Changeset 1740 for draft-ietf-httpbis/latest

Timestamp:

Jul 8, 2012, 11:15:03 AM (7 years ago)

Author:

julian.reschke@…

Message:

Work-in-progress: hyperlink header field definitions, plus minor editorial improvements (P2)

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.html (modified) (24 diffs)
• p1-messaging.xml (modified) (18 diffs)
• p2-semantics.html (modified) (46 diffs)
• p2-semantics.xml (modified) (58 diffs)
• p4-conditional.html (modified) (10 diffs)
• p4-conditional.xml (modified) (10 diffs)
• p5-range.html (modified) (3 diffs)
• p5-range.xml (modified) (6 diffs)
• p6-cache.html (modified) (10 diffs)
• p6-cache.xml (modified) (11 diffs)
• p7-auth.html (modified) (9 diffs)
• p7-auth.xml (modified) (3 diffs)

draft-ietf-httpbis/latest/p1-messaging.html

@@ -961 +961 @@
       <p id="rfc.section.2.5.p.4">Unless noted otherwise, recipients <em class="bcp14">MUST</em> be able to parse all protocol elements matching the ABNF rules defined for them and <em class="bcp14">MAY</em> attempt to recover a usable protocol element from an invalid construct. HTTP does not define specific error handling mechanisms
          except when they have a direct impact on security, since different applications of the protocol require different error handling
-         strategies. For example, a Web browser might wish to transparently recover from a response where the Location header field
-         doesn't parse according to the ABNF, whereas a systems control client might consider any form of error recovery to be dangerous.
+         strategies. For example, a Web browser might wish to transparently recover from a response where the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereas a systems control client might consider any form of error recovery
+         to be dangerous.
       </p>
       <h2 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6</a>&nbsp;<a id="http.version" href="#http.version">Protocol Versioning</a></h2>
@@ -1001 +1001 @@
       </p>
       <p id="rfc.section.2.6.p.10">An HTTP client <em class="bcp14">MAY</em> send a lower request version if it is known that the server incorrectly implements the HTTP specification, but only after
-         the client has attempted at least one normal request and determined from the response status or header fields (e.g., Server)
-         that the server improperly handles higher request versions.
+         the client has attempted at least one normal request and determined from the response status or header fields (e.g., <a href="p2-semantics.html#header.server" class="smpl">Server</a>) that the server improperly handles higher request versions.
       </p>
       <p id="rfc.section.2.6.p.11">An HTTP server <em class="bcp14">SHOULD</em> send a response version equal to the highest version to which the server is conformant and whose major version is less than
@@ -1011 +1010 @@
          specification and is incapable of correctly processing later version responses, such as when a client fails to parse the version
          number correctly or when an intermediary is known to blindly forward the HTTP-version even when it doesn't conform to the
-         given minor version of the protocol. Such protocol downgrades <em class="bcp14">SHOULD NOT</em> be performed unless triggered by specific client attributes, such as when one or more of the request header fields (e.g.,
-         User-Agent) uniquely match the values sent by a client known to be in error.
+         given minor version of the protocol. Such protocol downgrades <em class="bcp14">SHOULD NOT</em> be performed unless triggered by specific client attributes, such as when one or more of the request header fields (e.g., <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a>) uniquely match the values sent by a client known to be in error.
       </p>
       <p id="rfc.section.2.6.p.13">The intention of HTTP's versioning design is that the major number will only be incremented if an incompatible message syntax
@@ -1209 +1207 @@
                  ; see <a href="#field.parsing" title="Field Parsing">Section&nbsp;3.2.2</a>
 </pre><p id="rfc.section.3.2.p.3">The field-name token labels the corresponding field-value as having the semantics defined by that header field. For example,
-         the Date header field is defined in <a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.7"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a> as containing the origination timestamp for the message in which it appears.
+         the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field is defined in <a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.7"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a> as containing the origination timestamp for the message in which it appears.
       </p>
       <p id="rfc.section.3.2.p.4">HTTP header fields are fully extensible: there is no limit on the introduction of new field names, each presumably defining
@@ -1220 +1218 @@
       </p>
       <p id="rfc.section.3.2.p.6">The order in which header fields with differing field names are received is not significant. However, it is "good practice"
-         to send header fields that contain control data first, such as Host on requests and Date on responses, so that implementations
-         can decide when not to handle a message as early as possible. A server <em class="bcp14">MUST</em> wait until the entire header section is received before interpreting a request message, since later header fields might include
+         to send header fields that contain control data first, such as <a href="#header.host" class="smpl">Host</a> on requests and <a href="p2-semantics.html#header.date" class="smpl">Date</a> on responses, so that implementations can decide when not to handle a message as early as possible. A server <em class="bcp14">MUST</em> wait until the entire header section is received before interpreting a request message, since later header fields might include
          conditionals, authentication credentials, or deliberately misleading duplicate header fields that would impact request processing.
       </p>
@@ -1402 +1399 @@
       <p id="rfc.section.3.3.1.p.6">If more than one Transfer-Encoding header field is present in a message, the multiple field-values <em class="bcp14">MUST</em> be combined into one field-value, according to the algorithm defined in <a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>, before determining the message body length.
       </p>
-      <p id="rfc.section.3.3.1.p.7">Unlike Content-Encoding (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 5.4</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), Transfer-Encoding is a property of the message, not of the payload, and thus <em class="bcp14">MAY</em> be added or removed by any implementation along the request/response chain. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other header fields not defined by this specification.
+      <p id="rfc.section.3.3.1.p.7">Unlike <a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 5.4</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), Transfer-Encoding is a property of the message, not of the payload, and thus <em class="bcp14">MAY</em> be added or removed by any implementation along the request/response chain. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other header fields not defined by this specification.
       </p>
       <p id="rfc.section.3.3.1.p.8">Transfer-Encoding <em class="bcp14">MAY</em> be sent in a response to a HEAD request or in a <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> response (<a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.2"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>) to a GET request, neither of which includes a message body, to indicate that the origin server would have applied a transfer
@@ -1950 +1947 @@
          </li>
       </ul>
-      <p id="rfc.section.5.6.2.p.4">but it <em class="bcp14">MAY</em> add any of these fields if not already present. If an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field is added, it <em class="bcp14">MUST</em> be given a field-value identical to that of the Date header field in that response.
+      <p id="rfc.section.5.6.2.p.4">but it <em class="bcp14">MAY</em> add any of these fields if not already present. If an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field is added, it <em class="bcp14">MUST</em> be given a field value identical to that of the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field in that response.
       </p>
       <p id="rfc.section.5.6.2.p.5">A proxy <em class="bcp14">MUST NOT</em> modify or add any of the following fields in a message that contains the no-transform cache-control directive, or in any request: 
       </p>
       <ul>
-         <li>Content-Encoding</li>
-         <li>Content-Range</li>
-         <li>Content-Type</li>
+         <li><a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#header.content-encoding" title="Content-Encoding">Section 9.6</a> of <a href="#Part2" id="rfc.xref.Part2.15"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>)
+         </li>
+         <li><a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> (<a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a> of <a href="#Part5" id="rfc.xref.Part5.1"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a>)
+         </li>
+         <li><a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> (<a href="p2-semantics.html#header.content-type" title="Content-Type">Section 9.9</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>)
+         </li>
       </ul>
       <p id="rfc.section.5.6.2.p.6">A transforming proxy <em class="bcp14">MAY</em> modify or add these fields to a message that does not include no-transform, but if it does so, it <em class="bcp14">MUST</em> add a Warning 214 (Transformation applied) if one does not already appear in the message (see <a href="p6-cache.html#header.warning" title="Warning">Section 3.6</a> of <a href="#Part6" id="rfc.xref.Part6.7"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>).
@@ -1966 +1966 @@
          </p> 
       </div>
-      <p id="rfc.section.5.6.2.p.8">A non-transforming proxy <em class="bcp14">MUST</em> preserve the message payload (<a href="#Part2" id="rfc.xref.Part2.15"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), though it <em class="bcp14">MAY</em> change the message body through application or removal of a transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
+      <p id="rfc.section.5.6.2.p.8">A non-transforming proxy <em class="bcp14">MUST</em> preserve the message payload (<a href="#Part2" id="rfc.xref.Part2.17"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), though it <em class="bcp14">MAY</em> change the message body through application or removal of a transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
       </p>
       <h2 id="rfc.section.5.7"><a href="#rfc.section.5.7">5.7</a>&nbsp;<a id="associating.response.to.request" href="#associating.response.to.request">Associating a Response to a Request</a></h2>
       <p id="rfc.section.5.7.p.1">HTTP does not include a request identifier for associating a given request message with its corresponding one or more response
          messages. Hence, it relies on the order of response arrival to correspond exactly to the order in which requests are made
-         on the same connection. More than one response message per request only occurs when one or more informational responses (<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>, see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 4.3</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) precede a final response to the same request.
+         on the same connection. More than one response message per request only occurs when one or more informational responses (<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>, see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 4.3</a> of <a href="#Part2" id="rfc.xref.Part2.18"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) precede a final response to the same request.
       </p>
       <p id="rfc.section.5.7.p.2">A client that uses persistent connections and sends more than one request per connection <em class="bcp14">MUST</em> maintain a list of outstanding requests in the order sent on that connection and <em class="bcp14">MUST</em> associate each received response message to the highest ordered request that has not yet received a final (non-<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>) response.
@@ -2042 +2042 @@
       <p id="rfc.section.6.2.p.5">Multiple Via field values represent each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.
       </p>
-      <p id="rfc.section.6.2.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of each recipient, analogous to the User-Agent and Server header
-         fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.
+      <p id="rfc.section.6.2.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of each recipient, analogous to the <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a> and <a href="p2-semantics.html#header.server" class="smpl">Server</a> header fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.
       </p>
       <p id="rfc.section.6.2.p.7">For example, a request message could be sent from an HTTP/1.0 user agent to an internal proxy code-named "fred", which uses
@@ -2119 +2118 @@
       <p id="rfc.section.6.3.2.2.p.2">Clients which assume persistent connections and pipeline immediately after connection establishment <em class="bcp14">SHOULD</em> be prepared to retry their connection if the first pipelined attempt fails. If a client does such a retry, it <em class="bcp14">MUST NOT</em> pipeline before it knows the connection is persistent. Clients <em class="bcp14">MUST</em> also be prepared to resend their requests if the server closes the connection before sending all of the corresponding responses.
       </p>
-      <p id="rfc.section.6.3.2.2.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent request methods or non-idempotent sequences of request methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 2.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.17"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to
+      <p id="rfc.section.6.3.2.2.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent request methods or non-idempotent sequences of request methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 2.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.19"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to
          send a non-idempotent request <em class="bcp14">SHOULD</em> wait to send that request until it has received the response status line for the previous request.
       </p>
@@ -2149 +2148 @@
       <h3 id="rfc.section.6.3.4"><a href="#rfc.section.6.3.4">6.3.4</a>&nbsp;<a id="persistent.retrying.requests" href="#persistent.retrying.requests">Retrying Requests</a></h3>
       <p id="rfc.section.6.3.4.p.1">Senders can close the transport connection at any time. Therefore, clients, servers, and proxies <em class="bcp14">MUST</em> be able to recover from asynchronous close events. Client software <em class="bcp14">MAY</em> reopen the transport connection and retransmit the aborted sequence of requests without user interaction so long as the request
-         sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 2.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.18"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>). Non-idempotent request methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding
+         sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 2.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.20"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>). Non-idempotent request methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding
          of the application <em class="bcp14">MAY</em> substitute for user confirmation. The automatic retry <em class="bcp14">SHOULD NOT</em> be repeated if the second sequence of requests fails.
       </p>
@@ -2162 +2161 @@
       </p>
       <h3 id="rfc.section.6.4.3"><a href="#rfc.section.6.4.3">6.4.3</a>&nbsp;<a id="use.of.the.100.status" href="#use.of.the.100.status">Use of the 100 (Continue) Status</a></h3>
-      <p id="rfc.section.6.4.3.p.1">The purpose of the <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> status code (see <a href="p2-semantics.html#status.100" title="100 Continue">Section 4.3.1</a> of <a href="#Part2" id="rfc.xref.Part2.19"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) is to allow a client that is sending a request message with a request body to determine if the origin server is willing
+      <p id="rfc.section.6.4.3.p.1">The purpose of the <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> status code (see <a href="p2-semantics.html#status.100" title="100 Continue">Section 4.3.1</a> of <a href="#Part2" id="rfc.xref.Part2.21"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) is to allow a client that is sending a request message with a request body to determine if the origin server is willing
          to accept the request (based on the request header fields) before the client sends the request body. In some cases, it might
          either be inappropriate or highly inefficient for the client to send the body if the server will reject the message without
@@ -2169 +2168 @@
       <p id="rfc.section.6.4.3.p.2">Requirements for HTTP/1.1 clients: </p>
       <ul>
-         <li>If a client will wait for a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response before sending the request body, it <em class="bcp14">MUST</em> send an Expect header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 9.11</a> of <a href="#Part2" id="rfc.xref.Part2.20"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) with the "100-continue" expectation.
-         </li>
-         <li>A client <em class="bcp14">MUST NOT</em> send an Expect header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 9.11</a> of <a href="#Part2" id="rfc.xref.Part2.21"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) with the "100-continue" expectation if it does not intend to send a request body.
+         <li>If a client will wait for a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response before sending the request body, it <em class="bcp14">MUST</em> send an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 9.11</a> of <a href="#Part2" id="rfc.xref.Part2.22"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) with the "100-continue" expectation.
+         </li>
+         <li>A client <em class="bcp14">MUST NOT</em> send an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation if it does not intend to send a request body.
          </li>
       </ul>
@@ -2180 +2179 @@
       <p id="rfc.section.6.4.3.p.4">Requirements for HTTP/1.1 origin servers: </p>
       <ul>
-         <li>Upon receiving a request which includes an Expect header field with the "100-continue" expectation, an origin server <em class="bcp14">MUST</em> either respond with <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> status code and continue to read from the input stream, or respond with a final status code. The origin server <em class="bcp14">MUST NOT</em> wait for the request body before sending the <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response. If it responds with a final status code, it <em class="bcp14">MAY</em> close the transport connection or it <em class="bcp14">MAY</em> continue to read and discard the rest of the request. It <em class="bcp14">MUST NOT</em> perform the request method if it returns a final status code.
-         </li>
-         <li>An origin server <em class="bcp14">SHOULD NOT</em> send a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if the request message does not include an Expect header field with the "100-continue" expectation, and <em class="bcp14">MUST NOT</em> send a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if such a request comes from an HTTP/1.0 (or earlier) client. There is an exception to this rule: for compatibility
+         <li>Upon receiving a request which includes an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation, an origin server <em class="bcp14">MUST</em> either respond with <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> status code and continue to read from the input stream, or respond with a final status code. The origin server <em class="bcp14">MUST NOT</em> wait for the request body before sending the <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response. If it responds with a final status code, it <em class="bcp14">MAY</em> close the transport connection or it <em class="bcp14">MAY</em> continue to read and discard the rest of the request. It <em class="bcp14">MUST NOT</em> perform the request method if it returns a final status code.
+         </li>
+         <li>An origin server <em class="bcp14">SHOULD NOT</em> send a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if the request message does not include an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation, and <em class="bcp14">MUST NOT</em> send a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if such a request comes from an HTTP/1.0 (or earlier) client. There is an exception to this rule: for compatibility
             with <a href="#RFC2068" id="rfc.xref.RFC2068.4"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, a server <em class="bcp14">MAY</em> send a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> status code in response to an HTTP/1.1 PUT or POST request that does not include an Expect header field with the "100-continue"
             expectation. This exception, the purpose of which is to minimize any client processing delays associated with an undeclared
@@ -2192 +2191 @@
             prematurely.
          </li>
-         <li>If an origin server receives a request that does not include an Expect header field with the "100-continue" expectation, the
-            request includes a request body, and the server responds with a final status code before reading the entire request body from
-            the transport connection, then the server <em class="bcp14">SHOULD NOT</em> close the transport connection until it has read the entire request, or until the client closes the connection. Otherwise,
+         <li>If an origin server receives a request that does not include an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation, the request includes a request body, and the server responds with a final
+            status code before reading the entire request body from the transport connection, then the server <em class="bcp14">SHOULD NOT</em> close the transport connection until it has read the entire request, or until the client closes the connection. Otherwise,
             the client might not reliably receive the response message. However, this requirement ought not be construed as preventing
             a server from defending itself against denial-of-service attacks, or from badly broken client implementations.
@@ -2201 +2199 @@
       <p id="rfc.section.6.4.3.p.5">Requirements for HTTP/1.1 proxies: </p>
       <ul>
-         <li>If a proxy receives a request that includes an Expect header field with the "100-continue" expectation, and the proxy either
-            knows that the next-hop server complies with HTTP/1.1 or higher, or does not know the HTTP version of the next-hop server,
-            it <em class="bcp14">MUST</em> forward the request, including the Expect header field.
+         <li>If a proxy receives a request that includes an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation, and the proxy either knows that the next-hop server complies with HTTP/1.1
+            or higher, or does not know the HTTP version of the next-hop server, it <em class="bcp14">MUST</em> forward the request, including the Expect header field.
          </li>
          <li>If the proxy knows that the version of the next-hop server is HTTP/1.0 or lower, it <em class="bcp14">MUST NOT</em> forward the request, and it <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.417" class="smpl">417 (Expectation Failed)</a> status code.
@@ -2209 +2206 @@
          <li>Proxies <em class="bcp14">SHOULD</em> maintain a record of the HTTP version numbers received from recently-referenced next-hop servers.
          </li>
-         <li>A proxy <em class="bcp14">MUST NOT</em> forward a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if the request message was received from an HTTP/1.0 (or earlier) client and did not include an Expect header field
-            with the "100-continue" expectation. This requirement overrides the general rule for forwarding of <a href="p2-semantics.html#status.1xx" class="smpl">1xx</a> responses (see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 4.3</a> of <a href="#Part2" id="rfc.xref.Part2.22"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
+         <li>A proxy <em class="bcp14">MUST NOT</em> forward a <a href="p2-semantics.html#status.100" class="smpl">100 (Continue)</a> response if the request message was received from an HTTP/1.0 (or earlier) client and did not include an <a href="p2-semantics.html#header.expect" class="smpl">Expect</a> header field with the "100-continue" expectation. This requirement overrides the general rule for forwarding of <a href="p2-semantics.html#status.1xx" class="smpl">1xx</a> responses (see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 4.3</a> of <a href="#Part2" id="rfc.xref.Part2.23"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
          </li>
       </ul>
@@ -2247 +2243 @@
       </p>
       <p id="rfc.section.6.5.p.8">The Upgrade header field cannot be used to indicate a switch to a protocol on a different connection. For that purpose, it
-         is more appropriate to use a <a href="p2-semantics.html#status.3xx" class="smpl">3xx (Redirection)</a> response (<a href="p2-semantics.html#status.3xx" title="Redirection 3xx">Section 4.5</a> of <a href="#Part2" id="rfc.xref.Part2.23"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
+         is more appropriate to use a <a href="p2-semantics.html#status.3xx" class="smpl">3xx (Redirection)</a> response (<a href="p2-semantics.html#status.3xx" title="Redirection 3xx">Section 4.5</a> of <a href="#Part2" id="rfc.xref.Part2.24"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
       </p>
       <p id="rfc.section.6.5.p.9">Servers <em class="bcp14">MUST</em> include the "Upgrade" header field in <a href="p2-semantics.html#status.101" class="smpl">101 (Switching
@@ -2511 +2507 @@
          <li>Pointer to specification text</li>
       </ul>
-      <p id="rfc.section.7.4.p.3">Names of transfer codings <em class="bcp14">MUST NOT</em> overlap with names of content codings (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 5.4</a> of <a href="#Part2" id="rfc.xref.Part2.24"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) unless the encoding transformation is identical, as it is the case for the compression codings defined in <a href="#compression.codings" title="Compression Codings">Section&nbsp;4.2</a>.
+      <p id="rfc.section.7.4.p.3">Names of transfer codings <em class="bcp14">MUST NOT</em> overlap with names of content codings (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 5.4</a> of <a href="#Part2" id="rfc.xref.Part2.25"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) unless the encoding transformation is identical, as it is the case for the compression codings defined in <a href="#compression.codings" title="Compression Codings">Section&nbsp;4.2</a>.
       </p>
       <p id="rfc.section.7.4.p.4">Values to be added to this name space require IETF Review (see <a href="http://tools.ietf.org/html/rfc5226#section-4.1">Section 4.1</a> of <a href="#RFC5226" id="rfc.xref.RFC5226.1"><cite title="Guidelines for Writing an IANA Considerations Section in RFCs">[RFC5226]</cite></a>), and <em class="bcp14">MUST</em> conform to the purpose of transfer coding defined in this section.
@@ -2671 +2667 @@
          that most implementations will choose substantially higher limits.
       </p>
-      <p id="rfc.section.8.6.p.3">This specification also provides a way for servers to reject messages that have request-targets that are too long (<a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 4.6.12</a> of <a href="#Part2" id="rfc.xref.Part2.25"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) or request entities that are too large (<a href="p2-semantics.html#status.4xx" title="Client Error 4xx">Section 4.6</a> of <a href="#Part2" id="rfc.xref.Part2.26"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
+      <p id="rfc.section.8.6.p.3">This specification also provides a way for servers to reject messages that have request-targets that are too long (<a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 4.6.12</a> of <a href="#Part2" id="rfc.xref.Part2.26"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) or request entities that are too large (<a href="p2-semantics.html#status.4xx" title="Client Error 4xx">Section 4.6</a> of <a href="#Part2" id="rfc.xref.Part2.27"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
       </p>
       <p id="rfc.section.8.6.p.4">Other fields (including but not limited to request methods, response status phrases, header field-names, and body chunks) <em class="bcp14">SHOULD</em> be limited by implementations carefully, so as to not impede interoperability.
@@ -2716 +2712 @@
       <h2 id="rfc.references.1"><a href="#rfc.section.10.1" id="rfc.section.10.1">10.1</a> Normative References
       </h2>
-      <table>                      
+      <table>                        
          <tr>
             <td class="reference"><b id="ISO-8859-1">[ISO-8859-1]</b></td>
@@ -2729 +2725 @@
             <td class="reference"><b id="Part4">[Part4]</b></td>
             <td class="top"><a href="mailto:fielding@gbiv.com" title="Adobe Systems Incorporated">Fielding, R., Ed.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-latest">HTTP/1.1, part 4: Conditional Requests</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p4-conditional-latest (work in progress), July&nbsp;2012.
+            </td>
+         </tr>
+         <tr>
+            <td class="reference"><b id="Part5">[Part5]</b></td>
+            <td class="top"><a href="mailto:fielding@gbiv.com" title="Adobe Systems Incorporated">Fielding, R., Ed.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-latest">HTTP/1.1, part 5: Range Requests and Partial Responses</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p5-range-latest (work in progress), July&nbsp;2012.
             </td>
          </tr>
@@ -3733 +3734 @@
             <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
                   <li><em>Pad1995</em>&nbsp;&nbsp;<a href="#rfc.xref.Pad1995.1">6.3.1</a>, <a href="#Pad1995"><b>10.2</b></a></li>
-                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3</a>, <a href="#rfc.xref.Part2.3">2.7.1</a>, <a href="#rfc.xref.Part2.4">3.1.1</a>, <a href="#rfc.xref.Part2.5">3.1.1</a>, <a href="#rfc.xref.Part2.6">3.1.2</a>, <a href="#rfc.xref.Part2.7">3.2</a>, <a href="#rfc.xref.Part2.8">3.2</a>, <a href="#rfc.xref.Part2.9">3.3</a>, <a href="#rfc.xref.Part2.10">3.3.1</a>, <a href="#rfc.xref.Part2.11">4.3.1</a>, <a href="#rfc.xref.Part2.12">5.1</a>, <a href="#rfc.xref.Part2.13">5.3</a>, <a href="#rfc.xref.Part2.14">5.3</a>, <a href="#rfc.xref.Part2.15">5.6.2</a>, <a href="#rfc.xref.Part2.16">5.7</a>, <a href="#rfc.xref.Part2.17">6.3.2.2</a>, <a href="#rfc.xref.Part2.18">6.3.4</a>, <a href="#rfc.xref.Part2.19">6.4.3</a>, <a href="#rfc.xref.Part2.20">6.4.3</a>, <a href="#rfc.xref.Part2.21">6.4.3</a>, <a href="#rfc.xref.Part2.22">6.4.3</a>, <a href="#rfc.xref.Part2.23">6.5</a>, <a href="#rfc.xref.Part2.24">7.4</a>, <a href="#rfc.xref.Part2.25">8.6</a>, <a href="#rfc.xref.Part2.26">8.6</a>, <a href="#Part2"><b>10.1</b></a><ul>
+                  <li><em>Part2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">1</a>, <a href="#rfc.xref.Part2.2">2.3</a>, <a href="#rfc.xref.Part2.3">2.7.1</a>, <a href="#rfc.xref.Part2.4">3.1.1</a>, <a href="#rfc.xref.Part2.5">3.1.1</a>, <a href="#rfc.xref.Part2.6">3.1.2</a>, <a href="#rfc.xref.Part2.7">3.2</a>, <a href="#rfc.xref.Part2.8">3.2</a>, <a href="#rfc.xref.Part2.9">3.3</a>, <a href="#rfc.xref.Part2.10">3.3.1</a>, <a href="#rfc.xref.Part2.11">4.3.1</a>, <a href="#rfc.xref.Part2.12">5.1</a>, <a href="#rfc.xref.Part2.13">5.3</a>, <a href="#rfc.xref.Part2.14">5.3</a>, <a href="#rfc.xref.Part2.15">5.6.2</a>, <a href="#rfc.xref.Part2.16">5.6.2</a>, <a href="#rfc.xref.Part2.17">5.6.2</a>, <a href="#rfc.xref.Part2.18">5.7</a>, <a href="#rfc.xref.Part2.19">6.3.2.2</a>, <a href="#rfc.xref.Part2.20">6.3.4</a>, <a href="#rfc.xref.Part2.21">6.4.3</a>, <a href="#rfc.xref.Part2.22">6.4.3</a>, <a href="#rfc.xref.Part2.23">6.4.3</a>, <a href="#rfc.xref.Part2.24">6.5</a>, <a href="#rfc.xref.Part2.25">7.4</a>, <a href="#rfc.xref.Part2.26">8.6</a>, <a href="#rfc.xref.Part2.27">8.6</a>, <a href="#Part2"><b>10.1</b></a><ul>
                         <li><em>Section 2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.4">3.1.1</a></li>
-                        <li><em>Section 2.1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.17">6.3.2.2</a>, <a href="#rfc.xref.Part2.18">6.3.4</a></li>
+                        <li><em>Section 2.1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.19">6.3.2.2</a>, <a href="#rfc.xref.Part2.20">6.3.4</a></li>
                         <li><em>Section 2.3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.14">5.3</a></li>
                         <li><em>Section 2.3.8</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.13">5.3</a></li>
                         <li><em>Section 3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.8">3.2</a></li>
                         <li><em>Section 4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.3">2.7.1</a>, <a href="#rfc.xref.Part2.6">3.1.2</a>, <a href="#rfc.xref.Part2.9">3.3</a></li>
-                        <li><em>Section 4.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.16">5.7</a>, <a href="#rfc.xref.Part2.22">6.4.3</a></li>
-                        <li><em>Section 4.3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.19">6.4.3</a></li>
+                        <li><em>Section 4.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.18">5.7</a>, <a href="#rfc.xref.Part2.23">6.4.3</a></li>
+                        <li><em>Section 4.3.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.21">6.4.3</a></li>
                         <li><em>Section 4.4.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.2">2.3</a></li>
-                        <li><em>Section 4.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.23">6.5</a></li>
-                        <li><em>Section 4.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.26">8.6</a></li>
-                        <li><em>Section 4.6.12</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.5">3.1.1</a>, <a href="#rfc.xref.Part2.25">8.6</a></li>
-                        <li><em>Section 5.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.10">3.3.1</a>, <a href="#rfc.xref.Part2.24">7.4</a></li>
+                        <li><em>Section 4.5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.24">6.5</a></li>
+                        <li><em>Section 4.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.27">8.6</a></li>
+                        <li><em>Section 4.6.12</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.5">3.1.1</a>, <a href="#rfc.xref.Part2.26">8.6</a></li>
+                        <li><em>Section 5.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.10">3.3.1</a>, <a href="#rfc.xref.Part2.25">7.4</a></li>
                         <li><em>Section 8</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.11">4.3.1</a></li>
+                        <li><em>Section 9.6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.15">5.6.2</a></li>
+                        <li><em>Section 9.9</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.16">5.6.2</a></li>
                         <li><em>Section 9.10</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.7">3.2</a></li>
-                        <li><em>Section 9.11</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.20">6.4.3</a>, <a href="#rfc.xref.Part2.21">6.4.3</a></li>
+                        <li><em>Section 9.11</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.22">6.4.3</a></li>
                         <li><em>Appendix A</em>&nbsp;&nbsp;<a href="#rfc.xref.Part2.1">1</a></li>
                      </ul>
@@ -3755 +3758 @@
                   <li><em>Part4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.1">3.3</a>, <a href="#rfc.xref.Part4.2">3.3.1</a>, <a href="#rfc.xref.Part4.3">3.3.2</a>, <a href="#Part4"><b>10.1</b></a><ul>
                         <li><em>Section 4.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part4.1">3.3</a>, <a href="#rfc.xref.Part4.2">3.3.1</a>, <a href="#rfc.xref.Part4.3">3.3.2</a></li>
+                     </ul>
+                  </li>
+                  <li><em>Part5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.1">5.6.2</a>, <a href="#Part5"><b>10.1</b></a><ul>
+                        <li><em>Section 5.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part5.1">5.6.2</a></li>
                      </ul>
                   </li>

