
199ul.toc {
200  list-style: none;
201  margin-left: 1.5em;
202  margin-right: 0em;
203  padding-left: 0em;
204}
205li.tocline0 {
206  line-height: 150%;
207  font-weight: bold;
208  font-size: 10pt;
209  margin-left: 0em;
210  margin-right: 0em;
211}
212li.tocline1 {
213  line-height: normal;
214  font-weight: normal;
215  font-size: 9pt;
216  margin-left: 0em;
217  margin-right: 0em;
218}
219li.tocline2 {
220  font-size: 0pt;
221}
222ul p {
223  margin-left: 0em;
224}
225ul.ind {
226  list-style: none;
227  margin-left: 1.5em;
228  margin-right: 0em;
229  padding-left: 0em;
[440]230  page-break-before: avoid;
[52]231}
232li.indline0 {
233  font-weight: bold;
234  line-height: 200%;
235  margin-left: 0em;
236  margin-right: 0em;
237}
238li.indline1 {
239  font-weight: normal;
240  line-height: 150%;
241  margin-left: 0em;
242  margin-right: 0em;
243}
[662]244.avoidbreak {
245  page-break-inside: avoid;
246}
[52]247.bcp14 {
248  font-style: normal;
249  text-transform: lowercase;
250  font-variant: small-caps;
251}
252.comment {
253  background-color: yellow;
254}
255.center {
256  text-align: center;
257}
258.error {
259  color: red;
260  font-style: italic;
261  font-weight: bold;
262}
263.figure {
264  font-weight: bold;
265  text-align: center;
266  font-size: 9pt;
267}
268.filename {
269  color: #333333;
270  font-weight: bold;
271  font-size: 12pt;
272  line-height: 21pt;
273  text-align: center;
274}
275.fn {
276  font-weight: bold;
277}
278.hidden {
279  display: none;
280}
281.left {
282  text-align: left;
283}
284.right {
285  text-align: right;
286}
287.title {
288  color: #990000;
289  font-size: 18pt;
290  line-height: 18pt;
291  font-weight: bold;
292  text-align: center;
293  margin-top: 36pt;
294}
295.vcardline {
296  display: block;
297}
298.warning {
299  font-size: 14pt;
300  background-color: yellow;
301}
302
303
304@media print {
305  .noprint {
306    display: none;
307  }
308 
309  a {
310    color: black;
311    text-decoration: none;
312  }
313
314  table.header {
315    width: 90%;
316  }
317
318  td.header {
319    width: 50%;
320    color: black;
321    background-color: white;
322    vertical-align: top;
323    font-size: 12pt;
324  }
325
326  ul.toc a::after {
327    content: leader('.') target-counter(attr(href), page);
328  }
329 
330  a.iref {
331    content: target-counter(attr(href), page);
332  }
333 
334  .print2col {
335    column-count: 2;
336    -moz-column-count: 2;
337    column-fill: auto;
338  }
339}
340
341@page {
342  @top-left {
[754]343       content: "Internet-Draft"; 
[52]344  } 
345  @top-right {
[832]346       content: "July 2010"; 
[52]347  } 
348  @top-center {
[120]349       content: "HTTP/1.1, Part 3"; 
[52]350  } 
351  @bottom-left {
352       content: "Fielding, et al."; 
353  } 
354  @bottom-center {
355       content: "Standards Track"; 
356  } 
357  @bottom-right {
358       content: "[Page " counter(page) "]"; 
359  } 
360}
361
362@page:first { 
363    @top-left {
364      content: normal;
365    }
366    @top-right {
367      content: normal;
368    }
369    @top-center {
370      content: normal;
371    }
372}
373</style><link rel="Contents" href="#rfc.toc">
374      <link rel="Author" href="#rfc.authors">
[754]375      <link rel="Copyright" href="#rfc.copyrightnotice">
[52]376      <link rel="Index" href="#rfc.index">
377      <link rel="Chapter" title="1 Introduction" href="#rfc.section.1">
[424]378      <link rel="Chapter" title="2 Protocol Parameters" href="#rfc.section.2">
[875]379      <link rel="Chapter" title="3 Representation" href="#rfc.section.3">
[424]380      <link rel="Chapter" title="4 Content Negotiation" href="#rfc.section.4">
381      <link rel="Chapter" title="5 Header Field Definitions" href="#rfc.section.5">
382      <link rel="Chapter" title="6 IANA Considerations" href="#rfc.section.6">
383      <link rel="Chapter" title="7 Security Considerations" href="#rfc.section.7">
384      <link rel="Chapter" title="8 Acknowledgments" href="#rfc.section.8">
385      <link rel="Chapter" href="#rfc.section.9" title="9 References">
[875]386      <link rel="Appendix" title="A Differences between HTTP and MIME" href="#rfc.section.A">
[52]387      <link rel="Appendix" title="B Additional Features" href="#rfc.section.B">
[912]388      <link rel="Appendix" title="C Changes from RFC 2616" href="#rfc.section.C">
[421]389      <link rel="Appendix" title="D Collected ABNF" href="#rfc.section.D">
390      <link rel="Appendix" title="E Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.E">
[832]391      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.518, 2010-06-27 12:07:31, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
[754]392      <link rel="schema.dct" href="http://purl.org/dc/terms/">
393      <meta name="dct.creator" content="Fielding, R.">
394      <meta name="dct.creator" content="Gettys, J.">
395      <meta name="dct.creator" content="Mogul, J.">
396      <meta name="dct.creator" content="Frystyk, H.">
397      <meta name="dct.creator" content="Masinter, L.">
398      <meta name="dct.creator" content="Leach, P.">
399      <meta name="dct.creator" content="Berners-Lee, T.">
400      <meta name="dct.creator" content="Lafon, Y.">
401      <meta name="dct.creator" content="Reschke, J. F.">
402      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p3-payload-latest">
[964]403      <meta name="dct.issued" scheme="ISO8601" content="2010-07-29">
[754]404      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
405      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 3 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 3 defines HTTP message content, metadata, and content negotiation.">
[689]406      <meta name="description" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 3 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 3 defines HTTP message content, metadata, and content negotiation.">
[52]407   </head>
408   <body>
[729]409      <table class="header">
410         <tbody>
411            <tr>
412               <td class="left">HTTPbis Working Group</td>
413               <td class="right">R. Fielding, Editor</td>
414            </tr>
415            <tr>
[754]416               <td class="left">Internet-Draft</td>
[729]417               <td class="right">Day Software</td>
418            </tr>
419            <tr>
[741]420               <td class="left">Obsoletes: <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved)
[729]421               </td>
422               <td class="right">J. Gettys</td>
423            </tr>
424            <tr>
[741]425               <td class="left">Intended status: Standards Track</td>
[844]426               <td class="right">Alcatel-Lucent</td>
[729]427            </tr>
428            <tr>
[964]429               <td class="left">Expires: January 30, 2011</td>
[729]430               <td class="right">J. Mogul</td>
431            </tr>
432            <tr>
[741]433               <td class="left"></td>
[729]434               <td class="right">HP</td>
435            </tr>
436            <tr>
437               <td class="left"></td>
438               <td class="right">H. Frystyk</td>
439            </tr>
440            <tr>
441               <td class="left"></td>
442               <td class="right">Microsoft</td>
443            </tr>
444            <tr>
445               <td class="left"></td>
446               <td class="right">L. Masinter</td>
447            </tr>
448            <tr>
449               <td class="left"></td>
450               <td class="right">Adobe Systems</td>
451            </tr>
452            <tr>
453               <td class="left"></td>
454               <td class="right">P. Leach</td>
455            </tr>
456            <tr>
457               <td class="left"></td>
458               <td class="right">Microsoft</td>
459            </tr>
460            <tr>
461               <td class="left"></td>
462               <td class="right">T. Berners-Lee</td>
463            </tr>
464            <tr>
465               <td class="left"></td>
466               <td class="right">W3C/MIT</td>
467            </tr>
468            <tr>
469               <td class="left"></td>
470               <td class="right">Y. Lafon, Editor</td>
471            </tr>
472            <tr>
473               <td class="left"></td>
474               <td class="right">W3C</td>
475            </tr>
476            <tr>
477               <td class="left"></td>
[832]478               <td class="right">J. Reschke, Editor</td>
[729]479            </tr>
480            <tr>
481               <td class="left"></td>
482               <td class="right">greenbytes</td>
483            </tr>
484            <tr>
485               <td class="left"></td>
[964]486               <td class="right">July 29, 2010</td>
[729]487            </tr>
488         </tbody>
[52]489      </table>
490      <p class="title">HTTP/1.1, part 3: Message Payload and Content Negotiation<br><span class="filename">draft-ietf-httpbis-p3-payload-latest</span></p>
[723]491      <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1> 
492      <p>The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information
493         systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 3 of the
494         seven-part specification that defines the protocol referred to as "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part
495         3 defines HTTP message content, metadata, and content negotiation.
496      </p> 
497      <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1> 
498      <p>Discussion of this draft should take place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org). The current issues
[848]499         list is at &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/report/3">http://tools.ietf.org/wg/httpbis/trac/report/3</a>&gt; and related documents (including fancy diffs) can be found at &lt;<a href="http://tools.ietf.org/wg/httpbis/">http://tools.ietf.org/wg/httpbis/</a>&gt;.
[723]500      </p> 
[841]501      <p>The changes in this draft are summarized in <a href="#changes.since.10" title="Since draft-ietf-httpbis-p3-payload-10">Appendix&nbsp;E.12</a>.
[723]502      </p> 
[799]503      <h1><a id="rfc.status" href="#rfc.status">Status of This Memo</a></h1>
504      <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
505      <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute
506         working documents as Internet-Drafts. The list of current Internet-Drafts is at <a href="http://datatracker.ietf.org/drafts/current/">http://datatracker.ietf.org/drafts/current/</a>.
[52]507      </p>
508      <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other
509         documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work
510         in progress”.
511      </p>
[964]512      <p>This Internet-Draft will expire in January 30, 2011.</p>
[446]513      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
[741]514      <p>Copyright © 2010 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
[723]515      <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights
516         and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License
[799]517         text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified
518         BSD License.
[446]519      </p>
[723]520      <p>This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November
521         10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to
522         allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s)
523         controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative
524         works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate
525         it into languages other than English.
526      </p>
[52]527      <hr class="noprint">
528      <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
529      <ul class="toc">
[96]530         <li class="tocline0">1.&nbsp;&nbsp;&nbsp;<a href="#introduction">Introduction</a><ul class="toc">
[660]531               <li class="tocline1">1.1&nbsp;&nbsp;&nbsp;<a href="#terminology">Terminology</a></li>
532               <li class="tocline1">1.2&nbsp;&nbsp;&nbsp;<a href="#intro.requirements">Requirements</a></li>
533               <li class="tocline1">1.3&nbsp;&nbsp;&nbsp;<a href="#notation">Syntax Notation</a><ul class="toc">
534                     <li class="tocline1">1.3.1&nbsp;&nbsp;&nbsp;<a href="#core.rules">Core Rules</a></li>
535                     <li class="tocline1">1.3.2&nbsp;&nbsp;&nbsp;<a href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></li>
[424]536                  </ul>
537               </li>
[96]538            </ul>
539         </li>
[424]540         <li class="tocline0">2.&nbsp;&nbsp;&nbsp;<a href="#protocol.parameters">Protocol Parameters</a><ul class="toc">
541               <li class="tocline1">2.1&nbsp;&nbsp;&nbsp;<a href="#character.sets">Character Sets</a><ul class="toc">
542                     <li class="tocline1">2.1.1&nbsp;&nbsp;&nbsp;<a href="#missing.charset">Missing Charset</a></li>
[211]543                  </ul>
544               </li>
[670]545               <li class="tocline1">2.2&nbsp;&nbsp;&nbsp;<a href="#content.codings">Content Codings</a><ul class="toc">
546                     <li class="tocline1">2.2.1&nbsp;&nbsp;&nbsp;<a href="#content.coding.registry">Content Coding Registry</a></li>
547                  </ul>
548               </li>
[424]549               <li class="tocline1">2.3&nbsp;&nbsp;&nbsp;<a href="#media.types">Media Types</a><ul class="toc">
550                     <li class="tocline1">2.3.1&nbsp;&nbsp;&nbsp;<a href="#canonicalization.and.text.defaults">Canonicalization and Text Defaults</a></li>
551                     <li class="tocline1">2.3.2&nbsp;&nbsp;&nbsp;<a href="#multipart.types">Multipart Types</a></li>
[52]552                  </ul>
553               </li>
[457]554               <li class="tocline1">2.4&nbsp;&nbsp;&nbsp;<a href="#language.tags">Language Tags</a></li>
[52]555            </ul>
556         </li>
[875]557         <li class="tocline0">3.&nbsp;&nbsp;&nbsp;<a href="#representation">Representation</a><ul class="toc">
[424]558               <li class="tocline1">3.1&nbsp;&nbsp;&nbsp;<a href="#entity.header.fields">Entity Header Fields</a></li>
[875]559               <li class="tocline1">3.2&nbsp;&nbsp;&nbsp;<a href="#payload.body">Payload Body</a><ul class="toc">
[424]560                     <li class="tocline1">3.2.1&nbsp;&nbsp;&nbsp;<a href="#type">Type</a></li>
[52]561                  </ul>
562               </li>
563            </ul>
564         </li>
[424]565         <li class="tocline0">4.&nbsp;&nbsp;&nbsp;<a href="#content.negotiation">Content Negotiation</a><ul class="toc">
566               <li class="tocline1">4.1&nbsp;&nbsp;&nbsp;<a href="#server-driven.negotiation">Server-driven Negotiation</a></li>
567               <li class="tocline1">4.2&nbsp;&nbsp;&nbsp;<a href="#agent-driven.negotiation">Agent-driven Negotiation</a></li>
[52]568            </ul>
569         </li>
[424]570         <li class="tocline0">5.&nbsp;&nbsp;&nbsp;<a href="#header.fields">Header Field Definitions</a><ul class="toc">
571               <li class="tocline1">5.1&nbsp;&nbsp;&nbsp;<a href="#header.accept">Accept</a></li>
572               <li class="tocline1">5.2&nbsp;&nbsp;&nbsp;<a href="#header.accept-charset">Accept-Charset</a></li>
573               <li class="tocline1">5.3&nbsp;&nbsp;&nbsp;<a href="#header.accept-encoding">Accept-Encoding</a></li>
574               <li class="tocline1">5.4&nbsp;&nbsp;&nbsp;<a href="#header.accept-language">Accept-Language</a></li>
575               <li class="tocline1">5.5&nbsp;&nbsp;&nbsp;<a href="#header.content-encoding">Content-Encoding</a></li>
576               <li class="tocline1">5.6&nbsp;&nbsp;&nbsp;<a href="#header.content-language">Content-Language</a></li>
577               <li class="tocline1">5.7&nbsp;&nbsp;&nbsp;<a href="#header.content-location">Content-Location</a></li>
578               <li class="tocline1">5.8&nbsp;&nbsp;&nbsp;<a href="#header.content-md5">Content-MD5</a></li>
579               <li class="tocline1">5.9&nbsp;&nbsp;&nbsp;<a href="#header.content-type">Content-Type</a></li>
[52]580            </ul>
581         </li>
[424]582         <li class="tocline0">6.&nbsp;&nbsp;&nbsp;<a href="#IANA.considerations">IANA Considerations</a><ul class="toc">
[923]583               <li class="tocline1">6.1&nbsp;&nbsp;&nbsp;<a href="#header.field.registration">Header Field Registration</a></li>
[673]584               <li class="tocline1">6.2&nbsp;&nbsp;&nbsp;<a href="#content.coding.registration">Content Coding Registry</a></li>
[253]585            </ul>
586         </li>
[424]587         <li class="tocline0">7.&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a><ul class="toc">
588               <li class="tocline1">7.1&nbsp;&nbsp;&nbsp;<a href="#privacy.issues.connected.to.accept.headers">Privacy Issues Connected to Accept Headers</a></li>
589               <li class="tocline1">7.2&nbsp;&nbsp;&nbsp;<a href="#content-disposition.issues">Content-Disposition Issues</a></li>
[52]590            </ul>
591         </li>
[424]592         <li class="tocline0">8.&nbsp;&nbsp;&nbsp;<a href="#ack">Acknowledgments</a></li>
593         <li class="tocline0">9.&nbsp;&nbsp;&nbsp;<a href="#rfc.references">References</a><ul class="toc">
594               <li class="tocline1">9.1&nbsp;&nbsp;&nbsp;<a href="#rfc.references.1">Normative References</a></li>
595               <li class="tocline1">9.2&nbsp;&nbsp;&nbsp;<a href="#rfc.references.2">Informative References</a></li>
[119]596            </ul>
597         </li>
[52]598         <li class="tocline0"><a href="#rfc.authors">Authors' Addresses</a></li>
[875]599         <li class="tocline0">A.&nbsp;&nbsp;&nbsp;<a href="#differences.between.http.and.mime">Differences between HTTP and MIME</a><ul class="toc">
[52]600               <li class="tocline1">A.1&nbsp;&nbsp;&nbsp;<a href="#mime-version">MIME-Version</a></li>
601               <li class="tocline1">A.2&nbsp;&nbsp;&nbsp;<a href="#conversion.to.canonical.form">Conversion to Canonical Form</a></li>
[385]602               <li class="tocline1">A.3&nbsp;&nbsp;&nbsp;<a href="#conversion.of.date.formats">Conversion of Date Formats</a></li>
603               <li class="tocline1">A.4&nbsp;&nbsp;&nbsp;<a href="#introduction.of.content-encoding">Introduction of Content-Encoding</a></li>
604               <li class="tocline1">A.5&nbsp;&nbsp;&nbsp;<a href="#no.content-transfer-encoding">No Content-Transfer-Encoding</a></li>
605               <li class="tocline1">A.6&nbsp;&nbsp;&nbsp;<a href="#introduction.of.transfer-encoding">Introduction of Transfer-Encoding</a></li>
606               <li class="tocline1">A.7&nbsp;&nbsp;&nbsp;<a href="#mhtml.line.length">MHTML and Line Length Limitations</a></li>
[52]607            </ul>
608         </li>
609         <li class="tocline0">B.&nbsp;&nbsp;&nbsp;<a href="#additional.features">Additional Features</a><ul class="toc">
610               <li class="tocline1">B.1&nbsp;&nbsp;&nbsp;<a href="#content-disposition">Content-Disposition</a></li>
611            </ul>
612         </li>
[912]613         <li class="tocline0">C.&nbsp;&nbsp;&nbsp;<a href="#changes.from.rfc.2616">Changes from RFC 2616</a></li>
[421]614         <li class="tocline0">D.&nbsp;&nbsp;&nbsp;<a href="#collected.abnf">Collected ABNF</a></li>
615         <li class="tocline0">E.&nbsp;&nbsp;&nbsp;<a href="#change.log">Change Log (to be removed by RFC Editor before publication)</a><ul class="toc">
616               <li class="tocline1">E.1&nbsp;&nbsp;&nbsp;<a href="#rfc.section.E.1">Since RFC2616</a></li>
617               <li class="tocline1">E.2&nbsp;&nbsp;&nbsp;<a href="#rfc.section.E.2">Since draft-ietf-httpbis-p3-payload-00</a></li>
618               <li class="tocline1">E.3&nbsp;&nbsp;&nbsp;<a href="#rfc.section.E.3">Since draft-ietf-httpbis-p3-payload-01</a></li>
619               <li class="tocline1">E.4&nbsp;&nbsp;&nbsp;<a href="#changes.since.02">Since draft-ietf-httpbis-p3-payload-02</a></li>
620               <li class="tocline1">E.5&nbsp;&nbsp;&nbsp;<a href="#changes.since.03">Since draft-ietf-httpbis-p3-payload-03</a></li>
621               <li class="tocline1">E.6&nbsp;&nbsp;&nbsp;<a href="#changes.since.04">Since draft-ietf-httpbis-p3-payload-04</a></li>
622               <li class="tocline1">E.7&nbsp;&nbsp;&nbsp;<a href="#changes.since.05">Since draft-ietf-httpbis-p3-payload-05</a></li>
[547]623               <li class="tocline1">E.8&nbsp;&nbsp;&nbsp;<a href="#changes.since.06">Since draft-ietf-httpbis-p3-payload-06</a></li>
[604]624               <li class="tocline1">E.9&nbsp;&nbsp;&nbsp;<a href="#changes.since.07">Since draft-ietf-httpbis-p3-payload-07</a></li>
[720]625               <li class="tocline1">E.10&nbsp;&nbsp;&nbsp;<a href="#changes.since.08">Since draft-ietf-httpbis-p3-payload-08</a></li>
[773]626               <li class="tocline1">E.11&nbsp;&nbsp;&nbsp;<a href="#changes.since.09">Since draft-ietf-httpbis-p3-payload-09</a></li>
[841]627               <li class="tocline1">E.12&nbsp;&nbsp;&nbsp;<a href="#changes.since.10">Since draft-ietf-httpbis-p3-payload-10</a></li>
[115]628            </ul>
629         </li>
[52]630         <li class="tocline0"><a href="#rfc.index">Index</a></li>
631      </ul>
632      <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a>&nbsp;<a id="introduction" href="#introduction">Introduction</a></h1>
[163]633      <p id="rfc.section.1.p.1">This document defines HTTP/1.1 message payloads (a.k.a., content), the associated metadata header fields that define how the
[912]634         payload is intended to be interpreted by a recipient, the request header fields that might influence content selection, and
[163]635         the various selection algorithms that are collectively referred to as HTTP content negotiation.