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -27 +27 @@
   <!ENTITY representation         "<xref target='Part2' x:rel='#representation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY header-cache-control   "<xref target='Part6' x:rel='#header.cache-control' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY header-content-encoding    "<xref target='Part2' x:rel='#header.content-encoding' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY header-content-range   "<xref target='Part5' x:rel='#header.content-range' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY header-content-type    "<xref target='Part2' x:rel='#header.content-type' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY header-date            "<xref target='Part2' x:rel='#header.date' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY header-expect          "<xref target='Part2' x:rel='#header.expect' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
@@ -609 +612 @@
    on security, since different applications of the protocol require
    different error handling strategies.  For example, a Web browser might
-   wish to transparently recover from a response where the Location header
-   field doesn't parse according to the ABNF, whereas a systems control
+   wish to transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereas a systems control
    client might consider any form of error recovery to be dangerous.
 </t>
@@ -699 +702 @@
    the server incorrectly implements the HTTP specification, but only
    after the client has attempted at least one normal request and determined
-   from the response status or header fields (e.g., Server) that the
-   server improperly handles higher request versions.
+   from the response status or header fields (e.g., <x:ref>Server</x:ref>) that
+   the server improperly handles higher request versions.
 </t>
 <t>
@@ -720 +723 @@
    version of the protocol. Such protocol downgrades &SHOULD-NOT; be
    performed unless triggered by specific client attributes, such as when
-   one or more of the request header fields (e.g., User-Agent) uniquely
-   match the values sent by a client known to be in error.
+   one or more of the request header fields (e.g., <x:ref>User-Agent</x:ref>)
+   uniquely match the values sent by a client known to be in error.
 </t>
 <t>
@@ -1141 +1144 @@
 <t>
    The field-name token labels the corresponding field-value as having the
-   semantics defined by that header field.  For example, the Date header field
-   is defined in &header-date; as containing the origination
+   semantics defined by that header field.  For example, the <x:ref>Date</x:ref>
+   header field is defined in &header-date; as containing the origination
    timestamp for the message in which it appears.
 </t>
@@ -1167 +1170 @@
    The order in which header fields with differing field names are
    received is not significant. However, it is "good practice" to send
-   header fields that contain control data first, such as Host on
-   requests and Date on responses, so that implementations can decide
-   when not to handle a message as early as possible.  A server &MUST;
-   wait until the entire header section is received before interpreting
+   header fields that contain control data first, such as <x:ref>Host</x:ref>
+   on requests and <x:ref>Date</x:ref> on responses, so that implementations
+   can decide when not to handle a message as early as possible.  A server
+   &MUST; wait until the entire header section is received before interpreting
    a request message, since later header fields might include conditionals,
    authentication credentials, or deliberately misleading duplicate
@@ -1545 +1548 @@
 </t>
 <t>
-   Unlike Content-Encoding (&content-codings;), Transfer-Encoding is a
-   property of the message, not of the payload, and thus &MAY; be added or
-   removed by any implementation along the request/response chain.
-   Additional information about the encoding parameters &MAY; be provided
-   by other header fields not defined by this specification.
+   Unlike <x:ref>Content-Encoding</x:ref> (&content-codings;),
+   Transfer-Encoding is a property of the message, not of the payload, and thus
+   &MAY; be added or removed by any implementation along the request/response
+   chain. Additional information about the encoding parameters &MAY; be
+   provided by other header fields not defined by this specification.
 </t>
 <t>
@@ -2621 +2624 @@
    but it &MAY; add any of these fields if not already present. If an
    <x:ref>Expires</x:ref> header field is added, it &MUST; be given a
-   field-value identical to that of the Date header field in that response.
+   field value identical to that of the <x:ref>Date</x:ref> header field in
+   that response.
 </t>
 <t>
@@ -2628 +2632 @@
    any request:
   <list style="symbols">
-    <t>Content-Encoding</t>
-    <t>Content-Range</t>
-    <t>Content-Type</t>
+    <t><x:ref>Content-Encoding</x:ref> (&header-content-encoding;)</t>
+    <t><x:ref>Content-Range</x:ref> (&header-content-range;)</t>
+    <t><x:ref>Content-Type</x:ref> (&header-content-type;)</t>
   </list>
 </t>
@@ -2816 +2820 @@
 <t>
    Comments &MAY; be used in the Via header field to identify the software
-   of each recipient, analogous to the User-Agent and Server header fields.
-   However, all comments in the Via field are optional and &MAY; be removed
-   by any recipient prior to forwarding the message.
+   of each recipient, analogous to the <x:ref>User-Agent</x:ref> and
+   <x:ref>Server</x:ref> header fields. However, all comments in the Via field
+   are optional and &MAY; be removed by any recipient prior to forwarding the
+   message.
 </t>
 <t>
@@ -3107 +3112 @@
     <t>
         If a client will wait for a <x:ref>100 (Continue)</x:ref> response before
-        sending the request body, it &MUST; send an Expect header
+        sending the request body, it &MUST; send an <x:ref>Expect</x:ref> header
         field (&header-expect;) with the "100-continue" expectation.
     </t>
     <t>
-        A client &MUST-NOT; send an Expect header field (&header-expect;)
-        with the "100-continue" expectation if it does not intend
-        to send a request body.
+        A client &MUST-NOT; send an <x:ref>Expect</x:ref> header field with
+        the "100-continue" expectation if it does not intend to send a request
+        body.
     </t>
   </list>
@@ -3129 +3134 @@
    Requirements for HTTP/1.1 origin servers:
   <list style="symbols">
-    <t> Upon receiving a request which includes an Expect header
+    <t> Upon receiving a request which includes an <x:ref>Expect</x:ref> header
         field with the "100-continue" expectation, an origin server &MUST;
         either respond with <x:ref>100 (Continue)</x:ref> status code and continue to read
@@ -3140 +3145 @@
     </t>
     <t> An origin server &SHOULD-NOT;  send a <x:ref>100 (Continue)</x:ref> response if
-        the request message does not include an Expect header
+        the request message does not include an <x:ref>Expect</x:ref> header
         field with the "100-continue" expectation, and &MUST-NOT; send a
         <x:ref>100 (Continue)</x:ref> response if such a request comes from an HTTP/1.0
@@ -3163 +3168 @@
     </t>
     <t> If an origin server receives a request that does not include an
-        Expect header field with the "100-continue" expectation,
+        <x:ref>Expect</x:ref> header field with the "100-continue" expectation,
         the request includes a request body, and the server responds
         with a final status code before reading the entire request body
@@ -3179 +3184 @@
    Requirements for HTTP/1.1 proxies:
   <list style="symbols">
-    <t> If a proxy receives a request that includes an Expect header
-        field with the "100-continue" expectation, and the proxy
+    <t> If a proxy receives a request that includes an <x:ref>Expect</x:ref>
+        header field with the "100-continue" expectation, and the proxy
         either knows that the next-hop server complies with HTTP/1.1 or
         higher, or does not know the HTTP version of the next-hop
@@ -3195 +3200 @@
     <t> A proxy &MUST-NOT; forward a <x:ref>100 (Continue)</x:ref> response if the
         request message was received from an HTTP/1.0 (or earlier)
-        client and did not include an Expect header field with
+        client and did not include an <x:ref>Expect</x:ref> header field with
         the "100-continue" expectation. This requirement overrides the
         general rule for forwarding of <x:ref>1xx</x:ref> responses (see &status-1xx;).
@@ -4134 +4139 @@
     <x:defines>502 (Bad Gateway)</x:defines>
     <x:defines>505 (HTTP Version Not Supported)</x:defines>
+    <x:defines>Content-Encoding</x:defines>
+    <x:defines>Content-Type</x:defines>
+    <x:defines>Date</x:defines>
+    <x:defines>Expect</x:defines>
+    <x:defines>Location</x:defines>
+    <x:defines>Server</x:defines>
+    <x:defines>User-Agent</x:defines>
   </x:source>
 </reference>
@@ -4157 +4169 @@
   <x:source basename="p4-conditional" href="p4-conditional.xml">
     <x:defines>304 (Not Modified)</x:defines>
+  </x:source>
+</reference>
+
+<reference anchor="Part5">
+  <front>
+    <title>HTTP/1.1, part 5: Range Requests and Partial Responses</title>
+    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
+      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
+      <address><email>fielding@gbiv.com</email></address>
+    </author>
+    <author initials="Y." surname="Lafon" fullname="Yves Lafon" role="editor">
+      <organization abbrev="W3C">World Wide Web Consortium</organization>
+      <address><email>ylafon@w3.org</email></address>
+    </author>
+    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
+      <organization abbrev="greenbytes">greenbytes GmbH</organization>
+      <address><email>julian.reschke@greenbytes.de</email></address>
+    </author>
+    <date month="&ID-MONTH;" year="&ID-YEAR;"/>
+  </front>
+  <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p5-range-&ID-VERSION;"/>
+  <x:source href="p5-range.xml" basename="p5-range">
+    <x:defines>Content-Range</x:defines>
   </x:source>
 </reference>

draft-ietf-httpbis/latest/p2-semantics.html

@@ -859 +859 @@
          mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require
          different error handling strategies; for example, a Web browser might wish to transparently recover from a response where
-         the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type
-         of error recovery could lead to dangerous consequences.
+         the <a href="#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery
+         could lead to dangerous consequences.
       </p>
       <h2 id="rfc.section.1.3"><a href="#rfc.section.1.3">1.3</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
@@ -890 +890 @@
       </p>
       <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.1"></span>  <a href="#methods" class="smpl">method</a>         = <a href="#core.rules" class="smpl">token</a>
-</pre><p id="rfc.section.2.p.3">The list of methods allowed by a resource can be specified in an Allow header field (<a href="#header.allow" id="rfc.xref.header.allow.1" title="Allow">Section&nbsp;9.5</a>). The status code of the response always notifies the client whether a method is currently allowed on a resource, since the
-         set of allowed methods can change dynamically. An origin server <em class="bcp14">SHOULD</em> respond with the status code <a href="#status.405" class="smpl">405 (Method Not Allowed)</a> if the method is known by the origin server but not allowed for the resource, and <a href="#status.501" class="smpl">501 (Not Implemented)</a> if the method is unrecognized or not implemented by the origin server. The methods GET and HEAD <em class="bcp14">MUST</em> be supported by all general-purpose servers. All other methods are <em class="bcp14">OPTIONAL</em>; however, if the above methods are implemented, they <em class="bcp14">MUST</em> be implemented with the same semantics as those specified in <a href="#method.definitions" title="Method Definitions">Section&nbsp;2.3</a>.
+</pre><p id="rfc.section.2.p.3">The list of methods allowed by a resource can be specified in an <a href="#header.allow" class="smpl">Allow</a> header field (<a href="#header.allow" id="rfc.xref.header.allow.1" title="Allow">Section&nbsp;9.5</a>). The status code of the response always notifies the client whether a method is currently allowed on a resource, since the
+         set of allowed methods can change dynamically. An origin server <em class="bcp14">SHOULD</em> respond with the status code <a href="#status.405" class="smpl">405 (Method Not Allowed)</a> if the method is known by the origin server but not allowed for the resource, and <a href="#status.501" class="smpl">501 (Not
+            Implemented)</a> if the method is unrecognized or not implemented by the origin server. The methods GET and HEAD <em class="bcp14">MUST</em> be supported by all general-purpose servers. All other methods are <em class="bcp14">OPTIONAL</em>; however, if the above methods are implemented, they <em class="bcp14">MUST</em> be implemented with the same semantics as those specified in <a href="#method.definitions" title="Method Definitions">Section&nbsp;2.3</a>.
       </p>
       <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="safe.and.idempotent" href="#safe.and.idempotent">Safe and Idempotent Methods</a></h2>
@@ -954 +955 @@
       </p>
       <p id="rfc.section.2.3.1.p.2">Responses to the OPTIONS method are not cacheable.</p>
-      <p id="rfc.section.2.3.1.p.3">If the OPTIONS request includes a message body (as indicated by the presence of Content-Length or Transfer-Encoding), then
-         the media type <em class="bcp14">MUST</em> be indicated by a Content-Type field. Although this specification does not define any use for such a body, future extensions
-         to HTTP might use the OPTIONS body to make more detailed queries on the server.
+      <p id="rfc.section.2.3.1.p.3">If the OPTIONS request includes a message body (as indicated by the presence of <a href="p1-messaging.html#header.content-length" class="smpl">Content-Length</a> or <a href="p1-messaging.html#header.transfer-encoding" class="smpl">Transfer-Encoding</a>), then the media type <em class="bcp14">MUST</em> be indicated by a <a href="#header.content-type" class="smpl">Content-Type</a> field. Although this specification does not define any use for such a body, future extensions to HTTP might use the OPTIONS
+         body to make more detailed queries on the server.
       </p>
       <p id="rfc.section.2.3.1.p.4">If the request-target (<a href="p1-messaging.html#request-target" title="Request Target">Section 5.3</a> of <a href="#Part1" id="rfc.xref.Part1.19"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) is an asterisk ("*"), the OPTIONS request is intended to apply to the server in general rather than to a specific resource.
@@ -966 +966 @@
          with that resource.
       </p>
-      <p id="rfc.section.2.3.1.p.6">A <a href="#status.200" class="smpl">200 (OK)</a> response <em class="bcp14">SHOULD</em> include any header fields that indicate optional features implemented by the server and applicable to that resource (e.g.,
-         Allow), possibly including extensions not defined by this specification. The response body, if any, <em class="bcp14">SHOULD</em> also include information about the communication options. The format for such a body is not defined by this specification,
+      <p id="rfc.section.2.3.1.p.6">A <a href="#status.200" class="smpl">200 (OK)</a> response <em class="bcp14">SHOULD</em> include any header fields that indicate optional features implemented by the server and applicable to that resource (e.g., <a href="#header.allow" class="smpl">Allow</a>), possibly including extensions not defined by this specification. The response body, if any, <em class="bcp14">SHOULD</em> also include information about the communication options. The format for such a body is not defined by this specification,
          but might be defined by future extensions to HTTP. Content negotiation <em class="bcp14">MAY</em> be used to select the appropriate response format. If no response body is included, the response <em class="bcp14">MUST</em> include a Content-Length field with a field-value of "0".
       </p>
-      <p id="rfc.section.2.3.1.p.7">The Max-Forwards header field <em class="bcp14">MAY</em> be used to target a specific proxy in the request chain (see <a href="#header.max-forwards" id="rfc.xref.header.max-forwards.1" title="Max-Forwards">Section&nbsp;9.14</a>). If no Max-Forwards field is present in the request, then the forwarded request <em class="bcp14">MUST NOT</em> include a Max-Forwards field.
+      <p id="rfc.section.2.3.1.p.7">The <a href="#header.max-forwards" class="smpl">Max-Forwards</a> header field <em class="bcp14">MAY</em> be used to target a specific proxy in the request chain (see <a href="#header.max-forwards" id="rfc.xref.header.max-forwards.1" title="Max-Forwards">Section&nbsp;9.14</a>). If no Max-Forwards field is present in the request, then the forwarded request <em class="bcp14">MUST NOT</em> include a Max-Forwards field.
       </p>
       <h3 id="rfc.section.2.3.2"><a href="#rfc.section.2.3.2">2.3.2</a>&nbsp;<a id="GET" href="#GET">GET</a></h3>
@@ -1023 +1022 @@
          the result.
       </p>
-      <p id="rfc.section.2.3.4.p.4">If a resource has been created on the origin server, the response <em class="bcp14">SHOULD</em> be <a href="#status.201" class="smpl">201 (Created)</a> and contain a representation which describes the status of the request and refers to the new resource, and a Location header
-         field (see <a href="#header.location" id="rfc.xref.header.location.1" title="Location">Section&nbsp;9.13</a>).
-      </p>
-      <p id="rfc.section.2.3.4.p.5">Responses to POST requests are only cacheable when they include explicit freshness information (see <a href="p6-cache.html#calculating.freshness.lifetime" title="Calculating Freshness Lifetime">Section 2.3.1</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>). A cached POST response with a Content-Location header field (see <a href="#header.content-location" id="rfc.xref.header.content-location.1" title="Content-Location">Section&nbsp;9.8</a>) whose value is the effective Request URI <em class="bcp14">MAY</em> be used to satisfy subsequent GET and HEAD requests.
+      <p id="rfc.section.2.3.4.p.4">If a resource has been created on the origin server, the response <em class="bcp14">SHOULD</em> be <a href="#status.201" class="smpl">201 (Created)</a> and contain a representation which describes the status of the request and refers to the new resource, and a <a href="#header.location" class="smpl">Location</a> header field (see <a href="#header.location" id="rfc.xref.header.location.1" title="Location">Section&nbsp;9.13</a>).
+      </p>
+      <p id="rfc.section.2.3.4.p.5">Responses to POST requests are only cacheable when they include explicit freshness information (see <a href="p6-cache.html#calculating.freshness.lifetime" title="Calculating Freshness Lifetime">Section 2.3.1</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>). A cached POST response with a <a href="#header.content-location" class="smpl">Content-Location</a> header field (see <a href="#header.content-location" id="rfc.xref.header.content-location.1" title="Content-Location">Section&nbsp;9.8</a>) whose value is the effective Request URI <em class="bcp14">MAY</em> be used to satisfy subsequent GET and HEAD requests.
       </p>
       <p id="rfc.section.2.3.4.p.6">Note that POST caching is not widely implemented. However, the <a href="#status.303" class="smpl">303 (See Other)</a> response can be used to direct the user agent to retrieve a cacheable representation of the resource.
@@ -1049 +1047 @@
          related to the URI in order to set the values for representation metadata on GET responses. When a PUT representation is inconsistent
          with the target resource, the origin server <em class="bcp14">SHOULD</em> either make them consistent, by transforming the representation or changing the resource configuration, or respond with an
-         appropriate error message containing sufficient information to explain why the representation is unsuitable. The <a href="#status.409" class="smpl">409 (Conflict)</a> or <a href="#status.415" class="smpl">415 (Unsupported Media Type)</a> status codes are suggested, with the latter being specific to constraints on Content-Type values.
-      </p>
-      <p id="rfc.section.2.3.5.p.5">For example, if the target resource is configured to always have a Content-Type of "text/html" and the representation being
-         PUT has a Content-Type of "image/jpeg", then the origin server <em class="bcp14">SHOULD</em> do one of: (a) reconfigure the target resource to reflect the new media type; (b) transform the PUT representation to a format
-         consistent with that of the resource before saving it as the new resource state; or, (c) reject the request with a 415 response
-         indicating that the target resource is limited to "text/html", perhaps including a link to a different resource that would
-         be a suitable target for the new representation.
-      </p>
+         appropriate error message containing sufficient information to explain why the representation is unsuitable. The <a href="#status.409" class="smpl">409 (Conflict)</a> or <a href="#status.415" class="smpl">415 (Unsupported Media Type)</a> status codes are suggested, with the latter being specific to constraints on <a href="#header.content-type" class="smpl">Content-Type</a> values.
+      </p>
+      <p id="rfc.section.2.3.5.p.5">For example, if the target resource is configured to always have a <a href="#header.content-type" class="smpl">Content-Type</a> of "text/html" and the representation being PUT has a Content-Type of "image/jpeg", then the origin server <em class="bcp14">SHOULD</em> do one of: 
+      </p>
+      <ol class="la">
+         <li>reconfigure the target resource to reflect the new media type;</li>
+         <li>transform the PUT representation to a format consistent with that of the resource before saving it as the new resource state;
+            or,
+         </li>
+         <li>reject the request with a <a href="#status.415" class="smpl">415 (Unsupported Media Type)</a> response indicating that the target resource is limited to "text/html", perhaps including a link to a different resource that
+            would be a suitable target for the new representation.
+         </li>
+      </ol>
       <p id="rfc.section.2.3.5.p.6">HTTP does not define exactly how a PUT method affects the state of an origin server beyond what can be expressed by the intent
          of the user agent request and the semantics of the origin server response. It does not define what a resource might be, in
@@ -1108 +1111 @@
       <div id="rfc.iref.t.1"></div>
       <div id="rfc.iref.m.7"></div>
-      <p id="rfc.section.2.3.7.p.1">The TRACE method requests a remote, application-layer loop-back of the request message. The final recipient of the request <em class="bcp14">SHOULD</em> reflect the message received back to the client as the message body of a <a href="#status.200" class="smpl">200 (OK)</a> response. The final recipient is either the origin server or the first proxy to receive a Max-Forwards value of zero (0) in
-         the request (see <a href="#header.max-forwards" id="rfc.xref.header.max-forwards.2" title="Max-Forwards">Section&nbsp;9.14</a>). A TRACE request <em class="bcp14">MUST NOT</em> include a message body.
+      <p id="rfc.section.2.3.7.p.1">The TRACE method requests a remote, application-layer loop-back of the request message. The final recipient of the request <em class="bcp14">SHOULD</em> reflect the message received back to the client as the message body of a <a href="#status.200" class="smpl">200 (OK)</a> response. The final recipient is either the origin server or the first proxy to receive a <a href="#header.max-forwards" class="smpl">Max-Forwards</a> value of zero (0) in the request (see <a href="#header.max-forwards" id="rfc.xref.header.max-forwards.2" title="Max-Forwards">Section&nbsp;9.14</a>). A TRACE request <em class="bcp14">MUST NOT</em> include a message body.
       </p>
       <p id="rfc.section.2.3.7.p.2">TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing
-         or diagnostic information. The value of the Via header field (<a href="p1-messaging.html#header.via" title="Via">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.20"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) is of particular interest, since it acts as a trace of the request chain. Use of the Max-Forwards header field allows the
-         client to limit the length of the request chain, which is useful for testing a chain of proxies forwarding messages in an
-         infinite loop.
-      </p>
-      <p id="rfc.section.2.3.7.p.3">If the request is valid, the response <em class="bcp14">SHOULD</em> have a Content-Type of "message/http" (see <a href="p1-messaging.html#internet.media.type.message.http" title="Internet Media Type message/http">Section 7.3.1</a> of <a href="#Part1" id="rfc.xref.Part1.21"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) and contain a message body that encloses a copy of the entire request message. Responses to the TRACE method are not cacheable.
+         or diagnostic information. The value of the Via header field (<a href="p1-messaging.html#header.via" title="Via">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.20"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) is of particular interest, since it acts as a trace of the request chain. Use of the <a href="#header.max-forwards" class="smpl">Max-Forwards</a> header field allows the client to limit the length of the request chain, which is useful for testing a chain of proxies forwarding
+         messages in an infinite loop.
+      </p>
+      <p id="rfc.section.2.3.7.p.3">If the request is valid, the response <em class="bcp14">SHOULD</em> have a <a href="#header.content-type" class="smpl">Content-Type</a> of "message/http" (see <a href="p1-messaging.html#internet.media.type.message.http" title="Internet Media Type message/http">Section 7.3.1</a> of <a href="#Part1" id="rfc.xref.Part1.21"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) and contain a message body that encloses a copy of the entire request message. Responses to the TRACE method are not cacheable.
       </p>
       <div id="rfc.iref.c.2"></div>
@@ -1183 +1184 @@
          double quotes will likely cause unnecessary confusion.
       </p>
-      <p id="rfc.section.3.1.p.8">Many header fields use a format including (case-insensitively) named parameters (for instance, Content-Type, defined in <a href="#header.content-type" id="rfc.xref.header.content-type.1" title="Content-Type">Section&nbsp;9.9</a>). Allowing both unquoted (token) and quoted (quoted-string) syntax for the parameter value enables recipients to use existing
+      <p id="rfc.section.3.1.p.8">Many header fields use a format including (case-insensitively) named parameters (for instance, <a href="#header.content-type" class="smpl">Content-Type</a>, defined in <a href="#header.content-type" id="rfc.xref.header.content-type.1" title="Content-Type">Section&nbsp;9.9</a>). Allowing both unquoted (token) and quoted (quoted-string) syntax for the parameter value enables recipients to use existing
          parser components. When allowing both forms, the meaning of a parameter value ought to be independent of the syntax used for
          it (for an example, see the notes on parameter handling for media types in <a href="#media.types" title="Media Types">Section&nbsp;5.5</a>).
@@ -1400 +1401 @@
          </li>
       </ul>
-      <p id="rfc.section.4.p.4">For most status codes the response can carry a payload, in which case a Content-Type header field indicates the payload's
-         media type (<a href="#header.content-type" id="rfc.xref.header.content-type.2" title="Content-Type">Section&nbsp;9.9</a>).
+      <p id="rfc.section.4.p.4">For most status codes the response can carry a payload, in which case a <a href="#header.content-type" class="smpl">Content-Type</a> header field indicates the payload's media type (<a href="#header.content-type" id="rfc.xref.header.content-type.2" title="Content-Type">Section&nbsp;9.9</a>).
       </p>
       <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a id="overview.of.status.codes" href="#overview.of.status.codes">Overview of Status Codes</a></h2>
@@ -1705 +1705 @@
       <p id="rfc.section.4.4.2.p.1">The request has been fulfilled and has resulted in one or more new resources being created.</p>
       <p id="rfc.section.4.4.2.p.2">Newly created resources are typically linked to from the response payload, with the most relevant URI also being carried in
-         the Location header field. If the newly created resource's URI is the same as the Effective Request URI, this information
-         can be omitted (e.g., in the case of a response to a PUT request).
+         the <a href="#header.location" class="smpl">Location</a> header field. If the newly created resource's URI is the same as the Effective Request URI, this information can be omitted
+         (e.g., in the case of a response to a PUT request).
       </p>
       <p id="rfc.section.4.4.2.p.3">The origin server <em class="bcp14">MUST</em> create the resource(s) before returning the 201 status code. If the action cannot be carried out immediately, the server <em class="bcp14">SHOULD</em> respond with <a href="#status.202" class="smpl">202 (Accepted)</a> response instead.
       </p>
       <p id="rfc.section.4.4.2.p.4">A 201 response <em class="bcp14">MAY</em> contain an <a href="p4-conditional.html#header.etag" class="smpl">ETag</a> response header field indicating the current value of the entity-tag for the representation of the resource identified by
-         the Location header field or, in case the Location header field was omitted, by the Effective Request URI (see <a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a> of <a href="#Part4" id="rfc.xref.Part4.10"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>).
+         the <a href="#header.location" class="smpl">Location</a> header field or, in case the Location header field was omitted, by the Effective Request URI (see <a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a> of <a href="#Part4" id="rfc.xref.Part4.10"><cite title="HTTP/1.1, part 4: Conditional Requests">[Part4]</cite></a>).
       </p>
       <div id="rfc.iref.27"></div>
@@ -1775 +1775 @@
       <ol>
          <li>
-            <p>Redirects of the request to another URI, either temporarily or permanently. The new URI is specified in the Location header
-               field. In this specification, the status codes <a href="#status.301" class="smpl">301 (Moved Permanently)</a>, <a href="#status.302" class="smpl">302 (Found)</a>, and <a href="#status.307" class="smpl">307 (Temporary Redirect)</a> fall under this category.
+            <p>Redirects of the request to another URI, either temporarily or permanently. The new URI is specified in the <a href="#header.location" class="smpl">Location</a> header field. In this specification, the status codes <a href="#status.301" class="smpl">301
+                  (Moved Permanently)</a>, <a href="#status.302" class="smpl">302 (Found)</a>, and <a href="#status.307" class="smpl">307 (Temporary Redirect)</a> fall under this category.
             </p>
          </li>
@@ -1801 +1801 @@
          </p> 
       </div>
-      <p id="rfc.section.4.5.p.4">A Location header field on a 3xx response indicates that a client <em class="bcp14">MAY</em> automatically redirect to the URI provided; see <a href="#header.location" id="rfc.xref.header.location.3" title="Location">Section&nbsp;9.13</a>.
+      <p id="rfc.section.4.5.p.4">A <a href="#header.location" class="smpl">Location</a> header field on a 3xx response indicates that a client <em class="bcp14">MAY</em> automatically redirect to the URI provided; see <a href="#header.location" id="rfc.xref.header.location.3" title="Location">Section&nbsp;9.13</a>.
       </p>
       <p id="rfc.section.4.5.p.5">Note that for methods not known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;2.1.1</a>, automatic redirection needs to done with care, since the redirect might change the conditions under which the request was
@@ -1823 +1823 @@
          choice <em class="bcp14">MAY</em> be performed automatically. However, this specification does not define any standard for such automatic selection.
       </p>
-      <p id="rfc.section.4.5.1.p.3">If the server has a preferred choice of representation, it <em class="bcp14">SHOULD</em> include the specific URI for that representation in the Location field; user agents <em class="bcp14">MAY</em> use the Location field value for automatic redirection.
+      <p id="rfc.section.4.5.1.p.3">If the server has a preferred choice of representation, it <em class="bcp14">SHOULD</em> include the specific URI for that representation in the <a href="#header.location" class="smpl">Location</a> field; user agents <em class="bcp14">MAY</em> use the Location field value for automatic redirection.
       </p>
       <p id="rfc.section.4.5.1.p.4">Caches <em class="bcp14">MAY</em> use a heuristic (see <a href="p6-cache.html#heuristic.freshness" title="Calculating Heuristic Freshness">Section 2.3.1.1</a> of <a href="#Part6" id="rfc.xref.Part6.15"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>) to determine freshness for 300 responses.
@@ -1835 +1835 @@
       <p id="rfc.section.4.5.2.p.2">Caches <em class="bcp14">MAY</em> use a heuristic (see <a href="p6-cache.html#heuristic.freshness" title="Calculating Heuristic Freshness">Section 2.3.1.1</a> of <a href="#Part6" id="rfc.xref.Part6.16"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>) to determine freshness for 301 responses.
       </p>
-      <p id="rfc.section.4.5.2.p.3">The new permanent URI <em class="bcp14">SHOULD</em> be given by the Location field in the response. A response payload can contain a short hypertext note with a hyperlink to
-         the new URI(s).
+      <p id="rfc.section.4.5.2.p.3">The new permanent URI <em class="bcp14">SHOULD</em> be given by the <a href="#header.location" class="smpl">Location</a> field in the response. A response payload can contain a short hypertext note with a hyperlink to the new URI(s).
       </p>
       <div class="note" id="rfc.section.4.5.2.p.4"> 
@@ -1847 +1846 @@
       <p id="rfc.section.4.5.3.p.1">The target resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client <em class="bcp14">SHOULD</em> continue to use the effective request URI for future requests.
       </p>
-      <p id="rfc.section.4.5.3.p.2">The temporary URI <em class="bcp14">SHOULD</em> be given by the Location field in the response. A response payload can contain a short hypertext note with a hyperlink to