[52]636      </p>
[161]637      <p id="rfc.section.1.p.2">This document is currently disorganized in order to minimize the changes between drafts and enable reviewers to see the smaller
638         errata changes. The next draft will reorganize the sections to better reflect the content. In particular, the sections on
639         entities will be renamed payload and moved to the first half of the document, while the sections on content negotiation and
640         associated request header fields will be moved to the second half. The current mess reflects how widely dispersed these topics
641         and associated requirements had become in <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>.
642      </p>
[660]643      <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a id="terminology" href="#terminology">Terminology</a></h2>
644      <p id="rfc.section.1.1.p.1">This specification uses a number of terms to refer to the roles played by participants in, and objects of, the HTTP communication.</p>
645      <p id="rfc.section.1.1.p.2"> <span id="rfc.iref.c.1"></span>  <dfn>content negotiation</dfn> 
646      </p>
[729]647      <ul class="empty">
[857]648         <li>The mechanism for selecting the appropriate representation when servicing a request. The representation in any response can
649            be negotiated (including error responses).
[729]650         </li>
651      </ul>
[857]652      <p id="rfc.section.1.1.p.3"> <span id="rfc.iref.p.1"></span>  <dfn>payload</dfn> 
[660]653      </p>
[729]654      <ul class="empty">
[857]655         <li>The information transferred within a given message is called the payload, consisting of optional payload metadata and an optional
656            payload body. The payload in HTTP is always a partial or complete representation of some resource, though which resource is
657            represented is dependent on the type of message (request or response), the request method, and the response status code.
[729]658         </li>
659      </ul>
[660]660      <p id="rfc.section.1.1.p.4"> <span id="rfc.iref.r.1"></span>  <dfn>representation</dfn> 
661      </p>
[729]662      <ul class="empty">
[857]663         <li>A representation is information in a format that can be readily communicated from one party to another. For our purposes,
664            a representation is binary data and its associated metadata. A representation of a resource is information that reflects the
665            state of that resource, as observed at some point in the past or to be desired at some point in the future.
[729]666         </li>
667      </ul>
[660]668      <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a id="intro.requirements" href="#intro.requirements">Requirements</a></h2>
669      <p id="rfc.section.1.2.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
[96]670         in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
671      </p>
[847]672      <p id="rfc.section.1.2.p.2">An implementation is not compliant if it fails to satisfy one or more of the "MUST" or "REQUIRED" level requirements for the
673         protocols it implements. An implementation that satisfies all the "MUST" or "REQUIRED" level and all the "SHOULD" level requirements
674         for its protocols is said to be "unconditionally compliant"; one that satisfies all the "MUST" level requirements but not
675         all the "SHOULD" level requirements for its protocols is said to be "conditionally compliant".
[96]676      </p>
[660]677      <h2 id="rfc.section.1.3"><a href="#rfc.section.1.3">1.3</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
678      <p id="rfc.section.1.3.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation" title="Syntax Notation">Section 1.2</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> (which extends the syntax defined in <a href="#RFC5234" id="rfc.xref.RFC5234.1"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a> with a list rule). <a href="#collected.abnf" title="Collected ABNF">Appendix&nbsp;D</a> shows the collected ABNF, with the list rule expanded.
[543]679      </p>
[660]680      <p id="rfc.section.1.3.p.2">The following core rules are included by reference, as defined in <a href="#RFC5234" id="rfc.xref.RFC5234.2"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>, <a href="http://tools.ietf.org/html/rfc5234#appendix-B.1">Appendix B.1</a>: ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), HEXDIG
[425]681         (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit sequence of data), SP (space), VCHAR (any visible USASCII character),
682         and WSP (whitespace).
[205]683      </p>
[660]684      <h3 id="rfc.section.1.3.1"><a href="#rfc.section.1.3.1">1.3.1</a>&nbsp;<a id="core.rules" href="#core.rules">Core Rules</a></h3>
685      <p id="rfc.section.1.3.1.p.1">The core rules below are defined in <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>:
[424]686      </p>
[425]687      <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#core.rules" class="smpl">quoted-string</a>  = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt;
688  <a href="#core.rules" class="smpl">token</a>          = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt;
[810]689  <a href="#core.rules" class="smpl">word</a>           = &lt;word, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt;
690  <a href="#core.rules" class="smpl">OWS</a>            = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt;
[660]691</pre><h3 id="rfc.section.1.3.2"><a href="#rfc.section.1.3.2">1.3.2</a>&nbsp;<a id="abnf.dependencies" href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></h3>
692      <p id="rfc.section.1.3.2.p.1">The ABNF rules below are defined in other parts:</p>
[810]693      <div id="rfc.figure.u.2"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">absolute-URI</a>   = &lt;absolute-URI, defined in <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt;
694  <a href="#abnf.dependencies" class="smpl">Content-Length</a> = &lt;Content-Length, defined in <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a>&gt;
695  <a href="#abnf.dependencies" class="smpl">header-field</a>   = &lt;header-field, defined in <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.fields" title="Header Fields">Section 3.2</a>&gt;
696  <a href="#abnf.dependencies" class="smpl">partial-URI</a>    = &lt;partial-URI, defined in <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#uri" title="Uniform Resource Identifiers">Section 2.6</a>&gt;
697  <a href="#abnf.dependencies" class="smpl">qvalue</a>         = &lt;qvalue, defined in <a href="#Part1" id="rfc.xref.Part1.11"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a>&gt;
[425]698</pre><div id="rfc.figure.u.3"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">Last-Modified</a>  = &lt;Last-Modified, defined in <a href="#Part4" id="rfc.xref.Part4.1"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>, <a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 6.6</a>&gt;
699</pre><div id="rfc.figure.u.4"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">Content-Range</a>  = &lt;Content-Range, defined in <a href="#Part5" id="rfc.xref.Part5.1"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a>, <a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a>&gt;
[538]700</pre><div id="rfc.figure.u.5"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">Expires</a>        = &lt;Expires, defined in <a href="#Part6" id="rfc.xref.Part6.1"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.expires" title="Expires">Section 3.3</a>&gt;
[424]701</pre><h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="protocol.parameters" href="#protocol.parameters">Protocol Parameters</a></h1>
702      <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="character.sets" href="#character.sets">Character Sets</a></h2>
703      <p id="rfc.section.2.1.p.1">HTTP uses the same definition of the term "character set" as that described for MIME:</p>
704      <p id="rfc.section.2.1.p.2">The term "character set" is used in this document to refer to a method used with one or more tables to convert a sequence
[52]705         of octets into a sequence of characters. Note that unconditional conversion in the other direction is not required, in that
[912]706         not all characters might be available in a given character set and a character set might provide more than one sequence of
707         octets to represent a particular character. This definition is intended to allow various kinds of character encoding, from
708         simple single-table mappings such as US-ASCII to complex table switching methods such as those that use ISO-2022's techniques.
709         However, the definition associated with a MIME character set name <em class="bcp14">MUST</em> fully specify the mapping to be performed from octets to characters. In particular, use of external profiling information
[52]710         to determine the exact mapping is not permitted.
711      </p>
[754]712      <div class="note" id="rfc.section.2.1.p.3"> 
[879]713         <p> <b>Note:</b> This use of the term "character set" is more commonly referred to as a "character encoding". However, since HTTP and MIME
[52]714            share the same registry, it is important that the terminology also be shared.
[563]715         </p> 
716      </div>
[229]717      <div id="rule.charset">
[424]718         <p id="rfc.section.2.1.p.4">  HTTP character sets are identified by case-insensitive tokens. The complete set of tokens is defined by the IANA Character
[229]719            Set registry (&lt;<a href="http://www.iana.org/assignments/character-sets">http://www.iana.org/assignments/character-sets</a>&gt;).
720         </p>
721      </div>
[425]722      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.1"></span>  <a href="#rule.charset" class="smpl">charset</a> = <a href="#core.rules" class="smpl">token</a>
[424]723</pre><p id="rfc.section.2.1.p.6">Although HTTP allows an arbitrary token to be used as a charset value, any token that has a predefined value within the IANA
[92]724         Character Set registry <em class="bcp14">MUST</em> represent the character set defined by that registry. Applications <em class="bcp14">SHOULD</em> limit their use of character sets to those defined by the IANA registry.
[52]725      </p>
[424]726      <p id="rfc.section.2.1.p.7">HTTP uses charset in two contexts: within an Accept-Charset request header (in which the charset value is an unquoted token)
[115]727         and as the value of a parameter in a Content-Type header (within a request or response), in which case the parameter value
[912]728         of the charset parameter can be quoted.
[52]729      </p>
[424]730      <p id="rfc.section.2.1.p.8">Implementors should be aware of IETF character set requirements <a href="#RFC3629" id="rfc.xref.RFC3629.1"><cite title="UTF-8, a transformation format of ISO 10646">[RFC3629]</cite></a>  <a href="#RFC2277" id="rfc.xref.RFC2277.1"><cite title="IETF Policy on Character Sets and Languages">[RFC2277]</cite></a>.
[92]731      </p>
[424]732      <h3 id="rfc.section.2.1.1"><a href="#rfc.section.2.1.1">2.1.1</a>&nbsp;<a id="missing.charset" href="#missing.charset">Missing Charset</a></h3>
733      <p id="rfc.section.2.1.1.p.1">Some HTTP/1.0 software has interpreted a Content-Type header without charset parameter incorrectly to mean "recipient should
[879]734         guess". Senders wishing to defeat this behavior <em class="bcp14">MAY</em> include a charset parameter even when the charset is ISO-8859-1 (<a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a>) and <em class="bcp14">SHOULD</em> do so when it is known that it will not confuse the recipient.
[211]735      </p>
[424]736      <p id="rfc.section.2.1.1.p.2">Unfortunately, some older HTTP/1.0 clients did not deal properly with an explicit charset parameter. HTTP/1.1 recipients <em class="bcp14">MUST</em> respect the charset label provided by the sender; and those user agents that have a provision to "guess" a charset <em class="bcp14">MUST</em> use the charset from the content-type field if they support that charset, rather than the recipient's preference, when initially
737         displaying a document. See <a href="#canonicalization.and.text.defaults" title="Canonicalization and Text Defaults">Section&nbsp;2.3.1</a>.
[211]738      </p>
[424]739      <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a id="content.codings" href="#content.codings">Content Codings</a></h2>
[868]740      <p id="rfc.section.2.2.p.1">Content coding values indicate an encoding transformation that has been or can be applied to a representation. Content codings
741         are primarily used to allow a representation to be compressed or otherwise usefully transformed without losing the identity
742         of its underlying media type and without loss of information. Frequently, the representation is stored in coded form, transmitted
743         directly, and only decoded by the recipient.
[52]744      </p>
[425]745      <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.2"></span>  <a href="#content.codings" class="smpl">content-coding</a>   = <a href="#core.rules" class="smpl">token</a>
[424]746</pre><p id="rfc.section.2.2.p.3">All content-coding values are case-insensitive. HTTP/1.1 uses content-coding values in the Accept-Encoding (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.1" title="Accept-Encoding">Section&nbsp;5.3</a>) and Content-Encoding (<a href="#header.content-encoding" id="rfc.xref.header.content-encoding.1" title="Content-Encoding">Section&nbsp;5.5</a>) header fields. Although the value describes the content-coding, what is more important is that it indicates what decoding
[52]747         mechanism will be required to remove the encoding.
748      </p>
[673]749      <p id="rfc.section.2.2.p.4">compress<span id="rfc.iref.c.2"></span><span id="rfc.iref.c.3"></span> 
[52]750      </p>
[729]751      <ul class="empty">
[810]752         <li>See <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.12"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>.
[729]753         </li>
754      </ul>
[673]755      <p id="rfc.section.2.2.p.5">deflate<span id="rfc.iref.d.1"></span><span id="rfc.iref.c.4"></span> 
[52]756      </p>
[729]757      <ul class="empty">
[810]758         <li>See <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.13"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>.
[729]759         </li>
760      </ul>
[673]761      <p id="rfc.section.2.2.p.6">gzip<span id="rfc.iref.g.3"></span><span id="rfc.iref.c.5"></span> 
[52]762      </p>
[729]763      <ul class="empty">
[810]764         <li>See <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.14"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>.
[729]765         </li>
766      </ul>
[673]767      <p id="rfc.section.2.2.p.7">identity<span id="rfc.iref.i.1"></span><span id="rfc.iref.c.6"></span> 
[52]768      </p>
[729]769      <ul class="empty">
770         <li>The default (identity) encoding; the use of no transformation whatsoever. This content-coding is used only in the Accept-Encoding
[52]771            header, and <em class="bcp14">SHOULD NOT</em> be used in the Content-Encoding header.
[729]772         </li>
773      </ul>
[670]774      <h3 id="rfc.section.2.2.1"><a href="#rfc.section.2.2.1">2.2.1</a>&nbsp;<a id="content.coding.registry" href="#content.coding.registry">Content Coding Registry</a></h3>
775      <p id="rfc.section.2.2.1.p.1">The HTTP Content Coding Registry defines the name space for the content coding names.</p>
776      <p id="rfc.section.2.2.1.p.2">Registrations <em class="bcp14">MUST</em> include the following fields:
[52]777      </p>
[670]778      <ul>
779         <li>Name</li>
780         <li>Description</li>
781         <li>Pointer to specification text</li>
782      </ul>
[810]783      <p id="rfc.section.2.2.1.p.3">Names of content codings <em class="bcp14">MUST NOT</em> overlap with names of transfer codings (<a href="p1-messaging.html#transfer.codings" title="Transfer Codings">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.15"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>), unless the encoding transformation is identical (as it is the case for the compression codings defined in <a href="p1-messaging.html#compression.codings" title="Compression Codings">Section 6.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.16"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>).
[808]784      </p>
[942]785      <p id="rfc.section.2.2.1.p.4">Values to be added to this name space require a specification (see "Specification Required" in <a href="http://tools.ietf.org/html/rfc5226#section-4.1">Section 4.1</a> of <a href="#RFC5226" id="rfc.xref.RFC5226.1"><cite title="Guidelines for Writing an IANA Considerations Section in RFCs">[RFC5226]</cite></a>), and <em class="bcp14">MUST</em> conform to the purpose of content coding defined in this section.
[670]786      </p>
[808]787      <p id="rfc.section.2.2.1.p.5">The registry itself is maintained at &lt;<a href="http://www.iana.org/assignments/http-parameters">http://www.iana.org/assignments/http-parameters</a>&gt;.
[670]788      </p>
[424]789      <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="media.types" href="#media.types">Media Types</a></h2>
790      <p id="rfc.section.2.3.p.1">HTTP uses Internet Media Types <a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> in the Content-Type (<a href="#header.content-type" id="rfc.xref.header.content-type.1" title="Content-Type">Section&nbsp;5.9</a>) and Accept (<a href="#header.accept" id="rfc.xref.header.accept.1" title="Accept">Section&nbsp;5.1</a>) header fields in order to provide open and extensible data typing and type negotiation.
[52]791      </p>
[425]792      <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.4"></span><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span>  <a href="#media.types" class="smpl">media-type</a> = <a href="#media.types" class="smpl">type</a> "/" <a href="#media.types" class="smpl">subtype</a> *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#rule.parameter" class="smpl">parameter</a> )
[424]793  <a href="#media.types" class="smpl">type</a>       = <a href="#core.rules" class="smpl">token</a>
794  <a href="#media.types" class="smpl">subtype</a>    = <a href="#core.rules" class="smpl">token</a>
[229]795</pre><div id="rule.parameter">
[424]796         <p id="rfc.section.2.3.p.3">      Parameters <em class="bcp14">MAY</em> follow the type/subtype in the form of attribute/value pairs.
[229]797         </p>
798      </div>
[425]799      <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span><span id="rfc.iref.g.9"></span>  <a href="#rule.parameter" class="smpl">parameter</a>      = <a href="#rule.parameter" class="smpl">attribute</a> "=" <a href="#rule.parameter" class="smpl">value</a>
[424]800  <a href="#rule.parameter" class="smpl">attribute</a>      = <a href="#core.rules" class="smpl">token</a>
[810]801  <a href="#rule.parameter" class="smpl">value</a>          = <a href="#core.rules" class="smpl">word</a>
[424]802</pre><p id="rfc.section.2.3.p.5">The type, subtype, and parameter attribute names are case-insensitive. Parameter values might or might not be case-sensitive,
[370]803         depending on the semantics of the parameter name. The presence or absence of a parameter might be significant to the processing
804         of a media-type, depending on its definition within the media type registry.
[52]805      </p>
[912]806      <p id="rfc.section.2.3.p.6">A parameter value that matches the <a href="#core.rules" class="smpl">token</a> production can be transmitted as either a token or within a quoted-string. The quoted and unquoted values are equivalent.
[297]807      </p>
[424]808      <p id="rfc.section.2.3.p.7">Note that some older HTTP applications do not recognize media type parameters. When sending data to older HTTP applications,
[52]809         implementations <em class="bcp14">SHOULD</em> only use media type parameters when they are required by that type/subtype definition.
810      </p>
[424]811      <p id="rfc.section.2.3.p.8">Media-type values are registered with the Internet Assigned Number Authority (IANA). The media type registration process is
[152]812         outlined in <a href="#RFC4288" id="rfc.xref.RFC4288.1"><cite title="Media Type Specifications and Registration Procedures">[RFC4288]</cite></a>. Use of non-registered media types is discouraged.
[52]813      </p>
[424]814      <h3 id="rfc.section.2.3.1"><a href="#rfc.section.2.3.1">2.3.1</a>&nbsp;<a id="canonicalization.and.text.defaults" href="#canonicalization.and.text.defaults">Canonicalization and Text Defaults</a></h3>
[875]815      <p id="rfc.section.2.3.1.p.1">Internet media types are registered with a canonical form. A representation transferred via HTTP messages <em class="bcp14">MUST</em> be in the appropriate canonical form prior to its transmission except for "text" types, as defined in the next paragraph.
[52]816      </p>
[424]817      <p id="rfc.section.2.3.1.p.2">When in canonical form, media subtypes of the "text" type use CRLF as the text line break. HTTP relaxes this requirement and
[52]818         allows the transport of text media with plain CR or LF alone representing a line break when it is done consistently for an
[875]819         entire representation. HTTP applications <em class="bcp14">MUST</em> accept CRLF, bare CR, and bare LF as indicating a line break in text media received via HTTP. In addition, if the text is
820         in a character encoding that does not use octets 13 and 10 for CR and LF respectively, as is the case for some multi-byte
821         character encodings, HTTP allows the use of whatever octet sequences are defined by that character encoding to represent the
822         equivalent of CR and LF for line breaks. This flexibility regarding line breaks applies only to text media in the payload
823         body; a bare CR or LF <em class="bcp14">MUST NOT</em> be substituted for CRLF within any of the HTTP control structures (such as header fields and multipart boundaries).
[52]824      </p>
[875]825      <p id="rfc.section.2.3.1.p.3">If a representation is encoded with a content-coding, the underlying data <em class="bcp14">MUST</em> be in a form defined above prior to being encoded.
[52]826      </p>
[875]827      <p id="rfc.section.2.3.1.p.4">The "charset" parameter is used with some media types to define the character encoding (<a href="#character.sets" title="Character Sets">Section&nbsp;2.1</a>) of the data. When no explicit charset parameter is provided by the sender, media subtypes of the "text" type are defined
828         to have a default charset value of "ISO-8859-1" when received via HTTP. Data in character encodings other than "ISO-8859-1"
829         or its subsets <em class="bcp14">MUST</em> be labeled with an appropriate charset value. See <a href="#missing.charset" title="Missing Charset">Section&nbsp;2.1.1</a> for compatibility problems.
[52]830      </p>
[424]831      <h3 id="rfc.section.2.3.2"><a href="#rfc.section.2.3.2">2.3.2</a>&nbsp;<a id="multipart.types" href="#multipart.types">Multipart Types</a></h3>
[875]832      <p id="rfc.section.2.3.2.p.1">MIME provides for a number of "multipart" types -- encapsulations of one or more representations within a single message-body.
833         All multipart types share a common syntax, as defined in <a href="http://tools.ietf.org/html/rfc2046#section-5.1.1">Section 5.1.1</a> of <a href="#RFC2046" id="rfc.xref.RFC2046.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>, and <em class="bcp14">MUST</em> include a boundary parameter as part of the media type value. The message body is itself a protocol element and <em class="bcp14">MUST</em> therefore use only CRLF to represent line breaks between body-parts.
[52]834      </p>
[853]835      <p id="rfc.section.2.3.2.p.2">In general, HTTP treats a multipart message-body no differently than any other media type: strictly as payload. HTTP does
836         not use the multipart boundary as an indicator of message-body length.  In all other respects, an HTTP user agent <em class="bcp14">SHOULD</em> follow the same or similar behavior as a MIME user agent would upon receipt of a multipart type. The MIME header fields within
[331]837         each body-part of a multipart message-body do not have any significance to HTTP beyond that defined by their MIME semantics.
[52]838      </p>
[853]839      <p id="rfc.section.2.3.2.p.3">If an application receives an unrecognized multipart subtype, the application <em class="bcp14">MUST</em> treat it as being equivalent to "multipart/mixed".
[52]840      </p>
[754]841      <div class="note" id="rfc.section.2.3.2.p.4"> 
[563]842         <p> <b>Note:</b> The "multipart/form-data" type has been specifically defined for carrying form data suitable for processing via the POST request
[129]843            method, as described in <a href="#RFC2388" id="rfc.xref.RFC2388.1"><cite title="Returning Values from Forms: multipart/form-data">[RFC2388]</cite></a>.
[563]844         </p> 
845      </div>
[457]846      <h2 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4</a>&nbsp;<a id="language.tags" href="#language.tags">Language Tags</a></h2>
[690]847      <p id="rfc.section.2.4.p.1">A language tag, as defined in <a href="#RFC5646" id="rfc.xref.RFC5646.1"><cite title="Tags for Identifying Languages">[RFC5646]</cite></a>, identifies a natural language spoken, written, or otherwise conveyed by human beings for communication of information to
[613]848         other human beings. Computer languages are explicitly excluded. HTTP uses language tags within the Accept-Language and Content-Language
849         fields.
[52]850      </p>
[613]851      <p id="rfc.section.2.4.p.2">In summary, a language tag is composed of one or more parts: A primary language subtag followed by a possibly empty series
852         of subtags:
[52]853      </p>
[690]854      <div id="rfc.figure.u.10"></div><pre class="inline"><span id="rfc.iref.g.10"></span>  <a href="#language.tags" class="smpl">language-tag</a> = &lt;Language-Tag, defined in <a href="#RFC5646" id="rfc.xref.RFC5646.2"><cite title="Tags for Identifying Languages">[RFC5646]</cite></a>, <a href="http://tools.ietf.org/html/rfc5646#section-2.1">Section 2.1</a>&gt;
[613]855</pre><p id="rfc.section.2.4.p.4">White space is not allowed within the tag and all tags are case-insensitive. The name space of language subtags is administered
856         by the IANA (see &lt;<a href="http://www.iana.org/assignments/language-subtag-registry">http://www.iana.org/assignments/language-subtag-registry</a>&gt;).
[52]857      </p>
[613]858      <div id="rfc.figure.u.11"></div> 
859      <p>Example tags include:</p>  <pre class="text">  en, en-US, es-419, az-Arab, x-pig-latin, man-Nkoo-GN
[690]860</pre> <p id="rfc.section.2.4.p.6">See <a href="#RFC5646" id="rfc.xref.RFC5646.3"><cite title="Tags for Identifying Languages">[RFC5646]</cite></a> for further information.
[52]861      </p>
[875]862      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="representation" href="#representation">Representation</a></h1>
[868]863      <p id="rfc.section.3.p.1">Request and Response messages <em class="bcp14">MAY</em> transfer a representation if not otherwise restricted by the request method or response status code. A representation consists
864         of entity-header fields and a representation body, although some responses will only include the entity-headers.
[52]865      </p>
[424]866      <p id="rfc.section.3.p.2">In this section, both sender and recipient refer to either the client or the server, depending on who sends and who receives
[868]867         the message.
[52]868      </p>
[424]869      <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a id="entity.header.fields" href="#entity.header.fields">Entity Header Fields</a></h2>
[875]870      <p id="rfc.section.3.1.p.1">Entity-header fields define metadata about the representation data enclosed in the message-body or, if no message-body is
871         present, about the representation that would have been transferred in a 200 response to a simultaneous GET request on the
872         Effective Request URI.
[52]873      </p>
[613]874      <div id="rfc.figure.u.12"></div><pre class="inline"><span id="rfc.iref.g.11"></span><span id="rfc.iref.g.12"></span>  <a href="#entity.header.fields" class="smpl">entity-header</a>  = <a href="#header.content-encoding" class="smpl">Content-Encoding</a>         ; <a href="#header.content-encoding" id="rfc.xref.header.content-encoding.2" title="Content-Encoding">Section&nbsp;5.5</a>
[424]875                 / <a href="#header.content-language" class="smpl">Content-Language</a>         ; <a href="#header.content-language" id="rfc.xref.header.content-language.1" title="Content-Language">Section&nbsp;5.6</a>
[810]876                 / <a href="#abnf.dependencies" class="smpl">Content-Length</a>           ; <a href="#Part1" id="rfc.xref.Part1.17"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#header.content-length" title="Content-Length">Section 9.2</a>
[424]877                 / <a href="#header.content-location" class="smpl">Content-Location</a>         ; <a href="#header.content-location" id="rfc.xref.header.content-location.1" title="Content-Location">Section&nbsp;5.7</a>
878                 / <a href="#header.content-md5" class="smpl">Content-MD5</a>              ; <a href="#header.content-md5" id="rfc.xref.header.content-md5.1" title="Content-MD5">Section&nbsp;5.8</a>
[853]879                 / <a href="#abnf.dependencies" class="smpl">Content-Range</a>            ; <a href="#Part5" id="rfc.xref.Part5.2"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a>, <a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a>
[424]880                 / <a href="#header.content-type" class="smpl">Content-Type</a>             ; <a href="#header.content-type" id="rfc.xref.header.content-type.2" title="Content-Type">Section&nbsp;5.9</a>
[538]881                 / <a href="#abnf.dependencies" class="smpl">Expires</a>                  ; <a href="#Part6" id="rfc.xref.Part6.2"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.expires" title="Expires">Section 3.3</a>
[424]882                 / <a href="#abnf.dependencies" class="smpl">Last-Modified</a>            ; <a href="#Part4" id="rfc.xref.Part4.2"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>, <a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 6.6</a>
[334]883                 / <a href="#entity.header.fields" class="smpl">extension-header</a>
[135]884 
[647]885  <a href="#entity.header.fields" class="smpl">extension-header</a> = <a href="#abnf.dependencies" class="smpl">header-field</a>
[424]886</pre><p id="rfc.section.3.1.p.3">The extension-header mechanism allows additional entity-header fields to be defined without changing the protocol, but these
[52]887         fields cannot be assumed to be recognizable by the recipient. Unrecognized header fields <em class="bcp14">SHOULD</em> be ignored by the recipient and <em class="bcp14">MUST</em> be forwarded by transparent proxies.
888      </p>
[875]889      <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="payload.body" href="#payload.body">Payload Body</a></h2>
890      <p id="rfc.section.3.2.p.1">The payload body (if any) sent with an HTTP request or response is in a format and encoding defined by the entity-header fields.</p>
891      <p id="rfc.section.3.2.p.2">A payload body is only present in a message when a message-body is present, as described in <a href="p1-messaging.html#message.body" title="Message Body">Section 3.3</a> of <a href="#Part1" id="rfc.xref.Part1.18"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. The payload body is obtained from the message-body by decoding any Transfer-Encoding that might have been applied to ensure
[52]892         safe and proper transfer of the message.
893      </p>
[424]894      <h3 id="rfc.section.3.2.1"><a href="#rfc.section.3.2.1">3.2.1</a>&nbsp;<a id="type" href="#type">Type</a></h3>
[875]895      <p id="rfc.section.3.2.1.p.1">When a payload body is included with a message, the data type of that body is determined via the header fields Content-Type
[52]896         and Content-Encoding. These define a two-layer, ordered encoding model:
897      </p>
[875]898      <div id="rfc.figure.u.13"></div><pre class="text">  payload-body := Content-Encoding( Content-Type( data ) )
899</pre><p id="rfc.section.3.2.1.p.3">Content-Type specifies the media type of the underlying data. Any HTTP/1.1 message containing a payload body <em class="bcp14">SHOULD</em> include a Content-Type header field defining the media type of that body, unless that information is unknown.
[52]900      </p>
[831]901      <p id="rfc.section.3.2.1.p.4">If the Content-Type header field is not present, it indicates that the sender does not know the media type of the data; recipients <em class="bcp14">MAY</em> either assume that it is "application/octet-stream" (<a href="#RFC2046" id="rfc.xref.RFC2046.3"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a>, <a href="http://tools.ietf.org/html/rfc2046#section-4.5.1">Section 4.5.1</a>) or examine the content to determine its type.
902      </p>
903      <p id="rfc.section.3.2.1.p.5">In practice, currently-deployed servers sometimes provide a Content-Type header which does not correctly convey the intended
904         interpretation of the content sent, with the result that some clients will examine the response body's content and override
905         the specified type.
906      </p>
[912]907      <p id="rfc.section.3.2.1.p.6">Clients that do so risk drawing incorrect conclusions, which might expose additional security risks (e.g., "privilege escalation").
[831]908         Implementers are encouraged to provide a means of disabling such "content sniffing" when it is used.
909      </p>
[912]910      <p id="rfc.section.3.2.1.p.7">Content-Encoding is used to indicate any additional content codings applied to the data, usually for the purpose of data compression,
911         that are a property of the representation. There is no default encoding.
[52]912      </p>
[424]913      <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="content.negotiation" href="#content.negotiation">Content Negotiation</a></h1>
[745]914      <p id="rfc.section.4.p.1">HTTP responses include a representation which contains information for interpretation, whether by a human user or for further
915         processing. Often, the server has different ways of representing the same information; for example, in different formats,
916         languages, or using different character encodings.
[52]917      </p>
[745]918      <p id="rfc.section.4.p.2">HTTP clients and their users might have different or variable capabilities, characteristics or preferences which would influence
919         which representation, among those available from the server, would be best for the server to deliver. For this reason, HTTP
920         provides mechanisms for "content negotiation" -- a process of allowing selection of a representation of a given resource,
921         when more than one is available.
[52]922      </p>
[745]923      <p id="rfc.section.4.p.3">This specification defines two patterns of content negotiation; "server-driven", where the server selects the representation
924         based upon the client's stated preferences, and "agent-driven" negotiation, where the server provides a list of representations
925         for the client to choose from, based upon their metadata. In addition, there are other patterns: some applications use an
926         "active content" pattern, where the server returns active content which runs on the client and, based on client available
927         parameters, selects additional resources to invoke. "Transparent Content Negotiation" (<a href="#RFC2295" id="rfc.xref.RFC2295.1"><cite title="Transparent Content Negotiation in HTTP">[RFC2295]</cite></a>) has also been proposed.
[52]928      </p>
[745]929      <p id="rfc.section.4.p.4">These patterns are all widely used, and have trade-offs in applicability and practicality. In particular, when the number
930         of preferences or capabilities to be expressed by a client are large (such as when many different formats are supported by
[912]931         a user-agent), server-driven negotiation becomes unwieldy, and might not be appropriate. Conversely, when the number of representations
932         to choose from is very large, agent-driven negotiation might not be appropriate.
[745]933      </p>
934      <p id="rfc.section.4.p.5">Note that in all cases, the supplier of representations has the responsibility for determining which representations might
935         be considered to be the "same information".
936      </p>
[424]937      <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a id="server-driven.negotiation" href="#server-driven.negotiation">Server-driven Negotiation</a></h2>
938      <p id="rfc.section.4.1.p.1">If the selection of the best representation for a response is made by an algorithm located at the server, it is called server-driven
[763]939         negotiation. Selection is based on the available representations of the response (the dimensions over which it can vary; e.g.,
[52]940         language, content-coding, etc.) and the contents of particular header fields in the request message or on other information
941         pertaining to the request (such as the network address of the client).
942      </p>
[424]943      <p id="rfc.section.4.1.p.2">Server-driven negotiation is advantageous when the algorithm for selecting from among the available representations is difficult
[52]944         to describe to the user agent, or when the server desires to send its "best guess" to the client along with the first response
945         (hoping to avoid the round-trip delay of a subsequent request if the "best guess" is good enough for the user). In order to
946         improve the server's guess, the user agent <em class="bcp14">MAY</em> include request header fields (Accept, Accept-Language, Accept-Encoding, etc.) which describe its preferences for such a response.