-         the new URI(s).
+      <p id="rfc.section.4.5.3.p.2">The temporary URI <em class="bcp14">SHOULD</em> be given by the <a href="#header.location" class="smpl">Location</a> field in the response. A response payload can contain a short hypertext note with a hyperlink to the new URI(s).
       </p>
       <div class="note" id="rfc.section.4.5.3.p.3"> 
@@ -1858 +1856 @@
       <h3 id="rfc.section.4.5.4"><a href="#rfc.section.4.5.4">4.5.4</a>&nbsp;<a id="status.303" href="#status.303">303 See Other</a></h3>
       <p id="rfc.section.4.5.4.p.1">The 303 status code indicates that the server is redirecting the user agent to a different resource, as indicated by a URI
-         in the Location header field, that is intended to provide an indirect response to the original request. In order to satisfy
-         the original request, a user agent <em class="bcp14">SHOULD</em> perform a retrieval request using the Location URI (a GET or HEAD request if using HTTP), which can itself be redirected further,
+         in the <a href="#header.location" class="smpl">Location</a> header field, that is intended to provide an indirect response to the original request. In order to satisfy the original request,
+         a user agent <em class="bcp14">SHOULD</em> perform a retrieval request using the Location URI (a GET or HEAD request if using HTTP), which can itself be redirected further,
          and present the eventual result as an answer to the original request. Note that the new URI in the Location header field is
          not considered equivalent to the effective request URI.
@@ -1868 +1866 @@
       </p>
       <p id="rfc.section.4.5.4.p.3">A 303 response to a GET request indicates that the requested resource does not have a representation of its own that can be
-         transferred by the server over HTTP. The Location URI indicates a resource that is descriptive of the target resource, such
-         that the follow-on representation might be useful to recipients without implying that it adequately represents the target
-         resource. Note that answers to the questions of what can be represented, what representations are adequate, and what might
-         be a useful description are outside the scope of HTTP and thus entirely determined by the URI owner(s).
-      </p>
-      <p id="rfc.section.4.5.4.p.4">Except for responses to a HEAD request, the representation of a 303 response <em class="bcp14">SHOULD</em> contain a short hypertext note with a hyperlink to the Location URI.
+         transferred by the server over HTTP. The <a href="#header.location" class="smpl">Location</a> URI indicates a resource that is descriptive of the target resource, such that the follow-on representation might be useful
+         to recipients without implying that it adequately represents the target resource. Note that answers to the questions of what
+         can be represented, what representations are adequate, and what might be a useful description are outside the scope of HTTP
+         and thus entirely determined by the URI owner(s).
+      </p>
+      <p id="rfc.section.4.5.4.p.4">Except for responses to a HEAD request, the representation of a 303 response <em class="bcp14">SHOULD</em> contain a short hypertext note with a hyperlink to the <a href="#header.location" class="smpl">Location</a> URI.
       </p>
       <div id="rfc.iref.36"></div>
@@ -1889 +1887 @@
       <p id="rfc.section.4.5.7.p.1">The target resource resides temporarily under a different URI. Since the redirection can change over time, the client <em class="bcp14">SHOULD</em> continue to use the effective request URI for future requests.
       </p>
-      <p id="rfc.section.4.5.7.p.2">The temporary URI <em class="bcp14">SHOULD</em> be given by the Location field in the response. A response payload can contain a short hypertext note with a hyperlink to
-         the new URI(s).
+      <p id="rfc.section.4.5.7.p.2">The temporary URI <em class="bcp14">SHOULD</em> be given by the <a href="#header.location" class="smpl">Location</a> field in the response. A response payload can contain a short hypertext note with a hyperlink to the new URI(s).
       </p>
       <div class="note" id="rfc.section.4.5.7.p.3"> 
@@ -1934 +1931 @@
       <div id="rfc.iref.s.26"></div>
       <h3 id="rfc.section.4.6.5"><a href="#rfc.section.4.6.5">4.6.5</a>&nbsp;<a id="status.405" href="#status.405">405 Method Not Allowed</a></h3>
-      <p id="rfc.section.4.6.5.p.1">The method specified in the request-line is not allowed for the target resource. The response <em class="bcp14">MUST</em> include an Allow header field containing a list of valid methods for the requested resource.
+      <p id="rfc.section.4.6.5.p.1">The method specified in the request-line is not allowed for the target resource. The response <em class="bcp14">MUST</em> include an <a href="#header.allow" class="smpl">Allow</a> header field containing a list of valid methods for the requested resource.
       </p>
       <div id="rfc.iref.45"></div>
@@ -1940 +1937 @@
       <h3 id="rfc.section.4.6.6"><a href="#rfc.section.4.6.6">4.6.6</a>&nbsp;<a id="status.406" href="#status.406">406 Not Acceptable</a></h3>
       <p id="rfc.section.4.6.6.p.1">The resource identified by the request is only capable of generating response representations which have content characteristics
-         not acceptable according to the Accept and Accept-* header fields sent in the request.
+         not acceptable according to the <a href="#header.accept" class="smpl">Accept</a> and Accept-* header fields sent in the request.
       </p>
       <p id="rfc.section.4.6.6.p.2">Unless it was a HEAD request, the response <em class="bcp14">SHOULD</em> include a representation containing a list of available representation characteristics and location(s) from which the user
@@ -1999 +1996 @@
          to process. The server <em class="bcp14">MAY</em> close the connection to prevent the client from continuing the request.
       </p>
-      <p id="rfc.section.4.6.11.p.2">If the condition is temporary, the server <em class="bcp14">SHOULD</em> include a Retry-After header field to indicate that it is temporary and after what time the client <em class="bcp14">MAY</em> try again.
+      <p id="rfc.section.4.6.11.p.2">If the condition is temporary, the server <em class="bcp14">SHOULD</em> include a <a href="#header.retry-after" class="smpl">Retry-After</a> header field to indicate that it is temporary and after what time the client <em class="bcp14">MAY</em> try again.
       </p>
       <div id="rfc.iref.51"></div>
@@ -2019 +2016 @@
       <div id="rfc.iref.s.35"></div>
       <h3 id="rfc.section.4.6.14"><a href="#rfc.section.4.6.14">4.6.14</a>&nbsp;<a id="status.417" href="#status.417">417 Expectation Failed</a></h3>
-      <p id="rfc.section.4.6.14.p.1">The expectation given in an Expect header field (see <a href="#header.expect" id="rfc.xref.header.expect.2" title="Expect">Section&nbsp;9.11</a>) could not be met by this server, or, if the server is a proxy, the server has unambiguous evidence that the request could
+      <p id="rfc.section.4.6.14.p.1">The expectation given in an <a href="#header.expect" class="smpl">Expect</a> header field (see <a href="#header.expect" id="rfc.xref.header.expect.2" title="Expect">Section&nbsp;9.11</a>) could not be met by this server, or, if the server is a proxy, the server has unambiguous evidence that the request could
          not be met by the next-hop server.
       </p>
@@ -2066 +2063 @@
       <p id="rfc.section.4.7.4.p.1">The server is currently unable to handle the request due to a temporary overloading or maintenance of the server.</p>
       <p id="rfc.section.4.7.4.p.2">The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the
-         delay <em class="bcp14">MAY</em> be indicated in a Retry-After header field (<a href="#header.retry-after" id="rfc.xref.header.retry-after.2" title="Retry-After">Section&nbsp;9.16</a>). If no Retry-After is given, the client <em class="bcp14">SHOULD</em> handle the response as it would for a 500 response.
+         delay <em class="bcp14">MAY</em> be indicated in a <a href="#header.retry-after" class="smpl">Retry-After</a> header field (<a href="#header.retry-after" id="rfc.xref.header.retry-after.2" title="Retry-After">Section&nbsp;9.16</a>). If no Retry-After is given, the client <em class="bcp14">SHOULD</em> handle the response as it would for a <a href="#status.500" class="smpl">500 (Internal
+            Server Error)</a> response.
       </p>
       <div class="note" id="rfc.section.4.7.4.p.3"> 
@@ -2201 +2199 @@
          Character Set registry <em class="bcp14">MUST</em> represent the character encoding defined by that registry. Applications <em class="bcp14">SHOULD</em> limit their use of character encodings to those defined within the IANA registry.
       </p>
-      <p id="rfc.section.5.3.p.5">HTTP uses charset in two contexts: within an Accept-Charset request header field (in which the charset value is an unquoted
-         token) and as the value of a parameter in a Content-Type header field (within a request or response), in which case the parameter
-         value of the charset parameter can be quoted.
+      <p id="rfc.section.5.3.p.5">HTTP uses charset in two contexts: within an <a href="#header.accept-charset" class="smpl">Accept-Charset</a> request header field (in which the charset value is an unquoted token) and as the value of a parameter in a <a href="#header.content-type" class="smpl">Content-Type</a> header field (within a request or response), in which case the parameter value of the charset parameter can be quoted.
       </p>
       <p id="rfc.section.5.3.p.6">Implementors need to be aware of IETF character set requirements <a href="#RFC3629" id="rfc.xref.RFC3629.1"><cite title="UTF-8, a transformation format of ISO 10646">[RFC3629]</cite></a>  <a href="#RFC2277" id="rfc.xref.RFC2277.1"><cite title="IETF Policy on Character Sets and Languages">[RFC2277]</cite></a>.
@@ -2214 +2210 @@
       </p>
       <div id="rfc.figure.u.18"></div><pre class="inline"><span id="rfc.iref.g.22"></span>  <a href="#content.codings" class="smpl">content-coding</a>   = <a href="#core.rules" class="smpl">token</a>
-</pre><p id="rfc.section.5.4.p.3">All content-coding values are case-insensitive. HTTP/1.1 uses content-coding values in the Accept-Encoding (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.2" title="Accept-Encoding">Section&nbsp;9.3</a>) and Content-Encoding (<a href="#header.content-encoding" id="rfc.xref.header.content-encoding.1" title="Content-Encoding">Section&nbsp;9.6</a>) header fields. Although the value describes the content-coding, what is more important is that it indicates what decoding
+</pre><p id="rfc.section.5.4.p.3">All content-coding values are case-insensitive. HTTP/1.1 uses content-coding values in the <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a> (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.2" title="Accept-Encoding">Section&nbsp;9.3</a>) and <a href="#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="#header.content-encoding" id="rfc.xref.header.content-encoding.1" title="Content-Encoding">Section&nbsp;9.6</a>) header fields. Although the value describes the content-coding, what is more important is that it indicates what decoding
          mechanism will be required to remove the encoding.
       </p>
@@ -2251 +2247 @@
       </p>
       <h2 id="rfc.section.5.5"><a href="#rfc.section.5.5">5.5</a>&nbsp;<a id="media.types" href="#media.types">Media Types</a></h2>
-      <p id="rfc.section.5.5.p.1">HTTP uses Internet Media Types <a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> in the Content-Type (<a href="#header.content-type" id="rfc.xref.header.content-type.3" title="Content-Type">Section&nbsp;9.9</a>) and Accept (<a href="#header.accept" id="rfc.xref.header.accept.2" title="Accept">Section&nbsp;9.1</a>) header fields in order to provide open and extensible data typing and type negotiation.
+      <p id="rfc.section.5.5.p.1">HTTP uses Internet Media Types <a href="#RFC2046" id="rfc.xref.RFC2046.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types">[RFC2046]</cite></a> in the <a href="#header.content-type" class="smpl">Content-Type</a> (<a href="#header.content-type" id="rfc.xref.header.content-type.3" title="Content-Type">Section&nbsp;9.9</a>) and <a href="#header.accept" class="smpl">Accept</a> (<a href="#header.accept" id="rfc.xref.header.accept.2" title="Accept">Section&nbsp;9.1</a>) header fields in order to provide open and extensible data typing and type negotiation.
       </p>
       <div id="rfc.figure.u.19"></div><pre class="inline"><span id="rfc.iref.g.24"></span><span id="rfc.iref.g.25"></span><span id="rfc.iref.g.26"></span>  <a href="#media.types" class="smpl">media-type</a> = <a href="#media.types" class="smpl">type</a> "/" <a href="#media.types" class="smpl">subtype</a> *( <a href="#core.rules" class="smpl">OWS</a> ";" <a href="#core.rules" class="smpl">OWS</a> <a href="#rule.parameter" class="smpl">parameter</a> )
@@ -2305 +2301 @@
       <h2 id="rfc.section.5.6"><a href="#rfc.section.5.6">5.6</a>&nbsp;<a id="language.tags" href="#language.tags">Language Tags</a></h2>
       <p id="rfc.section.5.6.p.1">A language tag, as defined in <a href="#RFC5646" id="rfc.xref.RFC5646.1"><cite title="Tags for Identifying Languages">[RFC5646]</cite></a>, identifies a natural language spoken, written, or otherwise conveyed by human beings for communication of information to
-         other human beings. Computer languages are explicitly excluded. HTTP uses language tags within the Accept-Language and Content-Language
-         fields.
+         other human beings. Computer languages are explicitly excluded. HTTP uses language tags within the <a href="#header.accept-language" class="smpl">Accept-Language</a> and <a href="#header.content-language" class="smpl">Content-Language</a> fields.
       </p>
       <p id="rfc.section.5.6.p.2">In summary, a language tag is composed of one or more parts: A primary language subtag followed by a possibly empty series
@@ -2367 +2362 @@
          (request or response), the request method, the response status code, and the representation metadata. For example, the above
          semantic is true for the representation in any <a href="#status.200" class="smpl">200 (OK)</a> response to GET and for the representation in any PUT request. A 200 response to PUT, in contrast, contains either a representation
-         that describes the successful action or a representation of the target resource, with the latter indicated by a Content-Location
-         header field with the same value as the effective request URI. Likewise, response messages with an error status code usually
+         that describes the successful action or a representation of the target resource, with the latter indicated by a <a href="#header.content-location" class="smpl">Content-Location</a> header field with the same value as the effective request URI. Likewise, response messages with an error status code usually
          contain a representation that describes the error and what next steps are suggested for resolving it.
       </p>
@@ -2390 +2384 @@
          <li>If the response status code is <a href="#status.204" class="smpl">204 (No Content)</a>, <a href="p5-range.html#status.206" class="smpl">206 (Partial Content)</a>, or <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> and the request method was GET or HEAD, the response payload is a partial representation of the target resource.
          </li>
-         <li>If the response has a Content-Location header field, and that URI is the same as the effective request URI, the response payload
-            is a representation of the target resource.
-         </li>
-         <li>If the response has a Content-Location header field, and that URI is not the same as the effective request URI, then the response
-            asserts that its payload is a representation of the resource identified by the Content-Location URI. However, such an assertion
-            cannot be trusted unless it can be verified by other means (not defined by HTTP).
+         <li>If the response has a <a href="#header.content-location" class="smpl">Content-Location</a> header field, and that URI is the same as the effective request URI, the response payload is a representation of the target
+            resource.
+         </li>
+         <li>If the response has a <a href="#header.content-location" class="smpl">Content-Location</a> header field, and that URI is not the same as the effective request URI, then the response asserts that its payload is a representation
+            of the resource identified by the Content-Location URI. However, such an assertion cannot be trusted unless it can be verified
+            by other means (not defined by HTTP).
          </li>
          <li>Otherwise, the response is a representation of an anonymous (i.e., unidentified) resource.</li>
@@ -2468 +2462 @@
          the representation metadata header fields.
       </p>
-      <p id="rfc.section.7.3.p.2">The data type of the representation data is determined via the header fields Content-Type and Content-Encoding. These define
-         a two-layer, ordered encoding model:
+      <p id="rfc.section.7.3.p.2">The data type of the representation data is determined via the header fields <a href="#header.content-type" class="smpl">Content-Type</a> and <a href="#header.content-encoding" class="smpl">Content-Encoding</a>. These define a two-layer, ordered encoding model:
       </p>
       <div id="rfc.figure.u.23"></div><pre class="text">  representation-data := Content-Encoding( Content-Type( bits ) )
-</pre><p id="rfc.section.7.3.p.4">Content-Type specifies the media type of the underlying data, which defines both the data format and how that data <em class="bcp14">SHOULD</em> be processed by the recipient (within the scope of the request method semantics). Any HTTP/1.1 message containing a payload
+</pre><p id="rfc.section.7.3.p.4"> <a href="#header.content-type" class="smpl">Content-Type</a> specifies the media type of the underlying data, which defines both the data format and how that data <em class="bcp14">SHOULD</em> be processed by the recipient (within the scope of the request method semantics). Any HTTP/1.1 message containing a payload
          body <em class="bcp14">SHOULD</em> include a Content-Type header field defining the media type of the associated representation unless that metadata is unknown
          to the sender. If the Content-Type header field is not present, it indicates that the sender does not know the media type
@@ -2484 +2477 @@
          such "content sniffing" when it is used.
       </p>
-      <p id="rfc.section.7.3.p.6">Content-Encoding is used to indicate any additional content codings applied to the data, usually for the purpose of data compression,
-         that are a property of the representation. If Content-Encoding is not present, then there is no additional encoding beyond
-         that defined by the Content-Type.
+      <p id="rfc.section.7.3.p.6"> <a href="#header.content-encoding" class="smpl">Content-Encoding</a> is used to indicate any additional content codings applied to the data, usually for the purpose of data compression, that
+         are a property of the representation. If Content-Encoding is not present, then there is no additional encoding beyond that
+         defined by the <a href="#header.content-type" class="smpl">Content-Type</a> header field.
       </p>
       <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a id="content.negotiation" href="#content.negotiation">Content Negotiation</a></h1>
@@ -2521 +2514 @@
          to describe to the user agent, or when the server desires to send its "best guess" to the client along with the first response
          (hoping to avoid the round-trip delay of a subsequent request if the "best guess" is good enough for the user). In order to
-         improve the server's guess, the user agent <em class="bcp14">MAY</em> include request header fields (Accept, Accept-Language, Accept-Encoding, etc.) which describe its preferences for such a response.
+         improve the server's guess, the user agent <em class="bcp14">MAY</em> include request header fields (<a href="#header.accept" class="smpl">Accept</a>, <a href="#header.accept-language" class="smpl">Accept-Language</a>, <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a>, etc.) which describe its preferences for such a response.
       </p>
       <p id="rfc.section.8.1.p.3">Server-driven negotiation has disadvantages: </p>
@@ -2543 +2536 @@
       </p>
       <p id="rfc.section.8.1.p.6">HTTP/1.1 includes the following header fields for enabling server-driven negotiation through description of user agent capabilities
-         and user preferences: Accept (<a href="#header.accept" id="rfc.xref.header.accept.3" title="Accept">Section&nbsp;9.1</a>), Accept-Charset (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.2" title="Accept-Charset">Section&nbsp;9.2</a>), Accept-Encoding (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.3" title="Accept-Encoding">Section&nbsp;9.3</a>), Accept-Language (<a href="#header.accept-language" id="rfc.xref.header.accept-language.2" title="Accept-Language">Section&nbsp;9.4</a>), and User-Agent (<a href="#header.user-agent" id="rfc.xref.header.user-agent.2" title="User-Agent">Section&nbsp;9.18</a>). However, an origin server is not limited to these dimensions and <em class="bcp14">MAY</em> vary the response based on any aspect of the request, including aspects of the connection (e.g., IP address) or information
+         and user preferences: <a href="#header.accept" class="smpl">Accept</a> (<a href="#header.accept" id="rfc.xref.header.accept.3" title="Accept">Section&nbsp;9.1</a>), <a href="#header.accept-charset" class="smpl">Accept-Charset</a> (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.2" title="Accept-Charset">Section&nbsp;9.2</a>), <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a> (<a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.3" title="Accept-Encoding">Section&nbsp;9.3</a>), <a href="#header.accept-language" class="smpl">Accept-Language</a> (<a href="#header.accept-language" id="rfc.xref.header.accept-language.2" title="Accept-Language">Section&nbsp;9.4</a>), and <a href="#header.user-agent" class="smpl">User-Agent</a> (<a href="#header.user-agent" id="rfc.xref.header.user-agent.2" title="User-Agent">Section&nbsp;9.18</a>). However, an origin server is not limited to these dimensions and <em class="bcp14">MAY</em> vary the response based on any aspect of the request, including aspects of the connection (e.g., IP address) or information
          within extension header fields not defined by this specification.
       </p>
       <div class="note" id="rfc.section.8.1.p.7"> 
-         <p> <b>Note:</b> In practice, User-Agent based negotiation is fragile, because new clients might not be recognized.
+         <p> <b>Note:</b> In practice, <a href="#header.user-agent" class="smpl">User-Agent</a> based negotiation is fragile, because new clients might not be recognized.
          </p> 
       </div>
@@ -2791 +2784 @@
       <h2 id="rfc.section.9.6"><a href="#rfc.section.9.6">9.6</a>&nbsp;<a id="header.content-encoding" href="#header.content-encoding">Content-Encoding</a></h2>
       <p id="rfc.section.9.6.p.1">The "Content-Encoding" header field indicates what content-codings have been applied to the representation beyond those inherent
-         in the media type, and thus what decoding mechanisms have to be applied in order to obtain the media-type referenced by the
-         Content-Type header field. Content-Encoding is primarily used to allow a representation to be compressed without losing the
-         identity of its underlying media type.
+         in the media type, and thus what decoding mechanisms have to be applied in order to obtain the media-type referenced by the <a href="#header.content-type" class="smpl">Content-Type</a> header field. Content-Encoding is primarily used to allow a representation to be compressed without losing the identity of
+         its underlying media type.
       </p>
       <div id="rfc.figure.u.37"></div><pre class="inline"><span id="rfc.iref.g.41"></span>  <a href="#header.content-encoding" class="smpl">Content-Encoding</a> = 1#<a href="#content.codings" class="smpl">content-coding</a>
@@ -2807 +2799 @@
          would only be listed if, for some bizarre reason, it is applied a second time to form the representation. Likewise, an origin
          server might choose to publish the same payload data as multiple representations that differ only in whether the coding is
-         defined as part of Content-Type or Content-Encoding, since some user agents will behave differently in their handling of each