947      </p>
[424]948      <p id="rfc.section.4.1.p.3">Server-driven negotiation has disadvantages: </p>
[52]949      <ol>
950         <li>It is impossible for the server to accurately determine what might be "best" for any given user, since that would require
951            complete knowledge of both the capabilities of the user agent and the intended use for the response (e.g., does the user want
952            to view it on screen or print it on paper?).
953         </li>
954         <li>Having the user agent describe its capabilities in every request can be both very inefficient (given that only a small percentage
955            of responses have multiple representations) and a potential violation of the user's privacy.
956         </li>
957         <li>It complicates the implementation of an origin server and the algorithms for generating responses to a request.</li>
[912]958         <li>It might limit a public cache's ability to use the same response for multiple user's requests.</li>
[52]959      </ol>
[424]960      <p id="rfc.section.4.1.p.4">HTTP/1.1 includes the following request-header fields for enabling server-driven negotiation through description of user agent
961         capabilities and user preferences: Accept (<a href="#header.accept" id="rfc.xref.header.accept.2" title="Accept">Section&nbsp;5.1</a>), Accept-Charset (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.1" title="Accept-Charset">Section&nbsp;5.2</a>), Accept-Encoding (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.2" title="Accept-Encoding">Section&nbsp;5.3</a>), Accept-Language (<a href="#header.accept-language" id="rfc.xref.header.accept-language.1" title="Accept-Language">Section&nbsp;5.4</a>), and User-Agent (<a href="p2-semantics.html#header.user-agent" title="User-Agent">Section 9.9</a> of <a href="#Part2" id="rfc.xref.Part2.1"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). However, an origin server is not limited to these dimensions and <em class="bcp14">MAY</em> vary the response based on any aspect of the request, including information outside the request-header fields or within extension
[52]962         header fields not defined by this specification.
963      </p>
[754]964      <div class="note" id="rfc.section.4.1.p.5"> 
[745]965         <p> <b>Note:</b> In practice, User-Agent based negotiation is fragile, because new clients might not be recognized.
966         </p> 
967      </div>
968      <p id="rfc.section.4.1.p.6">The Vary header field (<a href="p6-cache.html#header.vary" title="Vary">Section 3.5</a> of <a href="#Part6" id="rfc.xref.Part6.3"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>) can be used to express the parameters the server uses to select a representation that is subject to server-driven negotiation.
[52]969      </p>
[424]970      <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a id="agent-driven.negotiation" href="#agent-driven.negotiation">Agent-driven Negotiation</a></h2>
971      <p id="rfc.section.4.2.p.1">With agent-driven negotiation, selection of the best representation for a response is performed by the user agent after receiving
[52]972         an initial response from the origin server. Selection is based on a list of the available representations of the response
[875]973         included within the header fields or body of the initial response, with each representation identified by its own URI. Selection
[912]974         from among the representations can be performed automatically (if the user agent is capable of doing so) or manually by the
[875]975         user selecting from a generated (possibly hypertext) menu.
[52]976      </p>
[424]977      <p id="rfc.section.4.2.p.2">Agent-driven negotiation is advantageous when the response would vary over commonly-used dimensions (such as type, language,
[52]978         or encoding), when the origin server is unable to determine a user agent's capabilities from examining the request, and generally
979         when public caches are used to distribute server load and reduce network usage.
980      </p>
[424]981      <p id="rfc.section.4.2.p.3">Agent-driven negotiation suffers from the disadvantage of needing a second request to obtain the best alternate representation.
[52]982         This second request is only efficient when caching is used. In addition, this specification does not define any mechanism
983         for supporting automatic selection, though it also does not prevent any such mechanism from being developed as an extension
984         and used within HTTP/1.1.
985      </p>
[745]986      <p id="rfc.section.4.2.p.4">This specification defines the 300 (Multiple Choices) and 406 (Not Acceptable) status codes for enabling agent-driven negotiation
987         when the server is unwilling or unable to provide a varying response using server-driven negotiation.
[52]988      </p>
[424]989      <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="header.fields" href="#header.fields">Header Field Definitions</a></h1>
990      <p id="rfc.section.5.p.1">This section defines the syntax and semantics of HTTP/1.1 header fields related to the payload of messages.</p>
991      <p id="rfc.section.5.p.2">For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who
[868]992         receives the message.
[52]993      </p>
994      <div id="rfc.iref.a.1"></div>
995      <div id="rfc.iref.h.1"></div>
[424]996      <h2 id="rfc.section.5.1"><a href="#rfc.section.5.1">5.1</a>&nbsp;<a id="header.accept" href="#header.accept">Accept</a></h2>
[698]997      <p id="rfc.section.5.1.p.1">The "Accept" request-header field can be used by user agents to specify response media types that are acceptable. Accept headers
998         can be used to indicate that the request is specifically limited to a small set of desired types, as in the case of a request
999         for an in-line image.
[52]1000      </p>
[875]1001      <div id="rfc.figure.u.14"></div><pre class="inline"><span id="rfc.iref.g.13"></span><span id="rfc.iref.g.14"></span><span id="rfc.iref.g.15"></span><span id="rfc.iref.g.16"></span><span id="rfc.iref.g.17"></span>  <a href="#header.accept" class="smpl">Accept</a>   = "Accept" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.accept" class="smpl">Accept-v</a>
[357]1002  <a href="#header.accept" class="smpl">Accept-v</a> = #( <a href="#header.accept" class="smpl">media-range</a> [ <a href="#header.accept" class="smpl">accept-params</a> ] )
[135]1003 
[229]1004  <a href="#header.accept" class="smpl">media-range</a>    = ( "*/*"
[334]1005                   / ( <a href="#media.types" class="smpl">type</a> "/" "*" )
1006                   / ( <a href="#media.types" class="smpl">type</a> "/" <a href="#media.types" class="smpl">subtype</a> )
[424]1007                   ) *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#rule.parameter" class="smpl">parameter</a> )
[457]1008  <a href="#header.accept" class="smpl">accept-params</a>  = <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> "q=" <a href="#abnf.dependencies" class="smpl">qvalue</a> *( <a href="#header.accept" class="smpl">accept-ext</a> )
[424]1009  <a href="#header.accept" class="smpl">accept-ext</a>     = <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#core.rules" class="smpl">token</a>
[810]1010                   [ "=" <a href="#core.rules" class="smpl">word</a> ]
[424]1011</pre><p id="rfc.section.5.1.p.3">The asterisk "*" character is used to group media types into ranges, with "*/*" indicating all media types and "type/*" indicating
[52]1012         all subtypes of that type. The media-range <em class="bcp14">MAY</em> include media type parameters that are applicable to that range.
1013      </p>
[424]1014      <p id="rfc.section.5.1.p.4">Each media-range <em class="bcp14">MAY</em> be followed by one or more accept-params, beginning with the "q" parameter for indicating a relative quality factor. The first
[52]1015         "q" parameter (if any) separates the media-range parameter(s) from the accept-params. Quality factors allow the user or user
[853]1016         agent to indicate the relative degree of preference for that media-range, using the qvalue scale from 0 to 1 (<a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.19"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). The default value is q=1.
[52]1017      </p>
[754]1018      <div class="note" id="rfc.section.5.1.p.5"> 
[563]1019         <p> <b>Note:</b> Use of the "q" parameter name to separate media type parameters from Accept extension parameters is due to historical practice.
[52]1020            Although this prevents any media type parameter named "q" from being used with a media range, such an event is believed to
1021            be unlikely given the lack of any "q" parameters in the IANA media type registry and the rare usage of any media type parameters
1022            in Accept. Future media types are discouraged from registering any parameter named "q".
[563]1023         </p> 
1024      </div>
1025      <p id="rfc.section.5.1.p.6">The example</p>
[875]1026      <div id="rfc.figure.u.15"></div><pre class="text">  Accept: audio/*; q=0.2, audio/basic
[563]1027</pre><p id="rfc.section.5.1.p.8"> <em class="bcp14">SHOULD</em> be interpreted as "I prefer audio/basic, but send me any audio type if it is the best available after an 80% mark-down in
[879]1028         quality".
[52]1029      </p>
[563]1030      <p id="rfc.section.5.1.p.9">If no Accept header field is present, then it is assumed that the client accepts all media types. If an Accept header field
[52]1031         is present, and if the server cannot send a response which is acceptable according to the combined Accept field value, then
[137]1032         the server <em class="bcp14">SHOULD</em> send a 406 (Not Acceptable) response.
[52]1033      </p>
[563]1034      <p id="rfc.section.5.1.p.10">A more elaborate example is</p>
[875]1035      <div id="rfc.figure.u.16"></div><pre class="text">  Accept: text/plain; q=0.5, text/html,
[357]1036          text/x-dvi; q=0.8, text/x-c
[563]1037</pre><p id="rfc.section.5.1.p.12">Verbally, this would be interpreted as "text/html and text/x-c are the preferred media types, but if they do not exist, then
[879]1038         send the text/x-dvi representation, and if that does not exist, send the text/plain representation".
[52]1039      </p>
[563]1040      <p id="rfc.section.5.1.p.13">Media ranges can be overridden by more specific media ranges or specific media types. If more than one media range applies
[52]1041         to a given type, the most specific reference has precedence. For example,
1042      </p>
[875]1043      <div id="rfc.figure.u.17"></div><pre class="text">  Accept: text/*, text/html, text/html;level=1, */*
[563]1044</pre><p id="rfc.section.5.1.p.15">have the following precedence: </p>
[459]1045      <ol>
1046         <li>text/html;level=1</li>
1047         <li>text/html</li>
1048         <li>text/*</li>
1049         <li>*/*</li>
1050      </ol>
[563]1051      <p id="rfc.section.5.1.p.16">The media type quality factor associated with a given type is determined by finding the media range with the highest precedence
[52]1052         which matches that type. For example,
1053      </p>
[875]1054      <div id="rfc.figure.u.18"></div><pre class="text">  Accept: text/*;q=0.3, text/html;q=0.7, text/html;level=1,
[357]1055          text/html;level=2;q=0.4, */*;q=0.5
[563]1056</pre><p id="rfc.section.5.1.p.18">would cause the following values to be associated:</p>
[459]1057      <div id="rfc.table.u.1">
[663]1058         <table class="tt full left" cellpadding="3" cellspacing="0">
[459]1059            <thead>
1060               <tr>
1061                  <th>Media Type</th>
1062                  <th>Quality Value</th>
1063               </tr>
1064            </thead>
1065            <tbody>
1066               <tr>
[704]1067                  <td class="left">text/html;level=1</td>
1068                  <td class="left">1</td>
[459]1069               </tr>
1070               <tr>
[704]1071                  <td class="left">text/html</td>
1072                  <td class="left">0.7</td>
[459]1073               </tr>
1074               <tr>
[704]1075                  <td class="left">text/plain</td>
1076                  <td class="left">0.3</td>
[459]1077               </tr>
1078               <tr>
[704]1079                  <td class="left">image/jpeg</td>
1080                  <td class="left">0.5</td>
[459]1081               </tr>
1082               <tr>
[704]1083                  <td class="left">text/html;level=2</td>
1084                  <td class="left">0.4</td>
[459]1085               </tr>
1086               <tr>
[704]1087                  <td class="left">text/html;level=3</td>
1088                  <td class="left">0.7</td>
[459]1089               </tr>
1090            </tbody>
1091         </table>
1092      </div>
[563]1093      <p id="rfc.section.5.1.p.19"> <b>Note:</b> A user agent might be provided with a default set of quality values for certain media ranges. However, unless the user agent
[52]1094         is a closed system which cannot interact with other rendering agents, this default set ought to be configurable by the user.
1095      </p>
1096      <div id="rfc.iref.a.2"></div>
1097      <div id="rfc.iref.h.2"></div>
[424]1098      <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a>&nbsp;<a id="header.accept-charset" href="#header.accept-charset">Accept-Charset</a></h2>
[698]1099      <p id="rfc.section.5.2.p.1">The "Accept-Charset" request-header field can be used by user agents to indicate what response character sets are acceptable.
1100         This field allows clients capable of understanding more comprehensive or special-purpose character sets to signal that capability
[52]1101         to a server which is capable of representing documents in those character sets.
1102      </p>
[875]1103      <div id="rfc.figure.u.19"></div><pre class="inline"><span id="rfc.iref.g.18"></span><span id="rfc.iref.g.19"></span>  <a href="#header.accept-charset" class="smpl">Accept-Charset</a>   = "Accept-Charset" ":" <a href="#core.rules" class="smpl">OWS</a>
[357]1104          <a href="#header.accept-charset" class="smpl">Accept-Charset-v</a>
[376]1105  <a href="#header.accept-charset" class="smpl">Accept-Charset-v</a> = 1#( ( <a href="#rule.charset" class="smpl">charset</a> / "*" )
[457]1106                         [ <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> "q=" <a href="#abnf.dependencies" class="smpl">qvalue</a> ] )
[424]1107</pre><p id="rfc.section.5.2.p.3">Character set values are described in <a href="#character.sets" title="Character Sets">Section&nbsp;2.1</a>. Each charset <em class="bcp14">MAY</em> be given an associated quality value which represents the user's preference for that charset. The default value is q=1. An
[52]1108         example is
1109      </p>
[875]1110      <div id="rfc.figure.u.20"></div><pre class="text">  Accept-Charset: iso-8859-5, unicode-1-1;q=0.8
[424]1111</pre><p id="rfc.section.5.2.p.5">The special value "*", if present in the Accept-Charset field, matches every character set (including ISO-8859-1) which is
[52]1112         not mentioned elsewhere in the Accept-Charset field. If no "*" is present in an Accept-Charset field, then all character sets
1113         not explicitly mentioned get a quality value of 0, except for ISO-8859-1, which gets a quality value of 1 if not explicitly
1114         mentioned.
1115      </p>
[424]1116      <p id="rfc.section.5.2.p.6">If no Accept-Charset header is present, the default is that any character set is acceptable. If an Accept-Charset header is
[137]1117         present, and if the server cannot send a response which is acceptable according to the Accept-Charset header, then the server <em class="bcp14">SHOULD</em> send an error response with the 406 (Not Acceptable) status code, though the sending of an unacceptable response is also allowed.
[52]1118      </p>
1119      <div id="rfc.iref.a.3"></div>
1120      <div id="rfc.iref.h.3"></div>
[424]1121      <h2 id="rfc.section.5.3"><a href="#rfc.section.5.3">5.3</a>&nbsp;<a id="header.accept-encoding" href="#header.accept-encoding">Accept-Encoding</a></h2>
[698]1122      <p id="rfc.section.5.3.p.1">The "Accept-Encoding" request-header field can be used by user agents to indicate what response content-codings (<a href="#content.codings" title="Content Codings">Section&nbsp;2.2</a>) are acceptable in the response.
[52]1123      </p>
[875]1124      <div id="rfc.figure.u.21"></div><pre class="inline"><span id="rfc.iref.g.20"></span><span id="rfc.iref.g.21"></span><span id="rfc.iref.g.22"></span>  <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a>    = "Accept-Encoding" ":" <a href="#core.rules" class="smpl">OWS</a>
[357]1125                     <a href="#header.accept-encoding" class="smpl">Accept-Encoding-v</a>
1126  <a href="#header.accept-encoding" class="smpl">Accept-Encoding-v</a>  =
[457]1127                     #( <a href="#header.accept-encoding" class="smpl">codings</a> [ <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> "q=" <a href="#abnf.dependencies" class="smpl">qvalue</a> ] )
[357]1128  <a href="#header.accept-encoding" class="smpl">codings</a>            = ( <a href="#content.codings" class="smpl">content-coding</a> / "*" )
[424]1129</pre><p id="rfc.section.5.3.p.3">Each codings value <em class="bcp14">MAY</em> be given an associated quality value which represents the preference for that encoding. The default value is q=1.
[248]1130      </p>
[424]1131      <p id="rfc.section.5.3.p.4">Examples of its use are:</p>
[875]1132      <div id="rfc.figure.u.22"></div><pre class="text">  Accept-Encoding: compress, gzip
[357]1133  Accept-Encoding:
1134  Accept-Encoding: *
1135  Accept-Encoding: compress;q=0.5, gzip;q=1.0
1136  Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0
[424]1137</pre><p id="rfc.section.5.3.p.6">A server tests whether a content-coding is acceptable, according to an Accept-Encoding field, using these rules: </p>
[97]1138      <ol>
1139         <li>If the content-coding is one of the content-codings listed in the Accept-Encoding field, then it is acceptable, unless it
[879]1140            is accompanied by a qvalue of 0. (As defined in <a href="p1-messaging.html#quality.values" title="Quality Values">Section 6.4</a> of <a href="#Part1" id="rfc.xref.Part1.20"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, a qvalue of 0 means "not acceptable".)
[97]1141         </li>
1142         <li>The special "*" symbol in an Accept-Encoding field matches any available content-coding not explicitly listed in the header
1143            field.
1144         </li>
1145         <li>If multiple content-codings are acceptable, then the acceptable content-coding with the highest non-zero qvalue is preferred.</li>
1146         <li>The "identity" content-coding is always acceptable, unless specifically refused because the Accept-Encoding field includes
1147            "identity;q=0", or because the field includes "*;q=0" and does not explicitly include the "identity" content-coding. If the
1148            Accept-Encoding field-value is empty, then only the "identity" encoding is acceptable.
1149         </li>
1150      </ol>
[424]1151      <p id="rfc.section.5.3.p.7">If an Accept-Encoding field is present in a request, and if the server cannot send a response which is acceptable according
[97]1152         to the Accept-Encoding header, then the server <em class="bcp14">SHOULD</em> send an error response with the 406 (Not Acceptable) status code.
1153      </p>
[424]1154      <p id="rfc.section.5.3.p.8">If no Accept-Encoding field is present in a request, the server <em class="bcp14">MAY</em> assume that the client will accept any content coding. In this case, if "identity" is one of the available content-codings,
[97]1155         then the server <em class="bcp14">SHOULD</em> use the "identity" content-coding, unless it has additional information that a different content-coding is meaningful to the
[563]1156         client.
[97]1157      </p>
[754]1158      <div class="note" id="rfc.section.5.3.p.9"> 
[563]1159         <p> <b>Note:</b> If the request does not include an Accept-Encoding field, and if the "identity" content-coding is unavailable, then content-codings
[97]1160            commonly understood by HTTP/1.0 clients (i.e., "gzip" and "compress") are preferred; some older clients improperly display
1161            messages sent with other content-codings. The server might also make this decision based on information about the particular
1162            user-agent or client.
[563]1163         </p> 
1164      </div>
[754]1165      <div class="note" id="rfc.section.5.3.p.10"> 
[563]1166         <p> <b>Note:</b> Most HTTP/1.0 applications do not recognize or obey qvalues associated with content-codings. This means that qvalues will
[97]1167            not work and are not permitted with x-gzip or x-compress.
[563]1168         </p> 
1169      </div>
[97]1170      <div id="rfc.iref.a.4"></div>
1171      <div id="rfc.iref.h.4"></div>
[424]1172      <h2 id="rfc.section.5.4"><a href="#rfc.section.5.4">5.4</a>&nbsp;<a id="header.accept-language" href="#header.accept-language">Accept-Language</a></h2>
[698]1173      <p id="rfc.section.5.4.p.1">The "Accept-Language" request-header field can be used by user agents to indicate the set of natural languages that are preferred
1174         in the response. Language tags are defined in <a href="#language.tags" title="Language Tags">Section&nbsp;2.4</a>.
[97]1175      </p>
[875]1176      <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.23"></span><span id="rfc.iref.g.24"></span><span id="rfc.iref.g.25"></span>  <a href="#header.accept-language" class="smpl">Accept-Language</a>   = "Accept-Language" ":" <a href="#core.rules" class="smpl">OWS</a>
[357]1177                    <a href="#header.accept-language" class="smpl">Accept-Language-v</a>
1178  <a href="#header.accept-language" class="smpl">Accept-Language-v</a> =
[457]1179                    1#( <a href="#header.accept-language" class="smpl">language-range</a> [ <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> "q=" <a href="#abnf.dependencies" class="smpl">qvalue</a> ] )
[357]1180  <a href="#header.accept-language" class="smpl">language-range</a>    =
[303]1181            &lt;language-range, defined in <a href="#RFC4647" id="rfc.xref.RFC4647.1"><cite title="Matching of Language Tags">[RFC4647]</cite></a>, <a href="http://tools.ietf.org/html/rfc4647#section-2.1">Section 2.1</a>&gt;
[424]1182</pre><p id="rfc.section.5.4.p.3">Each language-range can be given an associated quality value which represents an estimate of the user's preference for the
[303]1183         languages specified by that range. The quality value defaults to "q=1". For example,
[97]1184      </p>
[875]1185      <div id="rfc.figure.u.24"></div><pre class="text">  Accept-Language: da, en-gb;q=0.8, en;q=0.7
[879]1186</pre><p id="rfc.section.5.4.p.5">would mean: "I prefer Danish, but will accept British English and other types of English". (see also <a href="http://tools.ietf.org/html/rfc4647#section-2.3">Section 2.3</a> of <a href="#RFC4647" id="rfc.xref.RFC4647.2"><cite title="Matching of Language Tags">[RFC4647]</cite></a>)
[97]1187      </p>
[724]1188      <p id="rfc.section.5.4.p.6">For matching, <a href="http://tools.ietf.org/html/rfc4647#section-3">Section 3</a> of <a href="#RFC4647" id="rfc.xref.RFC4647.3"><cite title="Matching of Language Tags">[RFC4647]</cite></a> defines several matching schemes. Implementations can offer the most appropriate matching scheme for their requirements.
[303]1189      </p>
[754]1190      <div class="note" id="rfc.section.5.4.p.7"> 
[756]1191         <p> <b>Note:</b> The "Basic Filtering" scheme (<a href="#RFC4647" id="rfc.xref.RFC4647.4"><cite title="Matching of Language Tags">[RFC4647]</cite></a>, <a href="http://tools.ietf.org/html/rfc4647#section-3.3.1">Section 3.3.1</a>) is identical to the matching scheme that was previously defined in <a href="http://tools.ietf.org/html/rfc2616#section-14.4">Section 14.4</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>.
[563]1192         </p> 
1193      </div>
[724]1194      <p id="rfc.section.5.4.p.8">It might be contrary to the privacy expectations of the user to send an Accept-Language header with the complete linguistic
[424]1195         preferences of the user in every request. For a discussion of this issue, see <a href="#privacy.issues.connected.to.accept.headers" title="Privacy Issues Connected to Accept Headers">Section&nbsp;7.1</a>.
[97]1196      </p>
[724]1197      <p id="rfc.section.5.4.p.9">As intelligibility is highly dependent on the individual user, it is recommended that client applications make the choice
[563]1198         of linguistic preference available to the user. If the choice is not made available, then the Accept-Language header field <em class="bcp14">MUST NOT</em> be given in the request.
[97]1199      </p>
[754]1200      <div class="note" id="rfc.section.5.4.p.10"> 
[563]1201         <p> <b>Note:</b> When making the choice of linguistic preference available to the user, we remind implementors of the fact that users are not
[97]1202            familiar with the details of language matching as described above, and should provide appropriate guidance. As an example,
1203            users might assume that on selecting "en-gb", they will be served any kind of English document if British English is not available.
1204            A user agent might suggest in such a case to add "en" to get the best matching behavior.
[563]1205         </p> 
1206      </div>
[673]1207      <div id="rfc.iref.c.7"></div>
[97]1208      <div id="rfc.iref.h.5"></div>
[424]1209      <h2 id="rfc.section.5.5"><a href="#rfc.section.5.5">5.5</a>&nbsp;<a id="header.content-encoding" href="#header.content-encoding">Content-Encoding</a></h2>
[868]1210      <p id="rfc.section.5.5.p.1">The "Content-Encoding" entity-header field indicates what content-codings have been applied to the representation, and thus
1211         what decoding mechanisms must be applied in order to obtain the media-type referenced by the Content-Type header field. Content-Encoding
1212         is primarily used to allow a representation to be compressed without losing the identity of its underlying media type.
[97]1213      </p>
[875]1214      <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.26"></span><span id="rfc.iref.g.27"></span>  <a href="#header.content-encoding" class="smpl">Content-Encoding</a>   = "Content-Encoding" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.content-encoding" class="smpl">Content-Encoding-v</a>
[357]1215  <a href="#header.content-encoding" class="smpl">Content-Encoding-v</a> = 1#<a href="#content.codings" class="smpl">content-coding</a>
[424]1216</pre><p id="rfc.section.5.5.p.3">Content codings are defined in <a href="#content.codings" title="Content Codings">Section&nbsp;2.2</a>. An example of its use is
[97]1217      </p>
[875]1218      <div id="rfc.figure.u.26"></div><pre class="text">  Content-Encoding: gzip
[868]1219</pre><p id="rfc.section.5.5.p.5">The content-coding is a characteristic of the representation. Typically, the representation body is stored with this encoding
1220         and is only decoded before rendering or analogous usage. However, a non-transparent proxy <em class="bcp14">MAY</em> modify the content-coding if the new coding is known to be acceptable to the recipient, unless the "no-transform" cache-control
[97]1221         directive is present in the message.
1222      </p>
[868]1223      <p id="rfc.section.5.5.p.6">If the content-coding of a representation is not "identity", then the representation metadata <em class="bcp14">MUST</em> include a Content-Encoding header field (<a href="#header.content-encoding" id="rfc.xref.header.content-encoding.3" title="Content-Encoding">Section&nbsp;5.5</a>) that lists the non-identity content-coding(s) used.
[97]1224      </p>
[875]1225      <p id="rfc.section.5.5.p.7">If the content-coding of a representation in a request message is not acceptable to the origin server, the server <em class="bcp14">SHOULD</em> respond with a status code of 415 (Unsupported Media Type).
[97]1226      </p>
[868]1227      <p id="rfc.section.5.5.p.8">If multiple encodings have been applied to a representation, the content codings <em class="bcp14">MUST</em> be listed in the order in which they were applied. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other header fields not defined by this specification.
[97]1228      </p>
[673]1229      <div id="rfc.iref.c.8"></div>
[97]1230      <div id="rfc.iref.h.6"></div>
[424]1231      <h2 id="rfc.section.5.6"><a href="#rfc.section.5.6">5.6</a>&nbsp;<a id="header.content-language" href="#header.content-language">Content-Language</a></h2>
[868]1232      <p id="rfc.section.5.6.p.1">The "Content-Language" entity-header field describes the natural language(s) of the intended audience for the representation.
[875]1233         Note that this might not be equivalent to all the languages used within the representation.
[97]1234      </p>
[875]1235      <div id="rfc.figure.u.27"></div><pre class="inline"><span id="rfc.iref.g.28"></span><span id="rfc.iref.g.29"></span>  <a href="#header.content-language" class="smpl">Content-Language</a>   = "Content-Language" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.content-language" class="smpl">Content-Language-v</a>
[357]1236  <a href="#header.content-language" class="smpl">Content-Language-v</a> = 1#<a href="#language.tags" class="smpl">language-tag</a>
[868]1237</pre><p id="rfc.section.5.6.p.3">Language tags are defined in <a href="#language.tags" title="Language Tags">Section&nbsp;2.4</a>. The primary purpose of Content-Language is to allow a user to identify and differentiate representations according to the
1238         user's own preferred language. Thus, if the body content is intended only for a Danish-literate audience, the appropriate
1239         field is
[97]1240      </p>
[875]1241      <div id="rfc.figure.u.28"></div><pre class="text">  Content-Language: da
[424]1242</pre><p id="rfc.section.5.6.p.5">If no Content-Language is specified, the default is that the content is intended for all language audiences. This might mean
[97]1243         that the sender does not consider it to be specific to any natural language, or that the sender does not know for which language
1244         it is intended.
1245      </p>
[879]1246      <p id="rfc.section.5.6.p.6">Multiple languages <em class="bcp14">MAY</em> be listed for content that is intended for multiple audiences. For example, a rendition of the "Treaty of Waitangi", presented
[97]1247         simultaneously in the original Maori and English versions, would call for
1248      </p>
[875]1249      <div id="rfc.figure.u.29"></div><pre class="text">  Content-Language: mi, en
[868]1250</pre><p id="rfc.section.5.6.p.8">However, just because multiple languages are present within a representation does not mean that it is intended for multiple
[879]1251         linguistic audiences. An example would be a beginner's language primer, such as "A First Lesson in Latin", which is clearly
[868]1252         intended to be used by an English-literate audience. In this case, the Content-Language would properly only include "en".
[97]1253      </p>
[424]1254      <p id="rfc.section.5.6.p.9">Content-Language <em class="bcp14">MAY</em> be applied to any media type -- it is not limited to textual documents.
[97]1255      </p>
[673]1256      <div id="rfc.iref.c.9"></div>
[97]1257      <div id="rfc.iref.h.7"></div>
[424]1258      <h2 id="rfc.section.5.7"><a href="#rfc.section.5.7">5.7</a>&nbsp;<a id="header.content-location" href="#header.content-location">Content-Location</a></h2>
[857]1259      <p id="rfc.section.5.7.p.1">The "Content-Location" header field supplies a URI that can be used as a specific identifier for the representation in this
1260         message. In other words, if one were to perform a GET on this URI at the time of this message's generation, then a 200 response
1261         would contain the same representation that is enclosed as payload in this message.
[698]1262      </p>
[875]1263      <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.30"></span><span id="rfc.iref.g.31"></span>  <a href="#header.content-location" class="smpl">Content-Location</a>   = "Content-Location" ":" <a href="#core.rules" class="smpl">OWS</a>
[357]1264                    <a href="#header.content-location" class="smpl">Content-Location-v</a>
1265  <a href="#header.content-location" class="smpl">Content-Location-v</a> =
[391]1266                    <a href="#abnf.dependencies" class="smpl">absolute-URI</a> / <a href="#abnf.dependencies" class="smpl">partial-URI</a>
[868]1267</pre><p id="rfc.section.5.7.p.3">The Content-Location value is not a replacement for the Effective Request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.21"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It is representation metadata. It has the same syntax and semantics as the header field of the same name defined for MIME
[857]1268         body parts in <a href="http://tools.ietf.org/html/rfc2557#section-4">Section 4</a> of <a href="#RFC2557" id="rfc.xref.RFC2557.1"><cite title="MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)">[RFC2557]</cite></a>. However, its appearance in an HTTP message has some special implications for HTTP recipients.
[97]1269      </p>
[857]1270      <p id="rfc.section.5.7.p.4">If Content-Location is included in a response message and its value is the same as the Effective Request URI, then the response
1271         payload <em class="bcp14">SHOULD</em> be considered the current representation of that resource. For a GET or HEAD request, this is the same as the default semantics
1272         when no Content-Location is provided by the server. For a state-changing method like PUT or POST, it implies that the server's
1273         response contains the new representation of that resource, thereby distinguishing it from representations that might only
1274         report about the action (e.g., "It worked!"). This allows authoring applications to update their local copies without the
1275         need for a subsequent GET request.
[716]1276      </p>
[857]1277      <p id="rfc.section.5.7.p.5">If Content-Location is included in a response message and its value differs from the Effective Request URI, then the origin
1278         server is informing recipients that this representation has its own, presumably more specific, identifier. For a GET or HEAD
1279         request, this is an indication that the Effective Request URI identifies a resource that is subject to content negotiation
1280         and the representation selected for this response can also be found at the identified URI. For other methods, such a Content-Location
1281         indicates that this representation contains a report on the action's status and the same report is available (for future access
[912]1282         with GET) at the given URI. For example, a purchase transaction made via the POST method might include a receipt document
1283         as the payload of the 200 response; the Content-Location value provides an identifier for retrieving a copy of that same receipt
[857]1284         in the future.
[97]1285      </p>
[857]1286      <p id="rfc.section.5.7.p.6">If Content-Location is included in a request message, then it <em class="bcp14">MAY</em> be interpreted by the origin server as an indication of where the user agent originally obtained the content of the enclosed
1287         representation (prior to any subsequent modification of the content by that user agent). In other words, the user agent is
1288         providing the same representation metadata that it received with the original representation. However, such interpretation <em class="bcp14">MUST NOT</em> be used to alter the semantics of the method requested by the client. For example, if a client makes a PUT request on a negotiated
1289         resource and the origin server accepts that PUT (without redirection), then the new set of values for that resource is expected
1290         to be consistent with the one representation supplied in that PUT; the Content-Location cannot be used as a form of reverse
1291         content selection that identifies only one of the negotiated representations to be updated. If the user agent had wanted the
1292         latter semantics, it would have applied the PUT directly to the Content-Location URI.
1293      </p>
1294      <p id="rfc.section.5.7.p.7">A Content-Location field received in a request message is transitory information that <em class="bcp14">SHOULD NOT</em> be saved with other representation metadata for use in later responses. The Content-Location's value might be saved for use
1295         in other contexts, such as within source links or other metadata.
1296      </p>
1297      <p id="rfc.section.5.7.p.8">A cache cannot assume that a representation with a Content-Location different from the URI used to retrieve it can be used
1298         to respond to later requests on that Content-Location URI.
1299      </p>
1300      <p id="rfc.section.5.7.p.9">If the Content-Location value is a partial URI, it is interpreted relative to the Effective Request URI.</p>
[673]1301      <div id="rfc.iref.c.10"></div>
[97]1302      <div id="rfc.iref.h.8"></div>
[424]1303      <h2 id="rfc.section.5.8"><a href="#rfc.section.5.8">5.8</a>&nbsp;<a id="header.content-md5" href="#header.content-md5">Content-MD5</a></h2>
[875]1304      <p id="rfc.section.5.8.p.1">The "Content-MD5" entity-header field, as defined in <a href="#RFC1864" id="rfc.xref.RFC1864.1"><cite title="The Content-MD5 Header Field">[RFC1864]</cite></a>, is an MD5 digest of the payload body that provides an end-to-end message integrity check (MIC) of the payload body (the
1305         message-body after any transfer-coding is decoded). Note that a MIC is good for detecting accidental modification of the payload
1306         body in transit, but is not proof against malicious attacks.
[97]1307      </p>
[875]1308      <div id="rfc.figure.u.31"></div><pre class="inline"><span id="rfc.iref.g.32"></span><span id="rfc.iref.g.33"></span>  <a href="#header.content-md5" class="smpl">Content-MD5</a>   = "Content-MD5" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.content-md5" class="smpl">Content-MD5-v</a>
[357]1309  <a href="#header.content-md5" class="smpl">Content-MD5-v</a> = &lt;base64 of 128 bit MD5 digest as per <a href="#RFC1864" id="rfc.xref.RFC1864.2"><cite title="The Content-MD5 Header Field">[RFC1864]</cite></a>&gt;
[875]1310</pre><p id="rfc.section.5.8.p.3">The Content-MD5 header field <em class="bcp14">MAY</em> be generated by an origin server or client to function as an integrity check of the payload body. Only origin servers or user
1311         agents <em class="bcp14">MAY</em> generate the Content-MD5 header field; proxies and gateways <em class="bcp14">MUST NOT</em> generate it, as this would defeat its value as an end-to-end integrity check. Any recipient <em class="bcp14">MAY</em> check that the digest value in this header field matches a corresponding digest calculated on payload body as received.
[97]1312      </p>
[875]1313      <p id="rfc.section.5.8.p.4">The MD5 digest is computed based on the content of the payload body, including any content-coding, but not including any transfer-coding
1314         applied to the message-body because such transfer-codings might be applied or removed anywhere along the request/response
1315         chain. If the message is received with a transfer-coding, that encoding <em class="bcp14">MUST</em> be decoded prior to checking the Content-MD5 value against the received payload.
[97]1316      </p>
[875]1317      <p id="rfc.section.5.8.p.5">HTTP extends RFC 1864 to permit the digest to be computed for MIME composite media-types (e.g., multipart/* and message/rfc822),
[97]1318         but this does not change how the digest is computed as defined in the preceding paragraph.
1319      </p>
[875]1320      <p id="rfc.section.5.8.p.6">There are several consequences of this. The payload for composite types <em class="bcp14">MAY</em> contain many body-parts, each with its own MIME and HTTP headers (including Content-MD5, Content-Transfer-Encoding, and Content-Encoding
[97]1321         headers). If a body-part has a Content-Transfer-Encoding or Content-Encoding header, it is assumed that the content of the
1322         body-part has had the encoding applied, and the body-part is included in the Content-MD5 digest as is -- i.e., after the application.