-         response (e.g., open a "Save as ..." dialog instead of automatic decompression and rendering of content).
+         defined as part of <a href="#header.content-type" class="smpl">Content-Type</a> or Content-Encoding, since some user agents will behave differently in their handling of each response (e.g., open a "Save
+         as ..." dialog instead of automatic decompression and rendering of content).
       </p>
       <p id="rfc.section.9.6.p.7">A representation that has a content-coding applied to it <em class="bcp14">MUST</em> include a Content-Encoding header field (<a href="#header.content-encoding" id="rfc.xref.header.content-encoding.3" title="Content-Encoding">Section&nbsp;9.6</a>) that lists the content-coding(s) applied.
@@ -2999 +2991 @@
       </p>
       <div class="note" id="rfc.section.9.13.p.9"> 
-         <p> <b>Note:</b> The Content-Location header field (<a href="#header.content-location" id="rfc.xref.header.content-location.3" title="Content-Location">Section&nbsp;9.8</a>) differs from Location in that the Content-Location identifies the most specific resource corresponding to the enclosed representation.
+         <p> <b>Note:</b> The <a href="#header.content-location" class="smpl">Content-Location</a> header field (<a href="#header.content-location" id="rfc.xref.header.content-location.3" title="Content-Location">Section&nbsp;9.8</a>) differs from Location in that the Content-Location identifies the most specific resource corresponding to the enclosed representation.
             It is therefore possible for a response to contain header fields for both Location and Content-Location.
          </p> 
@@ -3591 +3583 @@
                <tr>
                   <td class="left">identity</td>
-                  <td class="left">reserved (synonym for "no encoding" in Accept-Encoding header field)</td>
+                  <td class="left">reserved (synonym for "no encoding" in <a href="#header.accept-encoding" class="smpl">Accept-Encoding</a> header field)
+                  </td>
                   <td class="left"> <a href="#header.accept-encoding" id="rfc.xref.header.accept-encoding.5" title="Accept-Encoding">Section&nbsp;9.3</a> 
                   </td>
@@ -3607 +3600 @@
          a priori method of determining the sensitivity of any particular piece of information within the context of any given request.
          Therefore, applications <em class="bcp14">SHOULD</em> supply as much control over this information as possible to the provider of that information. Four header fields are worth
-         special mention in this context: Server, Via, Referer and From.
+         special mention in this context: <a href="#header.server" class="smpl">Server</a>, <a href="p1-messaging.html#header.via" class="smpl">Via</a>, <a href="#header.referer" class="smpl">Referer</a> and <a href="#header.from" class="smpl">From</a>.
       </p>
       <p id="rfc.section.11.1.p.2">Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks
-         against software that is known to contain security holes. Implementors <em class="bcp14">SHOULD</em> make the Server header field a configurable option.
+         against software that is known to contain security holes. Implementors <em class="bcp14">SHOULD</em> make the <a href="#header.server" class="smpl">Server</a> header field a configurable option.
       </p>
       <p id="rfc.section.11.1.p.3">Proxies which serve as a portal through a network firewall <em class="bcp14">SHOULD</em> take special precautions regarding the transfer of header information that identifies the hosts behind the firewall. In particular,
          they <em class="bcp14">SHOULD</em> remove, or replace with sanitized versions, any Via fields generated behind the firewall.
       </p>
-      <p id="rfc.section.11.1.p.4">The Referer header field allows reading patterns to be studied and reverse links drawn. Although it can be very useful, its
-         power can be abused if user details are not separated from the information contained in the Referer. Even when the personal
-         information has been removed, the Referer header field might indicate a private document's URI whose publication would be
-         inappropriate.
-      </p>
-      <p id="rfc.section.11.1.p.5">The information sent in the From field might conflict with the user's privacy interests or their site's security policy, and
-         hence it <em class="bcp14">SHOULD NOT</em> be transmitted without the user being able to disable, enable, and modify the contents of the field. The user <em class="bcp14">MUST</em> be able to set the contents of this field within a user preference or application defaults configuration.
+      <p id="rfc.section.11.1.p.4">The <a href="#header.referer" class="smpl">Referer</a> header field allows reading patterns to be studied and reverse links drawn. Although it can be very useful, its power can
+         be abused if user details are not separated from the information contained in the Referer. Even when the personal information
+         has been removed, the Referer header field might indicate a private document's URI whose publication would be inappropriate.
+      </p>
+      <p id="rfc.section.11.1.p.5">The information sent in the <a href="#header.from" class="smpl">From</a> field might conflict with the user's privacy interests or their site's security policy, and hence it <em class="bcp14">SHOULD NOT</em> be transmitted without the user being able to disable, enable, and modify the contents of the field. The user <em class="bcp14">MUST</em> be able to set the contents of this field within a user preference or application defaults configuration.
       </p>
       <p id="rfc.section.11.1.p.6">We suggest, though do not require, that a convenient toggle interface be provided for the user to enable or disable the sending
-         of From and Referer information.
-      </p>
-      <p id="rfc.section.11.1.p.7">The User-Agent (<a href="#header.user-agent" id="rfc.xref.header.user-agent.4" title="User-Agent">Section&nbsp;9.18</a>) or Server (<a href="#header.server" id="rfc.xref.header.server.3" title="Server">Section&nbsp;9.17</a>) header fields can sometimes be used to determine that a specific client or server has a particular security hole which might
+         of <a href="#header.from" class="smpl">From</a> and <a href="#header.referer" class="smpl">Referer</a> information.
+      </p>
+      <p id="rfc.section.11.1.p.7">The <a href="#header.user-agent" class="smpl">User-Agent</a> (<a href="#header.user-agent" id="rfc.xref.header.user-agent.4" title="User-Agent">Section&nbsp;9.18</a>) or <a href="#header.server" class="smpl">Server</a> (<a href="#header.server" id="rfc.xref.header.server.3" title="Server">Section&nbsp;9.17</a>) header fields can sometimes be used to determine that a specific client or server has a particular security hole which might
          be exploited. Unfortunately, this same information is often used for other valuable purposes for which HTTP currently has
          no better mechanism.
       </p>
-      <p id="rfc.section.11.1.p.8">Furthermore, the User-Agent header field might contain enough entropy to be used, possibly in conjunction with other material,
-         to uniquely identify the user.
+      <p id="rfc.section.11.1.p.8">Furthermore, the <a href="#header.user-agent" class="smpl">User-Agent</a> header field might contain enough entropy to be used, possibly in conjunction with other material, to uniquely identify the
+         user.
       </p>
       <p id="rfc.section.11.1.p.9">Some request methods, like TRACE (<a href="#TRACE" id="rfc.xref.TRACE.3" title="TRACE">Section&nbsp;2.3.7</a>), expose information that was sent in request header fields within the body of their response. Clients <em class="bcp14">SHOULD</em> be careful with sensitive information, like Cookies, Authorization credentials, and other header fields that might be used
@@ -3638 +3629 @@
       <h2 id="rfc.section.11.2"><a href="#rfc.section.11.2">11.2</a>&nbsp;<a id="encoding.sensitive.information.in.uris" href="#encoding.sensitive.information.in.uris">Encoding Sensitive Information in URIs</a></h2>
       <p id="rfc.section.11.2.p.1">Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly
-         recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could
-         have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From
-         information.
-      </p>
-      <p id="rfc.section.11.2.p.2">Clients <em class="bcp14">SHOULD NOT</em> include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
+         recommended that the user be able to select whether or not the <a href="#header.referer" class="smpl">Referer</a> field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively
+         enable/disable the sending of Referer and From information.
+      </p>
+      <p id="rfc.section.11.2.p.2">Clients <em class="bcp14">SHOULD NOT</em> include a <a href="#header.referer" class="smpl">Referer</a> header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
       </p>
       <p id="rfc.section.11.2.p.3">Authors of services <em class="bcp14">SHOULD NOT</em> use GET-based forms for the submission of sensitive data because that data will be placed in the request-target. Many existing
@@ -3649 +3639 @@
       </p>
       <h2 id="rfc.section.11.3"><a href="#rfc.section.11.3">11.3</a>&nbsp;<a id="location.spoofing-leakage" href="#location.spoofing-leakage">Location Header Fields: Spoofing and Information Leakage</a></h2>
-      <p id="rfc.section.11.3.p.1">If a single server supports multiple organizations that do not trust one another, then it <em class="bcp14">MUST</em> check the values of Location and Content-Location header fields in responses that are generated under control of said organizations
-         to make sure that they do not attempt to invalidate resources over which they have no authority.
-      </p>
-      <p id="rfc.section.11.3.p.2">Furthermore, appending the fragment identifier from one URI to another one obtained from a Location header field might leak
-         confidential information to the target server — although the fragment identifier is not transmitted in the final request,
-         it might be visible to the user agent through other means, such as scripting.
+      <p id="rfc.section.11.3.p.1">If a single server supports multiple organizations that do not trust one another, then it <em class="bcp14">MUST</em> check the values of <a href="#header.location" class="smpl">Location</a> and <a href="#header.content-location" class="smpl">Content-Location</a> header fields in responses that are generated under control of said organizations to make sure that they do not attempt to
+         invalidate resources over which they have no authority.
+      </p>
+      <p id="rfc.section.11.3.p.2">Furthermore, appending the fragment identifier from one URI to another one obtained from a <a href="#header.location" class="smpl">Location</a> header field might leak confidential information to the target server — although the fragment identifier is not transmitted
+         in the final request, it might be visible to the user agent through other means, such as scripting.
       </p>
       <h2 id="rfc.section.11.4"><a href="#rfc.section.11.4">11.4</a>&nbsp;Security Considerations for CONNECT
@@ -3662 +3651 @@
       </p>
       <h2 id="rfc.section.11.5"><a href="#rfc.section.11.5">11.5</a>&nbsp;<a id="privacy.issues.connected.to.accept.header.fields" href="#privacy.issues.connected.to.accept.header.fields">Privacy Issues Connected to Accept Header Fields</a></h2>
-      <p id="rfc.section.11.5.p.1">Accept header fields can reveal information about the user to all servers which are accessed. The Accept-Language header field
-         in particular can reveal information the user would consider to be of a private nature, because the understanding of particular
-         languages is often strongly correlated to the membership of a particular ethnic group. User agents which offer the option
-         to configure the contents of an Accept-Language header field to be sent in every request are strongly encouraged to let the
-         configuration process include a message which makes the user aware of the loss of privacy involved.
+      <p id="rfc.section.11.5.p.1">Accept header fields can reveal information about the user to all servers which are accessed. The <a href="#header.accept-language" class="smpl">Accept-Language</a> header field in particular can reveal information the user would consider to be of a private nature, because the understanding
+         of particular languages is often strongly correlated to the membership of a particular ethnic group. User agents which offer
+         the option to configure the contents of an Accept-Language header field to be sent in every request are strongly encouraged
+         to let the configuration process include a message which makes the user aware of the loss of privacy involved.
       </p>
       <p id="rfc.section.11.5.p.2">An approach that limits the loss of privacy would be for a user agent to omit the sending of Accept-Language header fields
@@ -3912 +3900 @@
       </p>
       <p id="rfc.section.A.2.p.2">Where it is possible, a proxy or gateway from HTTP to a strict MIME environment <em class="bcp14">SHOULD</em> translate all line breaks within the text media types described in <a href="#canonicalization.and.text.defaults" title="Canonicalization and Text Defaults">Section&nbsp;5.5.1</a> of this document to the RFC 2049 canonical form of CRLF. Note, however, that this might be complicated by the presence of
-         a Content-Encoding and by the fact that HTTP allows the use of some character encodings which do not use octets 13 and 10
-         to represent CR and LF, respectively, as is the case for some multi-byte character encodings.
+         a <a href="#header.content-encoding" class="smpl">Content-Encoding</a> and by the fact that HTTP allows the use of some character encodings which do not use octets 13 and 10 to represent CR and
+         LF, respectively, as is the case for some multi-byte character encodings.
       </p>
       <p id="rfc.section.A.2.p.3">Conversion will break any cryptographic checksums applied to the original content unless the original content is already in
@@ -3919 +3907 @@
       </p>
       <h2 id="rfc.section.A.3"><a href="#rfc.section.A.3">A.3</a>&nbsp;<a id="conversion.of.date.formats" href="#conversion.of.date.formats">Conversion of Date Formats</a></h2>
-      <p id="rfc.section.A.3.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="#http.date" title="Date/Time Formats">Section&nbsp;5.1</a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any Date header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary.
+      <p id="rfc.section.A.3.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="#http.date" title="Date/Time Formats">Section&nbsp;5.1</a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any <a href="#header.date" class="smpl">Date</a> header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary.
       </p>
       <h2 id="rfc.section.A.4"><a href="#rfc.section.A.4">A.4</a>&nbsp;<a id="introduction.of.content-encoding" href="#introduction.of.content-encoding">Introduction of Content-Encoding</a></h2>
-      <p id="rfc.section.A.4.p.1">MIME does not include any concept equivalent to HTTP/1.1's Content-Encoding header field. Since this acts as a modifier on
-         the media type, proxies and gateways from HTTP to MIME-compliant protocols <em class="bcp14">MUST</em> either change the value of the Content-Type header field or decode the representation before forwarding the message. (Some
-         experimental applications of Content-Type for Internet mail have used a media-type parameter of ";conversions=&lt;content-coding&gt;"
-         to perform a function equivalent to Content-Encoding. However, this parameter is not part of the MIME standards).
+      <p id="rfc.section.A.4.p.1">MIME does not include any concept equivalent to HTTP/1.1's <a href="#header.content-encoding" class="smpl">Content-Encoding</a> header field. Since this acts as a modifier on the media type, proxies and gateways from HTTP to MIME-compliant protocols <em class="bcp14">MUST</em> either change the value of the <a href="#header.content-type" class="smpl">Content-Type</a> header field or decode the representation before forwarding the message. (Some experimental applications of Content-Type for
+         Internet mail have used a media-type parameter of ";conversions=&lt;content-coding&gt;" to perform a function equivalent to Content-Encoding.
+         However, this parameter is not part of the MIME standards).
       </p>
       <div id="rfc.iref.c.11"></div>
@@ -3971 +3958 @@
       </p>
       <p id="rfc.section.C.p.8">Deprecate <a href="#status.305" class="smpl">305 (Use Proxy)</a> status code, because user agents did not implement it. It used to indicate that the target resource needs to be accessed through
-         the proxy given by the Location field. The Location field gave the URI of the proxy. The recipient was expected to repeat
-         this single request via the proxy. (<a href="#status.305" id="rfc.xref.status.305.3" title="305 Use Proxy">Section&nbsp;4.5.5</a>)
+         the proxy given by the <a href="#header.location" class="smpl">Location</a> field. The Location field gave the URI of the proxy. The recipient was expected to repeat this single request via the proxy.
+         (<a href="#status.305" id="rfc.xref.status.305.3" title="305 Use Proxy">Section&nbsp;4.5.5</a>)
       </p>
       <p id="rfc.section.C.p.9">Define status <a href="#status.426" class="smpl">426 (Upgrade Required)</a> (this was incorporated from <a href="#RFC2817" id="rfc.xref.RFC2817.4"><cite title="Upgrading to TLS Within HTTP/1.1">[RFC2817]</cite></a>). (<a href="#status.426" id="rfc.xref.status.426.3" title="426 Upgrade Required">Section&nbsp;4.6.15</a>)
@@ -3978 +3965 @@
       <p id="rfc.section.C.p.10">Change ABNF productions for header fields to only define the field value. (<a href="#header.field.definitions" title="Header Field Definitions">Section&nbsp;9</a>)
       </p>
-      <p id="rfc.section.C.p.11">Reclassify "Allow" as response header field, removing the option to specify it in a PUT request. Relax the server requirement
-         on the contents of the Allow header field and remove requirement on clients to always trust the header field value. (<a href="#header.allow" id="rfc.xref.header.allow.4" title="Allow">Section&nbsp;9.5</a>)
-      </p>
-      <p id="rfc.section.C.p.12">The ABNF for the Expect header field has been both fixed (allowing parameters for value-less expectations as well) and simplified
-         (allowing trailing semicolons after "100-continue" when they were invalid before). (<a href="#header.expect" id="rfc.xref.header.expect.4" title="Expect">Section&nbsp;9.11</a>)
-      </p>
-      <p id="rfc.section.C.p.13">Correct syntax of Location header field to allow URI references (including relative references and fragments), as referred
-         symbol "absoluteURI" wasn't what was expected, and add some clarifications as to when use of fragments would not be appropriate.
-         (<a href="#header.location" id="rfc.xref.header.location.5" title="Location">Section&nbsp;9.13</a>)
-      </p>
-      <p id="rfc.section.C.p.14">Restrict Max-Forwards header field to OPTIONS and TRACE (previously, extension methods could have used it as well). (<a href="#header.max-forwards" id="rfc.xref.header.max-forwards.5" title="Max-Forwards">Section&nbsp;9.14</a>)
-      </p>
-      <p id="rfc.section.C.p.15">Allow Referer field value of "about:blank" as alternative to not specifying it. (<a href="#header.referer" id="rfc.xref.header.referer.3" title="Referer">Section&nbsp;9.15</a>)
-      </p>
-      <p id="rfc.section.C.p.16">In the description of the Server header field, the Via field was described as a SHOULD. The requirement was and is stated
-         correctly in the description of the Via header field in <a href="p1-messaging.html#header.via" title="Via">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.60"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. (<a href="#header.server" id="rfc.xref.header.server.4" title="Server">Section&nbsp;9.17</a>)
+      <p id="rfc.section.C.p.11">Reclassify "<a href="#header.allow" class="smpl">Allow</a>" as response header field, removing the option to specify it in a PUT request. Relax the server requirement on the contents
+         of the Allow header field and remove requirement on clients to always trust the header field value. (<a href="#header.allow" id="rfc.xref.header.allow.4" title="Allow">Section&nbsp;9.5</a>)
+      </p>
+      <p id="rfc.section.C.p.12">The ABNF for the <a href="#header.expect" class="smpl">Expect</a> header field has been both fixed (allowing parameters for value-less expectations as well) and simplified (allowing trailing
+         semicolons after "100-continue" when they were invalid before). (<a href="#header.expect" id="rfc.xref.header.expect.4" title="Expect">Section&nbsp;9.11</a>)
+      </p>
+      <p id="rfc.section.C.p.13">Correct syntax of <a href="#header.location" class="smpl">Location</a> header field to allow URI references (including relative references and fragments), as referred symbol "absoluteURI" wasn't
+         what was expected, and add some clarifications as to when use of fragments would not be appropriate. (<a href="#header.location" id="rfc.xref.header.location.5" title="Location">Section&nbsp;9.13</a>)
+      </p>
+      <p id="rfc.section.C.p.14">Restrict <a href="#header.max-forwards" class="smpl">Max-Forwards</a> header field to OPTIONS and TRACE (previously, extension methods could have used it as well). (<a href="#header.max-forwards" id="rfc.xref.header.max-forwards.5" title="Max-Forwards">Section&nbsp;9.14</a>)
+      </p>
+      <p id="rfc.section.C.p.15">Allow <a href="#header.referer" class="smpl">Referer</a> field value of "about:blank" as alternative to not specifying it. (<a href="#header.referer" id="rfc.xref.header.referer.3" title="Referer">Section&nbsp;9.15</a>)
+      </p>
+      <p id="rfc.section.C.p.16">In the description of the <a href="#header.server" class="smpl">Server</a> header field, the <a href="p1-messaging.html#header.via" class="smpl">Via</a> field was described as a SHOULD. The requirement was and is stated correctly in the description of the Via header field in <a href="p1-messaging.html#header.via" title="Via">Section 6.2</a> of <a href="#Part1" id="rfc.xref.Part1.60"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. (<a href="#header.server" id="rfc.xref.header.server.4" title="Server">Section&nbsp;9.17</a>)
       </p>
       <p id="rfc.section.C.p.17">Clarify contexts that charset is used in. (<a href="#character.sets" title="Character Encodings (charset)">Section&nbsp;5.3</a>)
@@ -4007 +3992 @@
          and also because of known deficiencies in the hash algorithm itself (see <a href="#RFC6151" id="rfc.xref.RFC6151.1"><cite title="Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms">[RFC6151]</cite></a> for details). (<a href="#header.field.definitions" title="Header Field Definitions">Section&nbsp;9</a>)
       </p>
-      <p id="rfc.section.C.p.22">Remove ISO-8859-1 special-casing in Accept-Charset. (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.4" title="Accept-Charset">Section&nbsp;9.2</a>)
-      </p>
-      <p id="rfc.section.C.p.23">Remove base URI setting semantics for Content-Location due to poor implementation support, which was caused by too many broken
-         servers emitting bogus Content-Location header fields, and also the potentially undesirable effect of potentially breaking
-         relative links in content-negotiated resources. (<a href="#header.content-location" id="rfc.xref.header.content-location.5" title="Content-Location">Section&nbsp;9.8</a>)
+      <p id="rfc.section.C.p.22">Remove ISO-8859-1 special-casing in <a href="#header.accept-charset" class="smpl">Accept-Charset</a>. (<a href="#header.accept-charset" id="rfc.xref.header.accept-charset.4" title="Accept-Charset">Section&nbsp;9.2</a>)
+      </p>
+      <p id="rfc.section.C.p.23">Remove base URI setting semantics for <a href="#header.content-location" class="smpl">Content-Location</a> due to poor implementation support, which was caused by too many broken servers emitting bogus Content-Location header fields,
+         and also the potentially undesirable effect of potentially breaking relative links in content-negotiated resources. (<a href="#header.content-location" id="rfc.xref.header.content-location.5" title="Content-Location">Section&nbsp;9.8</a>)
       </p>
       <p id="rfc.section.C.p.24">Remove reference to non-existant identity transfer-coding value tokens. (<a href="#no.content-transfer-encoding" id="rfc.xref.no.content-transfer-encoding.1" title="No Content-Transfer-Encoding">Appendix&nbsp;A.5</a>)

draft-ietf-httpbis/latest/p2-semantics.xml

@@ -305 +305 @@
    impact on security. This is because different uses of the protocol require
    different error handling strategies; for example, a Web browser might wish to
-   transparently recover from a response where the Location header field
-   doesn't parse according to the ABNF, whereby in a systems control protocol
-   using HTTP, this type of error recovery could lead to dangerous consequences.
+   transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereby in a systems
+   control protocol using HTTP, this type of error recovery could lead to
+   dangerous consequences.
 </t>
 </section>
@@ -388 +389 @@
 <t>
    The list of methods allowed by a resource can be specified in an
-   Allow header field (<xref target="header.allow"/>). The status code of the response
-   always notifies the client whether a method is currently allowed on a
-   resource, since the set of allowed methods can change dynamically. An
-   origin server &SHOULD; respond with the status code <x:ref>405 (Method Not Allowed)</x:ref>
-   if the method is known by the origin server but not allowed for the
-   resource, and <x:ref>501 (Not Implemented)</x:ref> if the method is
-   unrecognized or not implemented by the origin server. The methods GET
-   and HEAD &MUST; be supported by all general-purpose servers. All other
-   methods are &OPTIONAL;; however, if the above methods are implemented,
-   they &MUST; be implemented with the same semantics as those specified
-   in <xref target="method.definitions"/>.
+   <x:ref>Allow</x:ref> header field (<xref target="header.allow"/>). The
+   status code of the response always notifies the client whether a method is
+   currently allowed on a resource, since the set of allowed methods can change
+   dynamically. An origin server &SHOULD; respond with the status code
+   <x:ref>405 (Method Not Allowed)</x:ref> if the method is known by the origin
+   server but not allowed for the resource, and <x:ref>501 (Not
+   Implemented)</x:ref> if the method is unrecognized or not implemented by the
+   origin server. The methods GET and HEAD &MUST; be supported by all
+   general-purpose servers. All other methods are &OPTIONAL;; however, if the
+   above methods are implemented, they &MUST; be implemented with the same
+   semantics as those specified in <xref target="method.definitions"/>.
 </t>
 