1323         The Transfer-Encoding header field is not allowed within body-parts.
1324      </p>
[875]1325      <p id="rfc.section.5.8.p.7">Conversion of all line breaks to CRLF <em class="bcp14">MUST NOT</em> be done before computing or checking the digest: the line break convention used in the text actually transmitted <em class="bcp14">MUST</em> be left unaltered when computing the digest.
[97]1326      </p>
[875]1327      <div class="note" id="rfc.section.5.8.p.8"> 
[756]1328         <p> <b>Note:</b> While the definition of Content-MD5 is exactly the same for HTTP as in RFC 1864 for MIME entity-bodies, there are several
[97]1329            ways in which the application of Content-MD5 to HTTP entity-bodies differs from its application to MIME entity-bodies. One
1330            is that HTTP, unlike MIME, does not use Content-Transfer-Encoding, and does use Transfer-Encoding and Content-Encoding. Another
1331            is that HTTP more frequently uses binary content types than MIME, so it is worth noting that, in such cases, the byte order
1332            used to compute the digest is the transmission byte order defined for the type. Lastly, HTTP allows transmission of text types
1333            with any of several line break conventions and not just the canonical form using CRLF.
[563]1334         </p> 
1335      </div>
[673]1336      <div id="rfc.iref.c.11"></div>
[97]1337      <div id="rfc.iref.h.9"></div>
[424]1338      <h2 id="rfc.section.5.9"><a href="#rfc.section.5.9">5.9</a>&nbsp;<a id="header.content-type" href="#header.content-type">Content-Type</a></h2>
[875]1339      <p id="rfc.section.5.9.p.1">The "Content-Type" entity-header field indicates the media type of the representation. In the case of responses to the HEAD
1340         method, the media type is that which would have been sent had the request been a GET.
[97]1341      </p>
[875]1342      <div id="rfc.figure.u.32"></div><pre class="inline"><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span>  <a href="#header.content-type" class="smpl">Content-Type</a>   = "Content-Type" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.content-type" class="smpl">Content-Type-v</a>
[357]1343  <a href="#header.content-type" class="smpl">Content-Type-v</a> = <a href="#media.types" class="smpl">media-type</a>
[424]1344</pre><p id="rfc.section.5.9.p.3">Media types are defined in <a href="#media.types" title="Media Types">Section&nbsp;2.3</a>. An example of the field is
[97]1345      </p>
[875]1346      <div id="rfc.figure.u.33"></div><pre class="text">  Content-Type: text/html; charset=ISO-8859-4
1347</pre><p id="rfc.section.5.9.p.5">Further discussion of methods for identifying the media type of a representation is provided in <a href="#type" title="Type">Section&nbsp;3.2.1</a>.
[97]1348      </p>
[424]1349      <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;<a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1>
[923]1350      <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;<a id="header.field.registration" href="#header.field.registration">Header Field Registration</a></h2>
1351      <p id="rfc.section.6.1.p.1">The Message Header Field Registry located at &lt;<a href="http://www.iana.org/assignments/message-headers/message-header-index.html">http://www.iana.org/assignments/message-headers/message-header-index.html</a>&gt; should be updated with the permanent registrations below (see <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a>):
[203]1352      </p>
[290]1353      <div id="rfc.table.1">
1354         <div id="iana.header.registration.table"></div>
[663]1355         <table class="tt full left" cellpadding="3" cellspacing="0">
[253]1356            <thead>
1357               <tr>
1358                  <th>Header Field Name</th>
1359                  <th>Protocol</th>
1360                  <th>Status</th>
1361                  <th>Reference</th>
1362               </tr>
1363            </thead>
1364            <tbody>
1365               <tr>
[704]1366                  <td class="left">Accept</td>
1367                  <td class="left">http</td>
1368                  <td class="left">standard</td>
1369                  <td class="left"> <a href="#header.accept" id="rfc.xref.header.accept.3" title="Accept">Section&nbsp;5.1</a> 
[253]1370                  </td>
1371               </tr>
1372               <tr>
[704]1373                  <td class="left">Accept-Charset</td>
1374                  <td class="left">http</td>
1375                  <td class="left">standard</td>
1376                  <td class="left"> <a href="#header.accept-charset" id="rfc.xref.header.accept-charset.2" title="Accept-Charset">Section&nbsp;5.2</a> 
[253]1377                  </td>
1378               </tr>
1379               <tr>
[704]1380                  <td class="left">Accept-Encoding</td>
1381                  <td class="left">http</td>
1382                  <td class="left">standard</td>
1383                  <td class="left"> <a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.3" title="Accept-Encoding">Section&nbsp;5.3</a> 
[253]1384                  </td>
1385               </tr>
1386               <tr>
[704]1387                  <td class="left">Accept-Language</td>
1388                  <td class="left">http</td>
1389                  <td class="left">standard</td>
1390                  <td class="left"> <a href="#header.accept-language" id="rfc.xref.header.accept-language.2" title="Accept-Language">Section&nbsp;5.4</a> 
[253]1391                  </td>
1392               </tr>
1393               <tr>
[704]1394                  <td class="left">Content-Disposition</td>
1395                  <td class="left">http</td>
[939]1396                  <td class="left">standard</td>
[704]1397                  <td class="left"> <a href="#content-disposition" id="rfc.xref.content-disposition.1" title="Content-Disposition">Appendix&nbsp;B.1</a> 
[253]1398                  </td>
1399               </tr>
1400               <tr>
[704]1401                  <td class="left">Content-Encoding</td>
1402                  <td class="left">http</td>
1403                  <td class="left">standard</td>
1404                  <td class="left"> <a href="#header.content-encoding" id="rfc.xref.header.content-encoding.4" title="Content-Encoding">Section&nbsp;5.5</a> 
[253]1405                  </td>
1406               </tr>
1407               <tr>
[704]1408                  <td class="left">Content-Language</td>
1409                  <td class="left">http</td>
1410                  <td class="left">standard</td>
1411                  <td class="left"> <a href="#header.content-language" id="rfc.xref.header.content-language.2" title="Content-Language">Section&nbsp;5.6</a> 
[253]1412                  </td>
1413               </tr>
1414               <tr>
[704]1415                  <td class="left">Content-Location</td>
1416                  <td class="left">http</td>
1417                  <td class="left">standard</td>
1418                  <td class="left"> <a href="#header.content-location" id="rfc.xref.header.content-location.2" title="Content-Location">Section&nbsp;5.7</a> 
[253]1419                  </td>
1420               </tr>
1421               <tr>
[704]1422                  <td class="left">Content-MD5</td>
1423                  <td class="left">http</td>
1424                  <td class="left">standard</td>
1425                  <td class="left"> <a href="#header.content-md5" id="rfc.xref.header.content-md5.2" title="Content-MD5">Section&nbsp;5.8</a> 
[253]1426                  </td>
1427               </tr>
1428               <tr>
[704]1429                  <td class="left">Content-Type</td>
1430                  <td class="left">http</td>
1431                  <td class="left">standard</td>
1432                  <td class="left"> <a href="#header.content-type" id="rfc.xref.header.content-type.3" title="Content-Type">Section&nbsp;5.9</a> 
[253]1433                  </td>
1434               </tr>
[291]1435               <tr>
[704]1436                  <td class="left">MIME-Version</td>
1437                  <td class="left">http</td>
[939]1438                  <td class="left">standard</td>
[704]1439                  <td class="left"> <a href="#mime-version" id="rfc.xref.mime-version.1" title="MIME-Version">Appendix&nbsp;A.1</a> 
[291]1440                  </td>
1441               </tr>
[253]1442            </tbody>
1443         </table>
1444      </div>
[424]1445      <p id="rfc.section.6.1.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
[673]1446      <h2 id="rfc.section.6.2"><a href="#rfc.section.6.2">6.2</a>&nbsp;<a id="content.coding.registration" href="#content.coding.registration">Content Coding Registry</a></h2>
1447      <p id="rfc.section.6.2.p.1">The registration procedure for HTTP Content Codings is now defined by <a href="#content.coding.registry" title="Content Coding Registry">Section&nbsp;2.2.1</a> of this document.
[667]1448      </p>
[673]1449      <p id="rfc.section.6.2.p.2">The HTTP Content Codings Registry located at &lt;<a href="http://www.iana.org/assignments/http-parameters">http://www.iana.org/assignments/http-parameters</a>&gt; should be updated with the registration below:
1450      </p>
[667]1451      <div id="rfc.table.2">
[668]1452         <div id="iana.content.coding.registration.table"></div>
1453         <table class="tt full left" cellpadding="3" cellspacing="0">
1454            <thead>
1455               <tr>
[670]1456                  <th>Name</th>
[668]1457                  <th>Description</th>
1458                  <th>Reference</th>
1459               </tr>
1460            </thead>
1461            <tbody>
1462               <tr>
[704]1463                  <td class="left">compress</td>
1464                  <td class="left">UNIX "compress" program method</td>
[868]1465                  <td class="left"> <a href="p1-messaging.html#compress.coding" title="Compress Coding">Section 6.2.2.1</a> of <a href="#Part1" id="rfc.xref.Part1.22"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> 
[668]1466                  </td>
1467               </tr>
1468               <tr>
[704]1469                  <td class="left">deflate</td>
[806]1470                  <td class="left">"deflate" compression mechanism (<a href="#RFC1951" id="rfc.xref.RFC1951.1"><cite title="DEFLATE Compressed Data Format Specification version 1.3">[RFC1951]</cite></a>) used inside the "zlib" data format (<a href="#RFC1950" id="rfc.xref.RFC1950.1"><cite title="ZLIB Compressed Data Format Specification version 3.3">[RFC1950]</cite></a>)
[668]1471                  </td>
[868]1472                  <td class="left"> <a href="p1-messaging.html#deflate.coding" title="Deflate Coding">Section 6.2.2.2</a> of <a href="#Part1" id="rfc.xref.Part1.23"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> 
[668]1473                  </td>
1474               </tr>
1475               <tr>
[704]1476                  <td class="left">gzip</td>
1477                  <td class="left">Same as GNU zip <a href="#RFC1952" id="rfc.xref.RFC1952.1"><cite title="GZIP file format specification version 4.3">[RFC1952]</cite></a></td>
[868]1478                  <td class="left"> <a href="p1-messaging.html#gzip.coding" title="Gzip Coding">Section 6.2.2.3</a> of <a href="#Part1" id="rfc.xref.Part1.24"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> 
[668]1479                  </td>
1480               </tr>
1481               <tr>
[704]1482                  <td class="left">identity</td>
1483                  <td class="left">No transformation</td>
1484                  <td class="left"> <a href="#content.codings" title="Content Codings">Section&nbsp;2.2</a> 
[668]1485                  </td>
1486               </tr>
1487            </tbody>
1488         </table>
1489      </div>
[424]1490      <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
1491      <p id="rfc.section.7.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
[97]1492         as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
1493         make some suggestions for reducing security risks.
1494      </p>
[424]1495      <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a id="privacy.issues.connected.to.accept.headers" href="#privacy.issues.connected.to.accept.headers">Privacy Issues Connected to Accept Headers</a></h2>
1496      <p id="rfc.section.7.1.p.1">Accept request-headers can reveal information about the user to all servers which are accessed. The Accept-Language header
[97]1497         in particular can reveal information the user would consider to be of a private nature, because the understanding of particular
1498         languages is often strongly correlated to the membership of a particular ethnic group. User agents which offer the option
1499         to configure the contents of an Accept-Language header to be sent in every request are strongly encouraged to let the configuration
1500         process include a message which makes the user aware of the loss of privacy involved.
1501      </p>
[424]1502      <p id="rfc.section.7.1.p.2">An approach that limits the loss of privacy would be for a user agent to omit the sending of Accept-Language headers by default,
[97]1503         and to ask the user whether or not to start sending Accept-Language headers to a server if it detects, by looking for any
1504         Vary response-header fields generated by the server, that such sending could improve the quality of service.
1505      </p>
[424]1506      <p id="rfc.section.7.1.p.3">Elaborate user-customized accept header fields sent in every request, in particular if these include quality values, can be
[97]1507         used by servers as relatively reliable and long-lived user identifiers. Such user identifiers would allow content providers
1508         to do click-trail tracking, and would allow collaborating content providers to match cross-server click-trails or form submissions
1509         of individual users. Note that for many users not behind a proxy, the network address of the host running the user agent will
1510         also serve as a long-lived user identifier. In environments where proxies are used to enhance privacy, user agents ought to
1511         be conservative in offering accept header configuration options to end users. As an extreme privacy measure, proxies could
1512         filter the accept headers in relayed requests. General purpose user agents which provide a high degree of header configurability <em class="bcp14">SHOULD</em> warn users about the loss of privacy which can be involved.
1513      </p>
[424]1514      <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a>&nbsp;<a id="content-disposition.issues" href="#content-disposition.issues">Content-Disposition Issues</a></h2>
1515      <p id="rfc.section.7.2.p.1"> <a href="#RFC2183" id="rfc.xref.RFC2183.1"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>, from which the often implemented Content-Disposition (see <a href="#content-disposition" id="rfc.xref.content-disposition.2" title="Content-Disposition">Appendix&nbsp;B.1</a>) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the
[269]1516         HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See <a href="http://tools.ietf.org/html/rfc2183#section-5">Section 5</a> of <a href="#RFC2183" id="rfc.xref.RFC2183.2"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a> for details.
[97]1517      </p>
[424]1518      <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="ack" href="#ack">Acknowledgments</a></h1>
1519      <h1 id="rfc.references"><a id="rfc.section.9" href="#rfc.section.9">9.</a> References
[97]1520      </h1>
[424]1521      <h2 id="rfc.references.1"><a href="#rfc.section.9.1" id="rfc.section.9.1">9.1</a> Normative References
[119]1522      </h2>
[806]1523      <table>                               
[97]1524         <tr>
[121]1525            <td class="reference"><b id="ISO-8859-1">[ISO-8859-1]</b></td>
[446]1526            <td class="top">International Organization for Standardization, “Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1”, ISO/IEC&nbsp;8859-1:1998, 1998.</td>
[121]1527         </tr>
1528         <tr>
[97]1529            <td class="reference"><b id="Part1">[Part1]</b></td>
[844]1530            <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-latest">HTTP/1.1, part 1: URIs, Connections, and Message Parsing</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p1-messaging-latest (work in progress), July&nbsp;2010.
[97]1531            </td>
1532         </tr>
1533         <tr>
1534            <td class="reference"><b id="Part2">[Part2]</b></td>
[844]1535            <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-latest">HTTP/1.1, part 2: Message Semantics</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p2-semantics-latest (work in progress), July&nbsp;2010.
[97]1536            </td>
1537         </tr>
1538         <tr>
1539            <td class="reference"><b id="Part4">[Part4]</b></td>
[844]1540            <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest">HTTP/1.1, part 4: Conditional Requests</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p4-conditional-latest (work in progress), July&nbsp;2010.
[97]1541            </td>
1542         </tr>
1543         <tr>
1544            <td class="reference"><b id="Part5">[Part5]</b></td>
[844]1545            <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest">HTTP/1.1, part 5: Range Requests and Partial Responses</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p5-range-latest (work in progress), July&nbsp;2010.
[97]1546            </td>
1547         </tr>
1548         <tr>
1549            <td class="reference"><b id="Part6">[Part6]</b></td>
[844]1550            <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@freedesktop.org" title="Alcatel-Lucent Bell Labs">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, <a href="mailto:mnot@mnot.net">Nottingham, M., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-latest">HTTP/1.1, part 6: Caching</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p6-cache-latest (work in progress), July&nbsp;2010.
[97]1551            </td>
1552         </tr>
1553         <tr>
[131]1554            <td class="reference"><b id="RFC1864">[RFC1864]</b></td>
[704]1555            <td class="top"><a href="mailto:jgm+@cmu.edu" title="Carnegie Mellon University">Myers, J.</a> and <a href="mailto:mrose@dbc.mtview.ca.us" title="Dover Beach Consulting, Inc.">M. Rose</a>, “<a href="http://tools.ietf.org/html/rfc1864">The Content-MD5 Header Field</a>”, RFC&nbsp;1864, October&nbsp;1995.
[131]1556            </td>
1557         </tr>
1558         <tr>
[122]1559            <td class="reference"><b id="RFC1950">[RFC1950]</b></td>
[912]1560            <td class="top"><a href="mailto:ghost@aladdin.com" title="Aladdin Enterprises">Deutsch, L.</a> and J-L. Gailly, “<a href="http://tools.ietf.org/html/rfc1950">ZLIB Compressed Data Format Specification version 3.3</a>”, RFC&nbsp;1950, May&nbsp;1996.<br>RFC 1950 is an Informational RFC, thus it might be less stable than this specification. On the other hand, this downward reference
[277]1561               was present since the publication of RFC 2068 in 1997 (<a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>), therefore it is unlikely to cause problems in practice. See also <a href="#BCP97" id="rfc.xref.BCP97.1"><cite title="Handling Normative References to Standards-Track Documents">[BCP97]</cite></a>.
[122]1562            </td>
1563         </tr>
1564         <tr>
[806]1565            <td class="reference"><b id="RFC1951">[RFC1951]</b></td>
[912]1566            <td class="top"><a href="mailto:ghost@aladdin.com" title="Aladdin Enterprises">Deutsch, P.</a>, “<a href="http://tools.ietf.org/html/rfc1951">DEFLATE Compressed Data Format Specification version 1.3</a>”, RFC&nbsp;1951, May&nbsp;1996.<br>RFC 1951 is an Informational RFC, thus it might be less stable than this specification. On the other hand, this downward reference
[806]1567               was present since the publication of RFC 2068 in 1997 (<a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>), therefore it is unlikely to cause problems in practice. See also <a href="#BCP97" id="rfc.xref.BCP97.2"><cite title="Handling Normative References to Standards-Track Documents">[BCP97]</cite></a>.
1568            </td>
1569         </tr>
1570         <tr>
[122]1571            <td class="reference"><b id="RFC1952">[RFC1952]</b></td>
[912]1572            <td class="top"><a href="mailto:ghost@aladdin.com" title="Aladdin Enterprises">Deutsch, P.</a>, <a href="mailto:gzip@prep.ai.mit.edu">Gailly, J-L.</a>, <a href="mailto:madler@alumni.caltech.edu">Adler, M.</a>, <a href="mailto:ghost@aladdin.com">Deutsch, L.</a>, and <a href="mailto:randeg@alumni.rpi.edu">G. Randers-Pehrson</a>, “<a href="http://tools.ietf.org/html/rfc1952">GZIP file format specification version 4.3</a>”, RFC&nbsp;1952, May&nbsp;1996.<br>RFC 1952 is an Informational RFC, thus it might be less stable than this specification. On the other hand, this downward reference
[806]1573               was present since the publication of RFC 2068 in 1997 (<a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>), therefore it is unlikely to cause problems in practice. See also <a href="#BCP97" id="rfc.xref.BCP97.3"><cite title="Handling Normative References to Standards-Track Documents">[BCP97]</cite></a>.
[122]1574            </td>
1575         </tr>
1576         <tr>
[131]1577            <td class="reference"><b id="RFC2045">[RFC2045]</b></td>
[832]1578            <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="http://tools.ietf.org/html/rfc2045">Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</a>”, RFC&nbsp;2045, November&nbsp;1996.
[131]1579            </td>
1580         </tr>
1581         <tr>
1582            <td class="reference"><b id="RFC2046">[RFC2046]</b></td>
[704]1583            <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="http://tools.ietf.org/html/rfc2046">Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types</a>”, RFC&nbsp;2046, November&nbsp;1996.
[131]1584            </td>
1585         </tr>
1586         <tr>
[119]1587            <td class="reference"><b id="RFC2119">[RFC2119]</b></td>
[704]1588            <td class="top"><a href="mailto:sob@harvard.edu" title="Harvard University">Bradner, S.</a>, “<a href="http://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>”, BCP&nbsp;14, RFC&nbsp;2119, March&nbsp;1997.
[119]1589            </td>
1590         </tr>
[303]1591         <tr>
1592            <td class="reference"><b id="RFC4647">[RFC4647]</b></td>
[704]1593            <td class="top"><a href="mailto:addison@inter-locale.com" title="Yahoo! Inc.">Phillips, A., Ed.</a> and <a href="mailto:mark.davis@macchiato.com" title="Google">M. Davis, Ed.</a>, “<a href="http://tools.ietf.org/html/rfc4647">Matching of Language Tags</a>”, BCP&nbsp;47, RFC&nbsp;4647, September&nbsp;2006.
[303]1594            </td>
1595         </tr>
[425]1596         <tr>
1597            <td class="reference"><b id="RFC5234">[RFC5234]</b></td>
[704]1598            <td class="top"><a href="mailto:dcrocker@bbiw.net" title="Brandenburg InternetWorking">Crocker, D., Ed.</a> and <a href="mailto:paul.overell@thus.net" title="THUS plc.">P. Overell</a>, “<a href="http://tools.ietf.org/html/rfc5234">Augmented BNF for Syntax Specifications: ABNF</a>”, STD&nbsp;68, RFC&nbsp;5234, January&nbsp;2008.
[425]1599            </td>
1600         </tr>
[690]1601         <tr>
1602            <td class="reference"><b id="RFC5646">[RFC5646]</b></td>
[704]1603            <td class="top"><a href="mailto:addison@inter-locale.com" title="Lab126">Phillips, A., Ed.</a> and <a href="mailto:mark.davis@google.com" title="Google">M. Davis, Ed.</a>, “<a href="http://tools.ietf.org/html/rfc5646">Tags for Identifying Languages</a>”, BCP&nbsp;47, RFC&nbsp;5646, September&nbsp;2009.
[690]1604            </td>
1605         </tr>
[119]1606      </table>
[424]1607      <h2 id="rfc.references.2"><a href="#rfc.section.9.2" id="rfc.section.9.2">9.2</a> Informative References
[119]1608      </h2>
[745]1609      <table>                               
[119]1610         <tr>
[277]1611            <td class="reference"><b id="BCP97">[BCP97]</b></td>
[704]1612            <td class="top"><a href="mailto:klensin+ietf@jck.com">Klensin, J.</a> and <a href="mailto:hartmans-ietf@mit.edu" title="MIT">S. Hartman</a>, “<a href="http://tools.ietf.org/html/rfc4897">Handling Normative References to Standards-Track Documents</a>”, BCP&nbsp;97, RFC&nbsp;4897, June&nbsp;2007.
[277]1613            </td>
1614         </tr>
1615         <tr>
[129]1616            <td class="reference"><b id="RFC1945">[RFC1945]</b></td>
[832]1617            <td class="top"><a href="mailto:timbl@w3.org" title="MIT, Laboratory for Computer Science">Berners-Lee, T.</a>, <a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, and <a href="mailto:frystyk@w3.org" title="W3 Consortium, MIT Laboratory for Computer Science">H. Nielsen</a>, “<a href="http://tools.ietf.org/html/rfc1945">Hypertext Transfer Protocol -- HTTP/1.0</a>”, RFC&nbsp;1945, May&nbsp;1996.
[119]1618            </td>
1619         </tr>
1620         <tr>
[129]1621            <td class="reference"><b id="RFC2049">[RFC2049]</b></td>
[832]1622            <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="http://tools.ietf.org/html/rfc2049">Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples</a>”, RFC&nbsp;2049, November&nbsp;1996.
[97]1623            </td>
1624         </tr>
1625         <tr>
[129]1626            <td class="reference"><b id="RFC2068">[RFC2068]</b></td>
[704]1627            <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="MIT Laboratory for Computer Science">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Digital Equipment Corporation, Western Research Laboratory">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Nielsen, H.</a>, and <a href="mailto:timbl@w3.org" title="MIT Laboratory for Computer Science">T. Berners-Lee</a>, “<a href="http://tools.ietf.org/html/rfc2068">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC&nbsp;2068, January&nbsp;1997.
[97]1628            </td>
1629         </tr>
1630         <tr>
[129]1631            <td class="reference"><b id="RFC2076">[RFC2076]</b></td>
[704]1632            <td class="top"><a href="mailto:jpalme@dsv.su.se" title="Stockholm University/KTH">Palme, J.</a>, “<a href="http://tools.ietf.org/html/rfc2076">Common Internet Message Headers</a>”, RFC&nbsp;2076, February&nbsp;1997.
[97]1633            </td>
1634         </tr>
1635         <tr>
[129]1636            <td class="reference"><b id="RFC2183">[RFC2183]</b></td>
[704]1637            <td class="top"><a href="mailto:rens@century.com" title="New Century Systems">Troost, R.</a>, <a href="mailto:sdorner@qualcomm.com" title="QUALCOMM Incorporated">Dorner, S.</a>, and <a href="mailto:moore@cs.utk.edu" title="Department of Computer Science">K. Moore</a>, “<a href="http://tools.ietf.org/html/rfc2183">Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field</a>”, RFC&nbsp;2183, August&nbsp;1997.
[97]1638            </td>
1639         </tr>
1640         <tr>
[129]1641            <td class="reference"><b id="RFC2277">[RFC2277]</b></td>
[832]1642            <td class="top"><a href="mailto:Harald.T.Alvestrand@uninett.no" title="UNINETT">Alvestrand, H.</a>, “<a href="http://tools.ietf.org/html/rfc2277">IETF Policy on Character Sets and Languages</a>”, BCP&nbsp;18, RFC&nbsp;2277, January&nbsp;1998.
[97]1643            </td>
1644         </tr>
1645         <tr>
[745]1646            <td class="reference"><b id="RFC2295">[RFC2295]</b></td>
[832]1647            <td class="top"><a href="mailto:koen@win.tue.nl" title="Technische Universiteit Eindhoven">Holtman, K.</a> and <a href="mailto:mutz@hpl.hp.com" title="Hewlett-Packard Company">A. Mutz</a>, “<a href="http://tools.ietf.org/html/rfc2295">Transparent Content Negotiation in HTTP</a>”, RFC&nbsp;2295, March&nbsp;1998.
[745]1648            </td>
1649         </tr>
1650         <tr>
[129]1651            <td class="reference"><b id="RFC2388">[RFC2388]</b></td>
[704]1652            <td class="top"><a href="mailto:masinter@parc.xerox.com" title="Xerox Palo Alto Research Center">Masinter, L.</a>, “<a href="http://tools.ietf.org/html/rfc2388">Returning Values from Forms: multipart/form-data</a>”, RFC&nbsp;2388, August&nbsp;1998.
[97]1653            </td>
1654         </tr>
1655         <tr>
[129]1656            <td class="reference"><b id="RFC2557">[RFC2557]</b></td>
[704]1657            <td class="top"><a href="mailto:jpalme@dsv.su.se" title="Stockholm University and KTH">Palme, F.</a>, <a href="mailto:alexhop@microsoft.com" title="Microsoft Corporation">Hopmann, A.</a>, <a href="mailto:Shelness@lotus.com" title="Lotus Development Corporation">Shelness, N.</a>, and <a href="mailto:stef@nma.com">E. Stefferud</a>, “<a href="http://tools.ietf.org/html/rfc2557">MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)</a>”, RFC&nbsp;2557, March&nbsp;1999.
[97]1658            </td>
1659         </tr>
1660         <tr>
[129]1661            <td class="reference"><b id="RFC2616">[RFC2616]</b></td>
[704]1662            <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="W3C">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Compaq Computer Corporation">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Frystyk, H.</a>, <a href="mailto:masinter@parc.xerox.com" title="Xerox Corporation">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, and <a href="mailto:timbl@w3.org" title="W3C">T. Berners-Lee</a>, “<a href="http://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC&nbsp;2616, June&nbsp;1999.
[97]1663            </td>
1664         </tr>
1665         <tr>
[133]1666            <td class="reference"><b id="RFC3629">[RFC3629]</b></td>
[704]1667            <td class="top"><a href="mailto:fyergeau@alis.com" title="Alis Technologies">Yergeau, F.</a>, “<a href="http://tools.ietf.org/html/rfc3629">UTF-8, a transformation format of ISO 10646</a>”, RFC&nbsp;3629, STD&nbsp;63, November&nbsp;2003.
[97]1668            </td>
1669         </tr>
[200]1670         <tr>
[253]1671            <td class="reference"><b id="RFC3864">[RFC3864]</b></td>
[704]1672            <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="http://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP&nbsp;90, RFC&nbsp;3864, September&nbsp;2004.
[253]1673            </td>
1674         </tr>
1675         <tr>
[200]1676            <td class="reference"><b id="RFC4288">[RFC4288]</b></td>
[704]1677            <td class="top"><a href="mailto:ned.freed@mrochek.com" title="Sun Microsystems">Freed, N.</a> and <a href="mailto:klensin+ietf@jck.com">J. Klensin</a>, “<a href="http://tools.ietf.org/html/rfc4288">Media Type Specifications and Registration Procedures</a>”, BCP&nbsp;13, RFC&nbsp;4288, December&nbsp;2005.
[200]1678            </td>
1679         </tr>
[327]1680         <tr>
[670]1681            <td class="reference"><b id="RFC5226">[RFC5226]</b></td>
[704]1682            <td class="top"><a href="mailto:narten@us.ibm.com" title="IBM">Narten, T.</a> and <a href="mailto:Harald@Alvestrand.no" title="Google">H. Alvestrand</a>, “<a href="http://tools.ietf.org/html/rfc5226">Guidelines for Writing an IANA Considerations Section in RFCs</a>”, BCP&nbsp;26, RFC&nbsp;5226, May&nbsp;2008.
[670]1683            </td>
1684         </tr>
1685         <tr>
[327]1686            <td class="reference"><b id="RFC5322">[RFC5322]</b></td>
1687            <td class="top">Resnick, P., “<a href="http://tools.ietf.org/html/rfc5322">Internet Message Format</a>”, RFC&nbsp;5322, October&nbsp;2008.
1688            </td>
1689         </tr>
[129]1690      </table>
[662]1691      <div class="avoidbreak">
1692         <h1 id="rfc.authors"><a href="#rfc.authors">Authors' Addresses</a></h1>
1693         <address class="vcard"><span class="vcardline"><span class="fn">Roy T. Fielding</span>
1694               (editor)
[799]1695               <span class="n hidden"><span class="family-name">Fielding</span><span class="given-name">Roy T.</span></span></span><span class="org vcardline">Day Software</span><span class="adr"><span class="street-address vcardline">23 Corporate Plaza DR, Suite 280</span><span class="vcardline"><span class="locality">Newport Beach</span>, <span class="region">CA</span>&nbsp;<span class="postal-code">92660</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline tel">Phone: <a href="tel:+1-949-706-5300"><span class="value">+1-949-706-5300</span></a></span><span class="vcardline tel"><span class="type">Fax</span>: <a href="fax:+1-949-706-5305"><span class="value">+1-949-706-5305</span></a></span><span class="vcardline">Email: <a href="mailto:fielding@gbiv.com"><span class="email">fielding@gbiv.com</span></a></span><span class="vcardline">URI: <a href="http://roy.gbiv.com/" class="url">http://roy.gbiv.com/</a></span></address>
[844]1696         <address class="vcard"><span class="vcardline"><span class="fn">Jim Gettys</span><span class="n hidden"><span class="family-name">Gettys</span><span class="given-name">Jim</span></span></span><span class="org vcardline">Alcatel-Lucent Bell Labs</span><span class="adr"><span class="street-address vcardline">21 Oak Knoll Road</span><span class="vcardline"><span class="locality">Carlisle</span>, <span class="region">MA</span>&nbsp;<span class="postal-code">01741</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">Email: <a href="mailto:jg@freedesktop.org"><span class="email">jg@freedesktop.org</span></a></span><span class="vcardline">URI: <a href="http://gettys.wordpress.com/" class="url">http://gettys.wordpress.com/</a></span></address>
[799]1697         <address class="vcard"><span class="vcardline"><span class="fn">Jeffrey C. Mogul</span><span class="n hidden"><span class="family-name">Mogul</span><span class="given-name">Jeffrey C.</span></span></span><span class="org vcardline">Hewlett-Packard Company</span><span class="adr"><span class="street-address vcardline">HP Labs, Large Scale Systems Group</span><span class="street-address vcardline">1501 Page Mill Road, MS 1177</span><span class="vcardline"><span class="locality">Palo Alto</span>, <span class="region">CA</span>&nbsp;<span class="postal-code">94304</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">Email: <a href="mailto:JeffMogul@acm.org"><span class="email">JeffMogul@acm.org</span></a></span></address>
1698         <address class="vcard"><span class="vcardline"><span class="fn">Henrik Frystyk Nielsen</span><span class="n hidden"><span class="family-name">Frystyk</span></span></span><span class="org vcardline">Microsoft Corporation</span><span class="adr"><span class="street-address vcardline">1 Microsoft Way</span><span class="vcardline"><span class="locality">Redmond</span>, <span class="region">WA</span>&nbsp;<span class="postal-code">98052</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">Email: <a href="mailto:henrikn@microsoft.com"><span class="email">henrikn@microsoft.com</span></a></span></address>
1699         <address class="vcard"><span class="vcardline"><span class="fn">Larry Masinter</span><span class="n hidden"><span class="family-name">Masinter</span><span class="given-name">Larry</span></span></span><span class="org vcardline">Adobe Systems, Incorporated</span><span class="adr"><span class="street-address vcardline">345 Park Ave</span><span class="vcardline"><span class="locality">San Jose</span>, <span class="region">CA</span>&nbsp;<span class="postal-code">95110</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">Email: <a href="mailto:LMM@acm.org"><span class="email">LMM@acm.org</span></a></span><span class="vcardline">URI: <a href="http://larry.masinter.net/" class="url">http://larry.masinter.net/</a></span></address>
1700         <address class="vcard"><span class="vcardline"><span class="fn">Paul J. Leach</span><span class="n hidden"><span class="family-name">Leach</span><span class="given-name">Paul J.</span></span></span><span class="org vcardline">Microsoft Corporation</span><span class="adr"><span class="street-address vcardline">1 Microsoft Way</span><span class="vcardline"><span class="locality">Redmond</span>, <span class="region">WA</span>&nbsp;<span class="postal-code">98052</span></span></span><span class="vcardline">Email: <a href="mailto:paulle@microsoft.com"><span class="email">paulle@microsoft.com</span></a></span></address>
1701         <address class="vcard"><span class="vcardline"><span class="fn">Tim Berners-Lee</span><span class="n hidden"><span class="family-name">Berners-Lee</span><span class="given-name">Tim</span></span></span><span class="org vcardline">World Wide Web Consortium</span><span class="adr"><span class="street-address vcardline">MIT Computer Science and Artificial Intelligence Laboratory</span><span class="street-address vcardline">The Stata Center, Building 32</span><span class="street-address vcardline">32 Vassar Street</span><span class="vcardline"><span class="locality">Cambridge</span>, <span class="region">MA</span>&nbsp;<span class="postal-code">02139</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">Email: <a href="mailto:timbl@w3.org"><span class="email">timbl@w3.org</span></a></span><span class="vcardline">URI: <a href="http://www.w3.org/People/Berners-Lee/" class="url">http://www.w3.org/People/Berners-Lee/</a></span></address>
[662]1702         <address class="vcard"><span class="vcardline"><span class="fn">Yves Lafon</span>
1703               (editor)
[799]1704               <span class="n hidden"><span class="family-name">Lafon</span><span class="given-name">Yves</span></span></span><span class="org vcardline">World Wide Web Consortium</span><span class="adr"><span class="street-address vcardline">W3C / ERCIM</span><span class="street-address vcardline">2004, rte des Lucioles</span><span class="vcardline"><span class="locality">Sophia-Antipolis</span>, <span class="region">AM</span>&nbsp;<span class="postal-code">06902</span></span><span class="country-name vcardline">France</span></span><span class="vcardline">Email: <a href="mailto:ylafon@w3.org"><span class="email">ylafon@w3.org</span></a></span><span class="vcardline">URI: <a href="http://www.raubacapeu.net/people/yves/" class="url">http://www.raubacapeu.net/people/yves/</a></span></address>
[662]1705         <address class="vcard"><span class="vcardline"><span class="fn">Julian F. Reschke</span>
1706               (editor)
[799]1707               <span class="n hidden"><span class="family-name">Reschke</span><span class="given-name">Julian F.</span></span></span><span class="org vcardline">greenbytes GmbH</span><span class="adr"><span class="street-address vcardline">Hafenweg 16</span><span class="vcardline"><span class="locality">Muenster</span>, <span class="region">NW</span>&nbsp;<span class="postal-code">48155</span></span><span class="country-name vcardline">Germany</span></span><span class="vcardline tel">Phone: <a href="tel:+492512807760"><span class="value">+49 251 2807760</span></a></span><span class="vcardline tel"><span class="type">Fax</span>: <a href="fax:+492512807761"><span class="value">+49 251 2807761</span></a></span><span class="vcardline">Email: <a href="mailto:julian.reschke@greenbytes.de"><span class="email">julian.reschke@greenbytes.de</span></a></span><span class="vcardline">URI: <a href="http://greenbytes.de/tech/webdav/" class="url">http://greenbytes.de/tech/webdav/</a></span></address>
[662]1708      </div>
[875]1709      <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a>&nbsp;<a id="differences.between.http.and.mime" href="#differences.between.http.and.mime">Differences between HTTP and MIME</a></h1>
1710      <p id="rfc.section.A.p.1">HTTP/1.1 uses many of the constructs defined for Internet Mail (<a href="#RFC5322" id="rfc.xref.RFC5322.1"><cite title="Internet Message Format">[RFC5322]</cite></a>) and the Multipurpose Internet Mail Extensions (MIME <a href="#RFC2045" id="rfc.xref.RFC2045.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>) to allow a message-body to be transmitted in an open variety of representations and with extensible mechanisms. However,
1711         RFC 2045 discusses mail, and HTTP has a few features that are different from those described in MIME. These differences were
1712         carefully chosen to optimize performance over binary connections, to allow greater freedom in the use of new media types,
1713         to make date comparisons easier, and to acknowledge the practice of some early HTTP servers and clients.