@@ -520 +521 @@
 <t>
    If the OPTIONS request includes a message body (as indicated by the
-   presence of Content-Length or Transfer-Encoding), then the media type
-   &MUST; be indicated by a Content-Type field. Although this
-   specification does not define any use for such a body, future
-   extensions to HTTP might use the OPTIONS body to make more detailed
+   presence of <x:ref>Content-Length</x:ref> or <x:ref>Transfer-Encoding</x:ref>),
+   then the media type &MUST; be indicated by a <x:ref>Content-Type</x:ref>
+   field. Although this specification does not define any use for such a body,
+   future extensions to HTTP might use the OPTIONS body to make more detailed
    queries on the server.
 </t>
@@ -544 +545 @@
    A <x:ref>200 (OK)</x:ref> response &SHOULD; include any header fields that
    indicate optional features implemented by the server and applicable to that
-   resource (e.g., Allow), possibly including extensions not defined by
-   this specification. The response body, if any, &SHOULD; also include
-   information about the communication options. The format for such a
+   resource (e.g., <x:ref>Allow</x:ref>), possibly including extensions not
+   defined by this specification. The response body, if any, &SHOULD; also
+   include information about the communication options. The format for such a
    body is not defined by this specification, but might be defined by
    future extensions to HTTP. Content negotiation &MAY; be used to select
@@ -554 +555 @@
 </t>
 <t>
-   The Max-Forwards header field &MAY; be used to target a
+   The <x:ref>Max-Forwards</x:ref> header field &MAY; be used to target a
    specific proxy in the request chain (see <xref target="header.max-forwards"/>).
    If no Max-Forwards field is present in the request, then the forwarded
@@ -681 +682 @@
    &SHOULD; be <x:ref>201 (Created)</x:ref> and contain a representation which
    describes the status of the request and refers to the new resource, and a
-   Location header field (see <xref target="header.location"/>).
+   <x:ref>Location</x:ref> header field (see <xref target="header.location"/>).
 </t>
 <t>
    Responses to POST requests are only cacheable when they
    include explicit freshness information (see &p6-explicit;). A
-   cached POST response with a Content-Location header field 
+   cached POST response with a <x:ref>Content-Location</x:ref> header field 
    (see &header-content-location;) whose value is the effective 
    Request URI &MAY; be used to satisfy subsequent GET and HEAD requests.
@@ -740 +741 @@
    representation or changing the resource configuration, or respond
    with an appropriate error message containing sufficient information
-   to explain why the representation is unsuitable.  The <x:ref>409 (Conflict)</x:ref>
-   or <x:ref>415 (Unsupported Media Type)</x:ref> status codes are suggested, with the
-   latter being specific to constraints on Content-Type values.
+   to explain why the representation is unsuitable.  The
+   <x:ref>409 (Conflict)</x:ref> or <x:ref>415 (Unsupported Media Type)</x:ref>
+   status codes are suggested, with the latter being specific to constraints on
+   <x:ref>Content-Type</x:ref> values.
 </t>
 <t>
    For example, if the target resource is configured to always have a
-   Content-Type of "text/html" and the representation being PUT has a
-   Content-Type of "image/jpeg", then the origin server &SHOULD; do one of:
-   (a) reconfigure the target resource to reflect the new media type;
-   (b) transform the PUT representation to a format consistent with that
-   of the resource before saving it as the new resource state; or,
-   (c) reject the request with a 415 response indicating that the target
-   resource is limited to "text/html", perhaps including a link to a
-   different resource that would be a suitable target for the new
-   representation.
+   <x:ref>Content-Type</x:ref> of "text/html" and the representation being PUT
+   has a Content-Type of "image/jpeg", then the origin server &SHOULD; do one of:
+   <list style="letters">
+      <t>reconfigure the target resource to reflect the new media type;</t>
+      <t>transform the PUT representation to a format consistent with that
+         of the resource before saving it as the new resource state; or,</t>
+      <t>reject the request with a <x:ref>415 (Unsupported Media Type)</x:ref>
+         response indicating that the target resource is limited to "text/html",
+         perhaps including a link to a different resource that would be a
+         suitable target for the new representation.</t>
+   </list>
 </t>
 <t>
@@ -870 +874 @@
    &SHOULD; reflect the message received back to the client as the message body
    of a <x:ref>200 (OK)</x:ref> response. The final recipient is either the
-   origin server or the first proxy to receive a Max-Forwards
+   origin server or the first proxy to receive a <x:ref>Max-Forwards</x:ref>
    value of zero (0) in the request (see <xref target="header.max-forwards"/>).
    A TRACE request &MUST-NOT; include a message body.
@@ -879 +883 @@
    information. The value of the Via header field (&header-via;) is of
    particular interest, since it acts as a trace of the request chain.
-   Use of the Max-Forwards header field allows the client to limit the
-   length of the request chain, which is useful for testing a chain of
+   Use of the <x:ref>Max-Forwards</x:ref> header field allows the client to
+   limit the length of the request chain, which is useful for testing a chain of
    proxies forwarding messages in an infinite loop.
 </t>
 <t>
-   If the request is valid, the response &SHOULD; have a Content-Type of
-   "message/http" (see &media-type-message-http;) and contain a message body
-   that encloses a copy of the entire request message.
+   If the request is valid, the response &SHOULD; have a
+   <x:ref>Content-Type</x:ref> of "message/http" (see &media-type-message-http;)
+   and contain a message body that encloses a copy of the entire request message.
    Responses to the TRACE method are not cacheable.
 </t>
@@ -1023 +1027 @@
 <t>
    Many header fields use a format including (case-insensitively) named
-   parameters (for instance, Content-Type, defined in &header-content-type;).
-   Allowing both unquoted (token) and quoted (quoted-string) syntax for the
-   parameter value enables recipients to use existing parser components. When
-   allowing both forms, the meaning of a parameter value ought to be
-   independent of the syntax used for it (for an example, see the notes on
-   parameter handling for media types in &media-types;).
+   parameters (for instance, <x:ref>Content-Type</x:ref>, defined in
+   &header-content-type;). Allowing both unquoted (token) and quoted
+   (quoted-string) syntax for the parameter value enables recipients to use
+   existing parser components. When allowing both forms, the meaning of a
+   parameter value ought to be independent of the syntax used for it (for an
+   example, see the notes on parameter handling for media types in
+   &media-types;).
 </t>
 <t>
@@ -1173 +1178 @@
 <t>
    For most status codes the response can carry a payload, in which case a
-   Content-Type header field indicates the payload's media type
+   <x:ref>Content-Type</x:ref> header field indicates the payload's media type
    (&header-content-type;).
 </t>
@@ -1408 +1413 @@
 <t>
    Newly created resources are typically linked to from the response payload,
-   with the most relevant URI also being carried in the Location header field.
-   If the newly created resource's URI is the same as the Effective Request URI,
-   this information can be omitted (e.g., in the case of a response to a PUT
-   request).  
+   with the most relevant URI also being carried in the <x:ref>Location</x:ref>
+   header field. If the newly created resource's URI is the same as the
+   Effective Request URI, this information can be omitted (e.g., in the case of
+   a response to a PUT request).  
 </t>
 <t>
@@ -1421 +1426 @@
    A 201 response &MAY; contain an <x:ref>ETag</x:ref> response header field
    indicating the current value of the entity-tag for the representation of the
-   resource identified by the Location header field or, in case the Location
-   header field was omitted, by the Effective Request URI (see &header-etag;).
+   resource identified by the <x:ref>Location</x:ref> header field or, in case
+   the Location header field was omitted, by the Effective Request URI (see
+   &header-etag;).
 </t>
 </section>
@@ -1547 +1553 @@
         <t>
           Redirects of the request to another URI, either temporarily or
-          permanently. The new URI is specified in the Location header field.
-          In this specification, the status codes <x:ref>301 (Moved Permanently)</x:ref>, 
-          <x:ref>302 (Found)</x:ref>, and <x:ref>307 (Temporary Redirect)</x:ref>
-          fall under this category.
+          permanently. The new URI is specified in the <x:ref>Location</x:ref>
+          header field. In this specification, the status codes <x:ref>301
+          (Moved Permanently)</x:ref>, <x:ref>302 (Found)</x:ref>, and
+          <x:ref>307 (Temporary Redirect)</x:ref> fall under this category.
         </t>
       </x:lt>
@@ -1595 +1601 @@
 </x:note>
 <t>
-   A Location header field on a 3xx response indicates that a client &MAY;
-   automatically redirect to the URI provided; see <xref target="header.location"/>.
+   A <x:ref>Location</x:ref> header field on a 3xx response indicates that a
+   client &MAY; automatically redirect to the URI provided; see
+   <xref target="header.location"/>.
 </t>
 <t>
@@ -1638 +1645 @@
 <t>
    If the server has a preferred choice of representation, it &SHOULD;
-   include the specific URI for that representation in the Location
+   include the specific URI for that representation in the <x:ref>Location</x:ref>
    field; user agents &MAY; use the Location field value for automatic
    redirection. 
@@ -1666 +1673 @@
 </t>
 <t>
-   The new permanent URI &SHOULD; be given by the Location field in the
-   response. A response payload can contain a short hypertext note with a
+   The new permanent URI &SHOULD; be given by the <x:ref>Location</x:ref> field
+   in the response. A response payload can contain a short hypertext note with a
    hyperlink to the new URI(s).
 </t>
@@ -1691 +1698 @@
 </t>
 <t>
-   The temporary URI &SHOULD; be given by the Location field in the
-   response. A response payload can contain a short hypertext note with a
+   The temporary URI &SHOULD; be given by the <x:ref>Location</x:ref> field in
+   the response. A response payload can contain a short hypertext note with a
    hyperlink to the new URI(s).
 </t>
@@ -1712 +1719 @@
    The 303 status code indicates that the server is redirecting the
    user agent to a different resource, as indicated by a URI in the
-   Location header field, that is intended to provide an indirect
+   <x:ref>Location</x:ref> header field, that is intended to provide an indirect
    response to the original request.  In order to satisfy the original
    request, a user agent &SHOULD; perform a retrieval request using the
@@ -1732 +1739 @@
    A 303 response to a GET request indicates that the requested
    resource does not have a representation of its own that can be
-   transferred by the server over HTTP.  The Location URI indicates a
-   resource that is descriptive of the target resource, such that the
-   follow-on representation might be useful to recipients without
+   transferred by the server over HTTP.  The <x:ref>Location</x:ref> URI
+   indicates a resource that is descriptive of the target resource, such that
+   the follow-on representation might be useful to recipients without
    implying that it adequately represents the target resource.
    Note that answers to the questions of what can be represented, what
@@ -1744 +1751 @@
    Except for responses to a HEAD request, the representation of a 303 
    response &SHOULD; contain a short hypertext note with a hyperlink 
-   to the Location URI.
+   to the <x:ref>Location</x:ref> URI.
 </t>
 </section>
@@ -1778 +1785 @@
 </t>
 <t>
-   The temporary URI &SHOULD; be given by the Location field in the
-   response. A response payload can contain a short hypertext note with a
+   The temporary URI &SHOULD; be given by the <x:ref>Location</x:ref> field in
+   the response. A response payload can contain a short hypertext note with a
    hyperlink to the new URI(s).
 </t>
@@ -1867 +1874 @@
 <t>
    The method specified in the request-line is not allowed for the target
-   resource. The response &MUST; include an Allow header field containing a
-   list of valid methods for the requested resource.
+   resource. The response &MUST; include an <x:ref>Allow</x:ref> header field
+   containing a list of valid methods for the requested resource.
 </t>
 </section>
@@ -1879 +1886 @@
    The resource identified by the request is only capable of generating
    response representations which have content characteristics not acceptable
-   according to the Accept and Accept-* header fields sent in the request.
+   according to the <x:ref>Accept</x:ref> and Accept-* header fields sent in
+   the request.
 </t>
 <t>
@@ -1993 +2001 @@
 </t>
 <t>
-   If the condition is temporary, the server &SHOULD; include a Retry-After
-   header field to indicate that it is temporary and after what
-   time the client &MAY; try again.
+   If the condition is temporary, the server &SHOULD; include a
+   <x:ref>Retry-After</x:ref> header field to indicate that it is temporary and
+   after what time the client &MAY; try again.
 </t>
 </section>
@@ -2032 +2040 @@
   <x:anchor-alias value="417 (Expectation Failed)"/>
 <t>
-   The expectation given in an Expect header field (see <xref target="header.expect"/>)
-   could not be met by this server, or, if the server is a proxy,
-   the server has unambiguous evidence that the request could not be met
-   by the next-hop server.
+   The expectation given in an <x:ref>Expect</x:ref> header field (see
+   <xref target="header.expect"/>) could not be met by this server, or, if the
+   server is a proxy, the server has unambiguous evidence that the request
+   could not be met by the next-hop server.
 </t>
 </section>
@@ -2126 +2134 @@
    The implication is that this is a temporary condition which will be
    alleviated after some delay. If known, the length of the delay &MAY; be
-   indicated in a Retry-After header field (<xref target="header.retry-after"/>).
-   If no Retry-After is given, the client &SHOULD; handle the response as it
-   would for a 500 response.
+   indicated in a <x:ref>Retry-After</x:ref> header field
+   (<xref target="header.retry-after"/>). If no Retry-After is given, the
+   client &SHOULD; handle the response as it would for a <x:ref>500 (Internal
+   Server Error)</x:ref> response.
 </t>
 <x:note>
@@ -2375 +2384 @@
 </t>
 <t>
-   HTTP uses charset in two contexts: within an Accept-Charset request
-   header field (in which the charset value is an unquoted token) and as the
-   value of a parameter in a Content-Type header field (within a request or
-   response), in which case the parameter value of the charset parameter
-   can be quoted.
+   HTTP uses charset in two contexts: within an <x:ref>Accept-Charset</x:ref>
+   request header field (in which the charset value is an unquoted token) and
+   as the value of a parameter in a <x:ref>Content-Type</x:ref> header field
+   (within a request or response), in which case the parameter value of the
+   charset parameter can be quoted.
 </t>
 <t>
@@ -2402 +2411 @@
 <t>
    All content-coding values are case-insensitive. HTTP/1.1 uses
-   content-coding values in the Accept-Encoding (<xref target="header.accept-encoding"/>) and
-   Content-Encoding (<xref target="header.content-encoding"/>) header fields. Although the value
+   content-coding values in the <x:ref>Accept-Encoding</x:ref>
+   (<xref target="header.accept-encoding"/>) and <x:ref>Content-Encoding</x:ref>
+   (<xref target="header.content-encoding"/>) header fields. Although the value
    describes the content-coding, what is more important is that it
    indicates what decoding mechanism will be required to remove the
@@ -2470 +2480 @@
   <x:anchor-alias value="subtype"/>
 <t>
-   HTTP uses Internet Media Types <xref target="RFC2046"/> in the Content-Type (<xref target="header.content-type"/>)
-   and Accept (<xref target="header.accept"/>) header fields in order to provide
-   open and extensible data typing and type negotiation.
+   HTTP uses Internet Media Types <xref target="RFC2046"/> in the
+   <x:ref>Content-Type</x:ref> (<xref target="header.content-type"/>)
+   and <x:ref>Accept</x:ref> (<xref target="header.accept"/>) header fields in
+   order to provide open and extensible data typing and type negotiation.
 </t>
 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="media-type"/><iref primary="true" item="Grammar" subitem="type"/><iref primary="true" item="Grammar" subitem="subtype"/>
@@ -2585 +2596 @@
    natural language spoken, written, or otherwise conveyed by human beings for
    communication of information to other human beings. Computer languages are
-   explicitly excluded. HTTP uses language tags within the Accept-Language and
-   Content-Language fields.
+   explicitly excluded. HTTP uses language tags within the
+   <x:ref>Accept-Language</x:ref> and <x:ref>Content-Language</x:ref> fields.
 </t>
 <t>
@@ -2675 +2686 @@
    A 200 response to PUT, in contrast, contains either a representation
    that describes the successful action or a representation of the target
-   resource, with the latter indicated by a Content-Location header field
-   with the same value as the effective request URI.  Likewise, response
-   messages with an error status code usually contain a representation that
-   describes the error and what next steps are suggested for resolving it.
+   resource, with the latter indicated by a <x:ref>Content-Location</x:ref>
+   header field with the same value as the effective request URI.  Likewise,
+   response messages with an error status code usually contain a representation
+   that describes the error and what next steps are suggested for resolving it.
 </t>
 <t>
@@ -2717 +2728 @@
    and the request method was GET or HEAD, the response payload is a partial
    representation of the target resource.</t>
-   <t>If the response has a Content-Location header field, and that URI is the same
-   as the effective request URI, the response payload is a representation of the
-   target resource.</t>
-   <t>If the response has a Content-Location header field, and that URI is not the
-   same as the effective request URI, then the response asserts that its
-   payload is a representation of the resource identified by the
-   Content-Location URI. However, such an assertion cannot be trusted unless
+   <t>If the response has a <x:ref>Content-Location</x:ref> header field, and
+   that URI is the same as the effective request URI, the response payload is a
+   representation of the target resource.</t>
+   <t>If the response has a <x:ref>Content-Location</x:ref> header field, and
+   that URI is not the same as the effective request URI, then the response
+   asserts that its payload is a representation of the resource identified by
+   the Content-Location URI. However, such an assertion cannot be trusted unless
    it can be verified by other means (not defined by HTTP).</t>
    <t>Otherwise, the response is a representation of an anonymous (i.e.,
@@ -2782 +2793 @@
 </t>
 <t>
-   The data type of the representation data
-   is determined via the header fields Content-Type and Content-Encoding.
+   The data type of the representation data is determined via the header fields
+   <x:ref>Content-Type</x:ref> and <x:ref>Content-Encoding</x:ref>.
    These define a two-layer, ordered encoding model:
 </t>
@@ -2790 +2801 @@
 </artwork></figure>
 <t>
-   Content-Type specifies the media type of the underlying data, which
-   defines both the data format and how that data &SHOULD; be processed
+   <x:ref>Content-Type</x:ref> specifies the media type of the underlying data,
+   which defines both the data format and how that data &SHOULD; be processed
    by the recipient (within the scope of the request method semantics).
    Any HTTP/1.1 message containing a payload body &SHOULD; include a
@@ -2815 +2826 @@
 </t>
 <t>
-   Content-Encoding is used to indicate any additional content
+   <x:ref>Content-Encoding</x:ref> is used to indicate any additional content
    codings applied to the data, usually for the purpose of data
    compression, that are a property of the representation.  If
    Content-Encoding is not present, then there is no additional
-   encoding beyond that defined by the Content-Type.
+   encoding beyond that defined by the <x:ref>Content-Type</x:ref> header field.
 </t>
 </section>
@@ -2887 +2898 @@
    avoid the round-trip delay of a subsequent request if the "best
    guess" is good enough for the user). In order to improve the server's
-   guess, the user agent &MAY; include request header fields (Accept,
-   Accept-Language, Accept-Encoding, etc.) which describe its
+   guess, the user agent &MAY; include request header fields (<x:ref>Accept</x:ref>,
+   <x:ref>Accept-Language</x:ref>, <x:ref>Accept-Encoding</x:ref>, etc.) which describe its
    preferences for such a response.
 </t>
@@ -2931 +2942 @@
    HTTP/1.1 includes the following header fields for enabling
    server-driven negotiation through description of user agent
-   capabilities and user preferences: Accept (<xref target="header.accept"/>), Accept-Charset
-   (<xref target="header.accept-charset"/>), Accept-Encoding (<xref target="header.accept-encoding"/>), Accept-Language
-   (<xref target="header.accept-language"/>), and User-Agent (&header-user-agent;).
+   capabilities and user preferences: <x:ref>Accept</x:ref>
+   (<xref target="header.accept"/>), <x:ref>Accept-Charset</x:ref>
+   (<xref target="header.accept-charset"/>), <x:ref>Accept-Encoding</x:ref>
+   (<xref target="header.accept-encoding"/>), <x:ref>Accept-Language</x:ref>
+   (<xref target="header.accept-language"/>), and <x:ref>User-Agent</x:ref>
+   (&header-user-agent;).
    However, an origin server is not limited to these dimensions and &MAY; vary 
    the response based on any aspect of the request, including aspects
@@ -2941 +2955 @@
 <x:note>
   <t>
-    &Note; In practice, User-Agent based negotiation is fragile,
+    &Note; In practice, <x:ref>User-Agent</x:ref> based negotiation is fragile,
     because new clients might not be recognized. 
   </t>
@@ -3349 +3363 @@
    have been applied to the representation beyond those inherent in the media
    type, and thus what decoding mechanisms have to be applied in order to obtain
-   the media-type referenced by the Content-Type header field.
+   the media-type referenced by the <x:ref>Content-Type</x:ref> header field.
    Content-Encoding is primarily used to allow a representation to be
    compressed without losing the identity of its underlying media type.
@@ -3378 +3392 @@
    representation.  Likewise, an origin server might choose to publish the
    same payload data as multiple representations that differ only in whether
-   the coding is defined as part of Content-Type or Content-Encoding, since
-   some user agents will behave differently in their handling of each
-   response (e.g., open a "Save as ..." dialog instead of automatic
-   decompression and rendering of content).
+   the coding is defined as part of <x:ref>Content-Type</x:ref> or
+   Content-Encoding, since some user agents will behave differently in their
+   handling of each response (e.g., open a "Save as ..." dialog instead of
+   automatic decompression and rendering of content).
 </t>
 <t>
@@ -3780 +3794 @@
 <x:note>
   <t>
-    &Note; The Content-Location header field (&header-content-location;) differs
-    from Location in that the Content-Location identifies the most specific
-    resource corresponding to the enclosed representation.
-    It is therefore possible for a response to contain header fields for
-    both Location and Content-Location.
+    &Note; The <x:ref>Content-Location</x:ref> header field
+    (&header-content-location;) differs from Location in that the
+    Content-Location identifies the most specific resource corresponding to the
+    enclosed representation. It is therefore possible for a response to contain
+    header fields for both Location and Content-Location.
   </t>
 </x:note>
@@ -4424 +4438 @@
    </c>
    <c>identity</c>
-   <c>reserved (synonym for "no encoding" in Accept-Encoding header field)</c>
+   <c>reserved (synonym for "no encoding" in <x:ref>Accept-Encoding</x:ref>
+   header field)</c>
    <c>
       <xref target="header.accept-encoding"/>
@@ -4450 +4465 @@
    applications &SHOULD; supply as much control over this information as
    possible to the provider of that information. Four header fields are
-   worth special mention in this context: Server, Via, Referer and From.
+   worth special mention in this context: <x:ref>Server</x:ref>,
+   <x:ref>Via</x:ref>, <x:ref>Referer</x:ref> and <x:ref>From</x:ref>.
 </t>
 <t>
@@ -4456 +4472 @@
    server machine to become more vulnerable to attacks against software
    that is known to contain security holes. Implementors &SHOULD; make the
-   Server header field a configurable option.
+   <x:ref>Server</x:ref> header field a configurable option.
 </t>
 <t>
@@ -4466 +4482 @@
 </t>
 <t>
-   The Referer header field allows reading patterns to be studied and reverse
-   links drawn. Although it can be very useful, its power can be abused
-   if user details are not separated from the information contained in
-   the Referer. Even when the personal information has been removed, the
-   Referer header field might indicate a private document's URI whose
-   publication would be inappropriate.
-</t>
-<t>
-   The information sent in the From field might conflict with the user's
-   privacy interests or their site's security policy, and hence it
+   The <x:ref>Referer</x:ref> header field allows reading patterns to be
+   studied and reverse links drawn. Although it can be very useful, its power
+   can be abused if user details are not separated from the information
+   contained in the Referer. Even when the personal information has been
+   removed, the Referer header field might indicate a private document's URI
+   whose publication would be inappropriate.
+</t>
+<t>
+   The information sent in the <x:ref>From</x:ref> field might conflict with
+   the user's privacy interests or their site's security policy, and hence it
    &SHOULD-NOT;  be transmitted without the user being able to disable,
    enable, and modify the contents of the field. The user &MUST; be able
@@ -4483 +4499 @@
 <t>
    We suggest, though do not require, that a convenient toggle interface
-   be provided for the user to enable or disable the sending of From and
-   Referer information.
-</t>
-<t>
-   The User-Agent (<xref target="header.user-agent"/>) or Server (<xref
-   target="header.server"/>) header fields can sometimes be used to determine
-   that a specific client or server has a particular security hole which might
-   be exploited. Unfortunately, this same information is often used for other
-   valuable purposes for which HTTP currently has no better mechanism.
-</t>
-<t>
-   Furthermore, the User-Agent header field might contain enough entropy to be
-   used, possibly in conjunction with other material, to uniquely identify the
-   user.
+   be provided for the user to enable or disable the sending of
+   <x:ref>From</x:ref> and <x:ref>Referer</x:ref> information.
+</t>
+<t>
+   The <x:ref>User-Agent</x:ref> (<xref target="header.user-agent"/>) or
+   <x:ref>Server</x:ref> (<xref target="header.server"/>) header fields can
+   sometimes be used to determine that a specific client or server has a
+   particular security hole which might be exploited. Unfortunately, this same
+   information is often used for other valuable purposes for which HTTP
+   currently has no better mechanism.
+</t>
+<t>
+   Furthermore, the <x:ref>User-Agent</x:ref> header field might contain enough
+   entropy to be used, possibly in conjunction with other material, to uniquely
+   identify the user.
 </t>
 <t>
@@ -4512 +4529 @@
    reveal an otherwise private information source, it is strongly
    recommended that the user be able to select whether or not the
-   Referer field is sent. For example, a browser client could have a
-   toggle switch for browsing openly/anonymously, which would
+   <x:ref>Referer</x:ref> field is sent. For example, a browser client could
+   have a toggle switch for browsing openly/anonymously, which would
    respectively enable/disable the sending of Referer and From
    information.
 </t>
 <t>
-   Clients &SHOULD-NOT; include a Referer header field in a (non-secure)
-   HTTP request if the referring page was transferred with a secure
+   Clients &SHOULD-NOT; include a <x:ref>Referer</x:ref> header field in a
+   (non-secure) HTTP request if the referring page was transferred with a secure
    protocol.
 </t>
@@ -4534 +4551 @@
 <t>
    If a single server supports multiple organizations that do not trust
-   one another, then it &MUST; check the values of Location and Content-Location
-   header fields in responses that are generated under control of
-   said organizations to make sure that they do not attempt to
-   invalidate resources over which they have no authority.
+   one another, then it &MUST; check the values of <x:ref>Location</x:ref> and
+   <x:ref>Content-Location</x:ref> header fields in responses that are
+   generated under control of said organizations to make sure that they do not
+   attempt to invalidate resources over which they have no authority.
 </t>
 <t>
    Furthermore, appending the fragment identifier from one URI to another
-   one obtained from a Location header field might leak confidential
-   information to the target server &mdash; although the fragment identifier is
-   not transmitted in the final request, it might be visible to the user agent
-   through other means, such as scripting.
+   one obtained from a <x:ref>Location</x:ref> header field might leak
+   confidential information to the target server &mdash; although the fragment
+   identifier is not transmitted in the final request, it might be visible to
+   the user agent through other means, such as scripting.
 </t>
 </section>
@@ -4561 +4578 @@
 <t>
    Accept header fields can reveal information about the user to all
-   servers which are accessed. The Accept-Language header field in particular
-   can reveal information the user would consider to be of a private
-   nature, because the understanding of particular languages is often
+   servers which are accessed. The <x:ref>Accept-Language</x:ref> header field
+   in particular can reveal information the user would consider to be of a
+   private nature, because the understanding of particular languages is often
    strongly correlated to the membership of a particular ethnic group.
    User agents which offer the option to configure the contents of an
@@ -4627 +4644 @@
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p1-messaging-&ID-VERSION;"/>
-  <x:source href="p1-messaging.xml" basename="p1-messaging"/>
+  <x:source href="p1-messaging.xml" basename="p1-messaging">
+    <x:defines>Content-Length</x:defines>
+    <x:defines>Transfer-Encoding</x:defines>
+    <x:defines>Via</x:defines>
+  </x:source>
 </reference>
 