[97]1714      </p>
[875]1715      <p id="rfc.section.A.p.2">This appendix describes specific areas where HTTP differs from MIME. Proxies and gateways to strict MIME environments <em class="bcp14">SHOULD</em> be aware of these differences and provide the appropriate conversions where necessary. Proxies and gateways from MIME environments
[97]1716         to HTTP also need to be aware of the differences because some conversions might be required.
1717      </p>
[291]1718      <div id="rfc.iref.m.1"></div>
1719      <div id="rfc.iref.h.10"></div>
[97]1720      <h2 id="rfc.section.A.1"><a href="#rfc.section.A.1">A.1</a>&nbsp;<a id="mime-version" href="#mime-version">MIME-Version</a></h2>
1721      <p id="rfc.section.A.1.p.1">HTTP is not a MIME-compliant protocol. However, HTTP/1.1 messages <em class="bcp14">MAY</em> include a single MIME-Version general-header field to indicate what version of the MIME protocol was used to construct the
1722         message. Use of the MIME-Version header field indicates that the message is in full compliance with the MIME protocol (as
[115]1723         defined in <a href="#RFC2045" id="rfc.xref.RFC2045.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>). Proxies/gateways are responsible for ensuring full compliance (where possible) when exporting HTTP messages to strict MIME
[97]1724         environments.
1725      </p>
[875]1726      <div id="rfc.figure.u.34"></div><pre class="inline"><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span>  <a href="#mime-version" class="smpl">MIME-Version</a>   = "MIME-Version" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#mime-version" class="smpl">MIME-Version-v</a>
[425]1727  <a href="#mime-version" class="smpl">MIME-Version-v</a> = 1*<a href="#notation" class="smpl">DIGIT</a> "." 1*<a href="#notation" class="smpl">DIGIT</a>
[97]1728</pre><p id="rfc.section.A.1.p.3">MIME version "1.0" is the default for use in HTTP/1.1. However, HTTP/1.1 message parsing and semantics are defined by this
1729         document and not the MIME specification.
1730      </p>
1731      <h2 id="rfc.section.A.2"><a href="#rfc.section.A.2">A.2</a>&nbsp;<a id="conversion.to.canonical.form" href="#conversion.to.canonical.form">Conversion to Canonical Form</a></h2>
[875]1732      <p id="rfc.section.A.2.p.1">MIME requires that an Internet mail body-part be converted to canonical form prior to being transferred, as described in <a href="http://tools.ietf.org/html/rfc2049#section-4">Section 4</a> of <a href="#RFC2049" id="rfc.xref.RFC2049.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples">[RFC2049]</cite></a>. <a href="#canonicalization.and.text.defaults" title="Canonicalization and Text Defaults">Section&nbsp;2.3.1</a> of this document describes the forms allowed for subtypes of the "text" media type when transmitted over HTTP. <a href="#RFC2046" id="rfc.xref.RFC2046.4"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> requires that content with a type of "text" represent line breaks as CRLF and forbids the use of CR or LF outside of line
[97]1733         break sequences. HTTP allows CRLF, bare CR, and bare LF to indicate a line break within text content when a message is transmitted
1734         over HTTP.
1735      </p>
[424]1736      <p id="rfc.section.A.2.p.2">Where it is possible, a proxy or gateway from HTTP to a strict MIME environment <em class="bcp14">SHOULD</em> translate all line breaks within the text media types described in <a href="#canonicalization.and.text.defaults" title="Canonicalization and Text Defaults">Section&nbsp;2.3.1</a> of this document to the RFC 2049 canonical form of CRLF. Note, however, that this might be complicated by the presence of
[97]1737         a Content-Encoding and by the fact that HTTP allows the use of some character sets which do not use octets 13 and 10 to represent
1738         CR and LF, as is the case for some multi-byte character sets.
1739      </p>
1740      <p id="rfc.section.A.2.p.3">Implementors should note that conversion will break any cryptographic checksums applied to the original content unless the
1741         original content is already in canonical form. Therefore, the canonical form is recommended for any content that uses such
1742         checksums in HTTP.
1743      </p>
[385]1744      <h2 id="rfc.section.A.3"><a href="#rfc.section.A.3">A.3</a>&nbsp;<a id="conversion.of.date.formats" href="#conversion.of.date.formats">Conversion of Date Formats</a></h2>
[868]1745      <p id="rfc.section.A.3.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="p1-messaging.html#date.time.formats.full.date" title="Date/Time Formats: Full Date">Section 6.1</a> of <a href="#Part1" id="rfc.xref.Part1.25"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any Date header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary.
[385]1746      </p>
1747      <h2 id="rfc.section.A.4"><a href="#rfc.section.A.4">A.4</a>&nbsp;<a id="introduction.of.content-encoding" href="#introduction.of.content-encoding">Introduction of Content-Encoding</a></h2>
[875]1748      <p id="rfc.section.A.4.p.1">MIME does not include any concept equivalent to HTTP/1.1's Content-Encoding header field. Since this acts as a modifier on
1749         the media type, proxies and gateways from HTTP to MIME-compliant protocols <em class="bcp14">MUST</em> either change the value of the Content-Type header field or decode the representation before forwarding the message. (Some
1750         experimental applications of Content-Type for Internet mail have used a media-type parameter of ";conversions=&lt;content-coding&gt;"
1751         to perform a function equivalent to Content-Encoding. However, this parameter is not part of the MIME standards).
[97]1752      </p>
[385]1753      <h2 id="rfc.section.A.5"><a href="#rfc.section.A.5">A.5</a>&nbsp;<a id="no.content-transfer-encoding" href="#no.content-transfer-encoding">No Content-Transfer-Encoding</a></h2>
[875]1754      <p id="rfc.section.A.5.p.1">HTTP does not use the Content-Transfer-Encoding field of MIME. Proxies and gateways from MIME-compliant protocols to HTTP <em class="bcp14">MUST</em> remove any Content-Transfer-Encoding prior to delivering the response message to an HTTP client.
[97]1755      </p>
[385]1756      <p id="rfc.section.A.5.p.2">Proxies and gateways from HTTP to MIME-compliant protocols are responsible for ensuring that the message is in the correct
[97]1757         format and encoding for safe transport on that protocol, where "safe transport" is defined by the limitations of the protocol
1758         being used. Such a proxy or gateway <em class="bcp14">SHOULD</em> label the data with an appropriate Content-Transfer-Encoding if doing so will improve the likelihood of safe transport over
1759         the destination protocol.
1760      </p>
[385]1761      <h2 id="rfc.section.A.6"><a href="#rfc.section.A.6">A.6</a>&nbsp;<a id="introduction.of.transfer-encoding" href="#introduction.of.transfer-encoding">Introduction of Transfer-Encoding</a></h2>
[868]1762      <p id="rfc.section.A.6.p.1">HTTP/1.1 introduces the Transfer-Encoding header field (<a href="p1-messaging.html#header.transfer-encoding" title="Transfer-Encoding">Section 9.7</a> of <a href="#Part1" id="rfc.xref.Part1.26"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). Proxies/gateways <em class="bcp14">MUST</em> remove any transfer-coding prior to forwarding a message via a MIME-compliant protocol.
[97]1763      </p>
[385]1764      <h2 id="rfc.section.A.7"><a href="#rfc.section.A.7">A.7</a>&nbsp;<a id="mhtml.line.length" href="#mhtml.line.length">MHTML and Line Length Limitations</a></h2>
[857]1765      <p id="rfc.section.A.7.p.1">HTTP implementations which share code with MHTML <a href="#RFC2557" id="rfc.xref.RFC2557.2"><cite title="MIME Encapsulation of Aggregate Documents, such as HTML (MHTML)">[RFC2557]</cite></a> implementations need to be aware of MIME line length limitations. Since HTTP does not have this limitation, HTTP does not
[97]1766         fold long lines. MHTML messages being transported by HTTP follow all conventions of MHTML, including line length limitations
[424]1767         and folding, canonicalization, etc., since HTTP transports all message-bodies as payload (see <a href="#multipart.types" title="Multipart Types">Section&nbsp;2.3.2</a>) and does not interpret the content or any MIME header lines that might be contained therein.
[97]1768      </p>
1769      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="additional.features" href="#additional.features">Additional Features</a></h1>
[806]1770      <p id="rfc.section.B.p.1"> <a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a> and <a href="#RFC2068" id="rfc.xref.RFC2068.4"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> document protocol elements used by some existing HTTP implementations, but not consistently and correctly across most HTTP/1.1
[97]1771         applications. Implementors are advised to be aware of these features, but cannot rely upon their presence in, or interoperability
1772         with, other HTTP/1.1 applications. Some of these describe proposed experimental features, and some describe features that
1773         experimental deployment found lacking that are now addressed in the base HTTP/1.1 specification.
1774      </p>
1775      <p id="rfc.section.B.p.2">A number of other headers, such as Content-Disposition and Title, from SMTP and MIME are also often implemented (see <a href="#RFC2076" id="rfc.xref.RFC2076.1"><cite title="Common Internet Message Headers">[RFC2076]</cite></a>).
1776      </p>
[291]1777      <div id="rfc.iref.h.11"></div>
[673]1778      <div id="rfc.iref.c.12"></div>
[97]1779      <h2 id="rfc.section.B.1"><a href="#rfc.section.B.1">B.1</a>&nbsp;<a id="content-disposition" href="#content-disposition">Content-Disposition</a></h2>
[697]1780      <p id="rfc.section.B.1.p.1">The "Content-Disposition" response-header field has been proposed as a means for the origin server to suggest a default filename
[97]1781         if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition
[269]1782         in <a href="#RFC2183" id="rfc.xref.RFC2183.3"><cite title="Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field">[RFC2183]</cite></a>.
[97]1783      </p>
[875]1784      <div id="rfc.figure.u.35"></div><pre class="inline"><span id="rfc.iref.g.38"></span><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span><span id="rfc.iref.g.41"></span><span id="rfc.iref.g.42"></span><span id="rfc.iref.g.43"></span><span id="rfc.iref.g.44"></span>  <a href="#content-disposition" class="smpl">content-disposition</a> = "Content-Disposition" ":" <a href="#core.rules" class="smpl">OWS</a>
[357]1785                        <a href="#content-disposition" class="smpl">content-disposition-v</a>
[376]1786  <a href="#content-disposition" class="smpl">content-disposition-v</a> = <a href="#content-disposition" class="smpl">disposition-type</a>
[424]1787                          *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#content-disposition" class="smpl">disposition-parm</a> )
[334]1788  <a href="#content-disposition" class="smpl">disposition-type</a> = "attachment" / <a href="#content-disposition" class="smpl">disp-extension-token</a>
1789  <a href="#content-disposition" class="smpl">disposition-parm</a> = <a href="#content-disposition" class="smpl">filename-parm</a> / <a href="#content-disposition" class="smpl">disp-extension-parm</a>
[424]1790  <a href="#content-disposition" class="smpl">filename-parm</a> = "filename" "=" <a href="#core.rules" class="smpl">quoted-string</a>
1791  <a href="#content-disposition" class="smpl">disp-extension-token</a> = <a href="#core.rules" class="smpl">token</a>
[810]1792  <a href="#content-disposition" class="smpl">disp-extension-parm</a> = <a href="#core.rules" class="smpl">token</a> "=" <a href="#core.rules" class="smpl">word</a>
[97]1793</pre><p id="rfc.section.B.1.p.3">An example is</p>
[875]1794      <div id="rfc.figure.u.36"></div><pre class="text">  Content-Disposition: attachment; filename="fname.ext"
[97]1795</pre><p id="rfc.section.B.1.p.5">The receiving user agent <em class="bcp14">SHOULD NOT</em> respect any directory path information present in the filename-parm parameter, which is the only parameter believed to apply
1796         to HTTP implementations at this time. The filename <em class="bcp14">SHOULD</em> be treated as a terminal component only.
1797      </p>
1798      <p id="rfc.section.B.1.p.6">If this header is used in a response with the application/octet-stream content-type, the implied suggestion is that the user
[746]1799         agent should not display the response, but directly enter a "save response as..." dialog.
[97]1800      </p>
[424]1801      <p id="rfc.section.B.1.p.7">See <a href="#content-disposition.issues" title="Content-Disposition Issues">Section&nbsp;7.2</a> for Content-Disposition security issues.
[97]1802      </p>
[912]1803      <h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="changes.from.rfc.2616" href="#changes.from.rfc.2616">Changes from RFC 2616</a></h1>
1804      <p id="rfc.section.C.p.1">Clarify contexts that charset is used in. (<a href="#character.sets" title="Character Sets">Section&nbsp;2.1</a>)
[97]1805      </p>
[912]1806      <p id="rfc.section.C.p.2">Remove base URI setting semantics for Content-Location due to poor implementation support, which was caused by too many broken
[714]1807         servers emitting bogus Content-Location headers, and also the potentially undesirable effect of potentially breaking relative
1808         links in content-negotiated resources. (<a href="#header.content-location" id="rfc.xref.header.content-location.3" title="Content-Location">Section&nbsp;5.7</a>)
[104]1809      </p>
[912]1810      <p id="rfc.section.C.p.3">Remove reference to non-existant identity transfer-coding value tokens. (<a href="#no.content-transfer-encoding" title="No Content-Transfer-Encoding">Appendix&nbsp;A.5</a>)
[712]1811      </p>
[421]1812      <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
[875]1813      <div id="rfc.figure.u.37"></div> <pre class="inline"><a href="#header.accept" class="smpl">Accept</a> = "Accept:" OWS Accept-v
[427]1814<a href="#header.accept-charset" class="smpl">Accept-Charset</a> = "Accept-Charset:" OWS Accept-Charset-v
1815<a href="#header.accept-charset" class="smpl">Accept-Charset-v</a> = *( "," OWS ) ( charset / "*" ) [ OWS ";" OWS "q="
[421]1816 qvalue ] *( OWS "," [ OWS ( charset / "*" ) [ OWS ";" OWS "q="
1817 qvalue ] ] )
[427]1818<a href="#header.accept-encoding" class="smpl">Accept-Encoding</a> = "Accept-Encoding:" OWS Accept-Encoding-v
1819<a href="#header.accept-encoding" class="smpl">Accept-Encoding-v</a> = [ ( "," / ( codings [ OWS ";" OWS "q=" qvalue ] )
[421]1820 ) *( OWS "," [ OWS codings [ OWS ";" OWS "q=" qvalue ] ] ) ]
[427]1821<a href="#header.accept-language" class="smpl">Accept-Language</a> = "Accept-Language:" OWS Accept-Language-v
1822<a href="#header.accept-language" class="smpl">Accept-Language-v</a> = *( "," OWS ) language-range [ OWS ";" OWS "q="
[421]1823 qvalue ] *( OWS "," [ OWS language-range [ OWS ";" OWS "q=" qvalue ]
1824 ] )
[427]1825<a href="#header.accept" class="smpl">Accept-v</a> = [ ( "," / ( media-range [ accept-params ] ) ) *( OWS "," [
[421]1826 OWS media-range [ accept-params ] ] ) ]
[428]1827
[427]1828<a href="#header.content-encoding" class="smpl">Content-Encoding</a> = "Content-Encoding:" OWS Content-Encoding-v
1829<a href="#header.content-encoding" class="smpl">Content-Encoding-v</a> = *( "," OWS ) content-coding *( OWS "," [ OWS
[421]1830 content-coding ] )
[427]1831<a href="#header.content-language" class="smpl">Content-Language</a> = "Content-Language:" OWS Content-Language-v
1832<a href="#header.content-language" class="smpl">Content-Language-v</a> = *( "," OWS ) language-tag *( OWS "," [ OWS
[421]1833 language-tag ] )
[678]1834<a href="#abnf.dependencies" class="smpl">Content-Length</a> = &lt;Content-Length, defined in [Part1], Section 9.2&gt;
[427]1835<a href="#header.content-location" class="smpl">Content-Location</a> = "Content-Location:" OWS Content-Location-v
1836<a href="#header.content-location" class="smpl">Content-Location-v</a> = absolute-URI / partial-URI
1837<a href="#header.content-md5" class="smpl">Content-MD5</a> = "Content-MD5:" OWS Content-MD5-v
1838<a href="#header.content-md5" class="smpl">Content-MD5-v</a> = &lt;base64 of 128 bit MD5 digest as per [RFC1864]&gt;
1839<a href="#abnf.dependencies" class="smpl">Content-Range</a> = &lt;Content-Range, defined in [Part5], Section 5.2&gt;