@@ -5361 +5382 @@
    environment &SHOULD; translate all line breaks within the text media
    types described in <xref target="canonicalization.and.text.defaults"/>
-   of this document to the RFC 2049
-   canonical form of CRLF. Note, however, that this might be complicated
-   by the presence of a Content-Encoding and by the fact that HTTP
-   allows the use of some character encodings which do not use octets 13 and
-   10 to represent CR and LF, respectively, as is the case for some multi-byte
-   character encodings.
+   of this document to the RFC 2049 canonical form of CRLF. Note, however, that
+   this might be complicated by the presence of a <x:ref>Content-Encoding</x:ref>
+   and by the fact that HTTP allows the use of some character encodings which do
+   not use octets 13 and 10 to represent CR and LF, respectively, as is the case
+   for some multi-byte character encodings.
 </t>
 <t>
@@ -5381 +5401 @@
    HTTP/1.1 uses a restricted set of date formats (&http-date;) to
    simplify the process of date comparison. Proxies and gateways from
-   other protocols &SHOULD; ensure that any Date header field present in a
-   message conforms to one of the HTTP/1.1 formats and rewrite the date
-   if necessary.
+   other protocols &SHOULD; ensure that any <x:ref>Date</x:ref> header field
+   present in a message conforms to one of the HTTP/1.1 formats and rewrite
+   the date if necessary.
 </t>
 </section>
@@ -5390 +5410 @@
 <t>
    MIME does not include any concept equivalent to HTTP/1.1's
-   Content-Encoding header field. Since this acts as a modifier on the
-   media type, proxies and gateways from HTTP to MIME-compliant
-   protocols &MUST; either change the value of the Content-Type header
-   field or decode the representation before forwarding the message. (Some
-   experimental applications of Content-Type for Internet mail have used
+   <x:ref>Content-Encoding</x:ref> header field. Since this acts as a modifier
+   on the media type, proxies and gateways from HTTP to MIME-compliant
+   protocols &MUST; either change the value of the <x:ref>Content-Type</x:ref>
+   header field or decode the representation before forwarding the message.
+   (Some experimental applications of Content-Type for Internet mail have used
    a media-type parameter of ";conversions=&lt;content-coding&gt;" to perform
    a function equivalent to Content-Encoding. However, this parameter is
@@ -5503 +5523 @@
   Deprecate <x:ref>305 (Use Proxy)</x:ref> status code, because user agents did
   not implement it. It used to indicate that the target resource needs to be
-  accessed through the proxy given by the Location field. The Location field
-  gave the URI of the proxy. The recipient was expected to repeat this single
-  request via the proxy.
+  accessed through the proxy given by the <x:ref>Location</x:ref> field. The
+  Location field gave the URI of the proxy. The recipient was expected to
+  repeat this single request via the proxy.
   (<xref target="status.305"/>)
 </t>
@@ -5518 +5538 @@
 </t>
 <t>
-  Reclassify "Allow" as response header field, removing the option to
-  specify it in a PUT request.
+  Reclassify "<x:ref>Allow</x:ref>" as response header field, removing the
+  option to specify it in a PUT request.
   Relax the server requirement on the contents of the Allow header field and
   remove requirement on clients to always trust the header field value.
@@ -5525 +5545 @@
 </t>
 <t>
-  The ABNF for the Expect header field has been both fixed (allowing parameters
-  for value-less expectations as well) and simplified (allowing trailing
-  semicolons after "100-continue" when they were invalid before).
+  The ABNF for the <x:ref>Expect</x:ref> header field has been both fixed
+  (allowing parameters for value-less expectations as well) and simplified
+  (allowing trailing semicolons after "100-continue" when they were invalid
+  before).
   (<xref target="header.expect"/>)
 </t>
 <t>
-  Correct syntax of Location header field to allow URI references (including
-  relative references and fragments), as referred symbol "absoluteURI" wasn't
-  what was expected, and add some clarifications as to when use of fragments 
-  would not be appropriate.
+  Correct syntax of <x:ref>Location</x:ref> header field to allow URI
+  references (including relative references and fragments), as referred symbol
+  "absoluteURI" wasn't what was expected, and add some clarifications as to
+  when use of fragments would not be appropriate.
   (<xref target="header.location"/>)
 </t>
 <t>
-  Restrict Max-Forwards header field to OPTIONS and TRACE (previously,
-  extension methods could have used it as well).
+  Restrict <x:ref>Max-Forwards</x:ref> header field to OPTIONS and TRACE
+  (previously, extension methods could have used it as well).
   (<xref target="header.max-forwards"/>)
 </t>
 <t>
-  Allow Referer field value of "about:blank" as alternative to not specifying it. 
+  Allow <x:ref>Referer</x:ref> field value of "about:blank" as alternative to
+  not specifying it. 
   (<xref target="header.referer"/>)
 </t>
 <t>
-  In the description of the Server header field, the Via field
-  was described as a SHOULD. The requirement was and is stated
-  correctly in the description of the Via header field in &header-via;.
+  In the description of the <x:ref>Server</x:ref> header field, the
+  <x:ref>Via</x:ref> field was described as a SHOULD. The requirement was and
+  is stated correctly in the description of the Via header field in
+  &header-via;.
   (<xref target="header.server"/>)
 </t>
@@ -5576 +5599 @@
 </t>
 <t>
-  Remove ISO-8859-1 special-casing in Accept-Charset.
+  Remove ISO-8859-1 special-casing in <x:ref>Accept-Charset</x:ref>.
   (<xref target="header.accept-charset"/>)
 </t>
 <t>
-  Remove base URI setting semantics for Content-Location due to poor
-  implementation support, which was caused by too many broken servers emitting
+  Remove base URI setting semantics for <x:ref>Content-Location</x:ref> due to
+  poor implementation support, which was caused by too many broken servers emitting
   bogus Content-Location header fields, and also the potentially undesirable effect
   of potentially breaking relative links in content-negotiated resources.

draft-ietf-httpbis/latest/p4-conditional.html

@@ -661 +661 @@
          mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require
          different error handling strategies; for example, a Web browser might wish to transparently recover from a response where
-         the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type
-         of error recovery could lead to dangerous consequences.
+         the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery
+         could lead to dangerous consequences.
       </p>
       <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
@@ -691 +691 @@
       </p>
       <p id="rfc.section.2.1.p.2">A "strong validator" is a representation metadata value that <em class="bcp14">MUST</em> be changed to a new, previously unused or guaranteed unique, value whenever a change occurs to the representation data such
-         that a change would be observable in the payload body of a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to GET. A strong validator <em class="bcp14">MAY</em> be changed for other reasons, such as when a semantically significant part of the representation metadata is changed (e.g.,
-         Content-Type), but it is in the best interests of the origin server to only change the value when it is necessary to invalidate
-         the stored responses held by remote caches and authoring tools. A strong validator <em class="bcp14">MUST</em> be unique across all representations of a given resource, such that no two representations of that resource share the same
+         that a change would be observable in the payload body of a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to GET.
+      </p>
+      <p id="rfc.section.2.1.p.3">A strong validator <em class="bcp14">MAY</em> be changed for other reasons, such as when a semantically significant part of the representation metadata is changed (e.g., <a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a>), but it is in the best interests of the origin server to only change the value when it is necessary to invalidate the stored
+         responses held by remote caches and authoring tools. A strong validator <em class="bcp14">MUST</em> be unique across all representations of a given resource, such that no two representations of that resource share the same
          validator unless their payload body would be identical.
       </p>
-      <p id="rfc.section.2.1.p.3">Cache entries might persist for arbitrarily long periods, regardless of expiration times. Thus, a cache might attempt to validate
+      <p id="rfc.section.2.1.p.4">Cache entries might persist for arbitrarily long periods, regardless of expiration times. Thus, a cache might attempt to validate
          an entry using a validator that it obtained in the distant past. A strong validator <em class="bcp14">MUST</em> be unique across all versions of all representations associated with a particular resource over time. However, there is no
          implication of uniqueness across representations of different resources (i.e., the same strong validator might be in use for
          representations of multiple resources at the same time and does not imply that those representations are equivalent).
       </p>
-      <p id="rfc.section.2.1.p.4">There are a variety of strong validators used in practice. The best are based on strict revision control, wherein each change
+      <p id="rfc.section.2.1.p.5">There are a variety of strong validators used in practice. The best are based on strict revision control, wherein each change
          to a representation always results in a unique node name and revision identifier being assigned before the representation
          is made accessible to GET. A cryptographic hash function applied to the representation data is also sufficient if the data
@@ -708 +709 @@
          occur with content negotiation over media types that happen to share the same data format, then the origin server <em class="bcp14">SHOULD</em> incorporate additional information in the validator to distinguish those representations and avoid confusing cache behavior.
       </p>
-      <p id="rfc.section.2.1.p.5">In contrast, a "weak validator" is a representation metadata value that might not be changed for every change to the representation
+      <p id="rfc.section.2.1.p.6">In contrast, a "weak validator" is a representation metadata value that might not be changed for every change to the representation
          data. This weakness might be due to limitations in how the value is calculated, such as clock resolution or an inability to
          ensure uniqueness for all possible representations of the resource, or due to a desire by the resource owner to group representations
@@ -714 +715 @@
          In other words, a weak entity-tag ought to change whenever the origin server wants caches to invalidate old responses.
       </p>
-      <p id="rfc.section.2.1.p.6">For example, the representation of a weather report that changes in content every second, based on dynamic measurements, might
+      <p id="rfc.section.2.1.p.7">For example, the representation of a weather report that changes in content every second, based on dynamic measurements, might
          be grouped into sets of equivalent representations (from the origin server's perspective) with the same weak validator in
          order to allow cached representations to be valid for a reasonable period of time (perhaps adjusted dynamically based on server
@@ -721 +722 @@
          those modifications.
       </p>
-      <p id="rfc.section.2.1.p.7">A "use" of a validator occurs when either a client generates a request and includes the validator in a precondition or when
+      <p id="rfc.section.2.1.p.8">A "use" of a validator occurs when either a client generates a request and includes the validator in a precondition or when
          a server compares two validators. Weak validators are only usable in contexts that do not depend on exact equality of a representation's
          payload body. Strong validators are usable and preferred for all conditional requests, including cache validation, partial
@@ -745 +746 @@
          use its value to make conditional requests and test the validity of locally cached responses.
       </p>
-      <p id="rfc.section.2.2.1.p.3">An origin server <em class="bcp14">SHOULD</em> obtain the Last-Modified value of the representation as close as possible to the time that it generates the Date field-value
-         for its response. This allows a recipient to make an accurate assessment of the representation's modification time, especially
-         if the representation changes near the time that the response is generated.
-      </p>
-      <p id="rfc.section.2.2.1.p.4">An origin server with a clock <em class="bcp14">MUST NOT</em> send a Last-Modified date that is later than the server's time of message origination (Date). If the last modification time
-         is derived from implementation-specific metadata that evaluates to some time in the future, according to the origin server's
-         clock, then the origin server <em class="bcp14">MUST</em> replace that value with the message origination date. This prevents a future modification date from having an adverse impact
+      <p id="rfc.section.2.2.1.p.3">An origin server <em class="bcp14">SHOULD</em> obtain the Last-Modified value of the representation as close as possible to the time that it generates the <a href="p2-semantics.html#header.date" class="smpl">Date</a> field value for its response. This allows a recipient to make an accurate assessment of the representation's modification
+         time, especially if the representation changes near the time that the response is generated.
+      </p>
+      <p id="rfc.section.2.2.1.p.4">An origin server with a clock <em class="bcp14">MUST NOT</em> send a Last-Modified date that is later than the server's time of message origination (<a href="p2-semantics.html#header.date" class="smpl">Date</a>). If the last modification time is derived from implementation-specific metadata that evaluates to some time in the future,
+         according to the origin server's clock, then the origin server <em class="bcp14">MUST</em> replace that value with the message origination date. This prevents a future modification date from having an adverse impact
          on cache validation.
       </p>
@@ -771 +770 @@
          <li>The validator is about to be used by a client in an <a href="#header.if-modified-since" class="smpl">If-Modified-Since</a>, <a href="#header.if-unmodified-since" class="smpl">If-Unmodified-Since</a> header field, because the client has a cache entry, or <a href="p5-range.html#header.if-range" class="smpl">If-Range</a> for the associated representation, and
          </li>
-         <li>That cache entry includes a Date value, which gives the time when the origin server sent the original response, and</li>
+         <li>That cache entry includes a <a href="p2-semantics.html#header.date" class="smpl">Date</a> value, which gives the time when the origin server sent the original response, and
+         </li>
          <li>The presented Last-Modified time is at least 60 seconds before the Date value.</li>
       </ul>
@@ -779 +779 @@
             and
          </li>
-         <li>That cache entry includes a Date value, which gives the time when the origin server sent the original response, and</li>
+         <li>That cache entry includes a <a href="p2-semantics.html#header.date" class="smpl">Date</a> value, which gives the time when the origin server sent the original response, and
+         </li>
          <li>The presented Last-Modified time is at least 60 seconds before the Date value.</li>
       </ul>
       <p id="rfc.section.2.2.2.p.4">This method relies on the fact that if two different responses were sent by the origin server during the same second, but
-         both had the same Last-Modified time, then at least one of those responses would have a Date value equal to its Last-Modified
-         time. The arbitrary 60-second limit guards against the possibility that the Date and Last-Modified values are generated from
-         different clocks, or at somewhat different times during the preparation of the response. An implementation <em class="bcp14">MAY</em> use a value larger than 60 seconds, if it is believed that 60 seconds is too short.
+         both had the same Last-Modified time, then at least one of those responses would have a <a href="p2-semantics.html#header.date" class="smpl">Date</a> value equal to its Last-Modified time. The arbitrary 60-second limit guards against the possibility that the Date and Last-Modified
+         values are generated from different clocks, or at somewhat different times during the preparation of the response. An implementation <em class="bcp14">MAY</em> use a value larger than 60 seconds, if it is believed that 60 seconds is too short.
       </p>
       <div id="rfc.iref.e.1"></div>
@@ -883 +883 @@
       </div>
       <h3 id="rfc.section.2.3.3"><a href="#rfc.section.2.3.3">2.3.3</a>&nbsp;<a id="example.entity.tag.vs.conneg" href="#example.entity.tag.vs.conneg">Example: Entity-tags varying on Content-Negotiated Resources</a></h3>
-      <p id="rfc.section.2.3.3.p.1">Consider a resource that is subject to content negotiation (<a href="p2-semantics.html#content.negotiation" title="Content Negotiation">Section 8</a> of <a href="#Part2" id="rfc.xref.Part2.3"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), and where the representations returned upon a GET request vary based on the Accept-Encoding request header field (<a href="p2-semantics.html#header.accept-encoding" title="Accept-Encoding">Section 9.3</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>):
+      <p id="rfc.section.2.3.3.p.1">Consider a resource that is subject to content negotiation (<a href="p2-semantics.html#content.negotiation" title="Content Negotiation">Section 8</a> of <a href="#Part2" id="rfc.xref.Part2.3"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>), and where the representations returned upon a GET request vary based on the <a href="p2-semantics.html#header.accept-encoding" class="smpl">Accept-Encoding</a> request header field (<a href="p2-semantics.html#header.accept-encoding" title="Accept-Encoding">Section 9.3</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>):
       </p>
       <div id="rfc.figure.u.6"></div>
@@ -1091 +1091 @@
          as if it were the payload of a 200 response. The 304 response <em class="bcp14">MUST NOT</em> contain a message-body, and thus is always terminated by the first empty line after the header fields.
       </p>
-      <p id="rfc.section.4.1.p.2">A 304 response <em class="bcp14">MUST</em> include a Date header field (<a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) unless the origin server does not have a clock that can provide a reasonable approximation of the current time. If a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to the same request would have included any of the header fields <a href="p6-cache.html#header.cache-control" class="smpl">Cache-Control</a>, Content-Location, <a href="#header.etag" class="smpl">ETag</a>, <a href="p6-cache.html#header.expires" class="smpl">Expires</a>, or <a href="p6-cache.html#header.vary" class="smpl">Vary</a>, then those same header fields <em class="bcp14">MUST</em> be sent in a 304 response.
+      <p id="rfc.section.4.1.p.2">A 304 response <em class="bcp14">MUST</em> include a <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field (<a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>) unless the origin server does not have a clock that can provide a reasonable approximation of the current time. If a <a href="p2-semantics.html#status.200" class="smpl">200
+            (OK)</a> response to the same request would have included any of the header fields <a href="p6-cache.html#header.cache-control" class="smpl">Cache-Control</a>, <a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a>, <a href="#header.etag" class="smpl">ETag</a>, <a href="p6-cache.html#header.expires" class="smpl">Expires</a>, or <a href="p6-cache.html#header.vary" class="smpl">Vary</a>, then those same header fields <em class="bcp14">MUST</em> be sent in a 304 response.
       </p>
       <p id="rfc.section.4.1.p.3">Since the goal of a 304 response is to minimize information transfer when the recipient already has one or more cached representations,

draft-ietf-httpbis/latest/p4-conditional.xml

@@ -197 +197 @@
    impact on security. This is because different uses of the protocol require
    different error handling strategies; for example, a Web browser might wish to
-   transparently recover from a response where the Location header field
-   doesn't parse according to the ABNF, whereby in a systems control protocol
-   using HTTP, this type of error recovery could lead to dangerous consequences.
+   transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereby in a systems
+   control protocol using HTTP, this type of error recovery could lead to
+   dangerous consequences.
 </t>
 </section>
@@ -273 +274 @@
    a change occurs to the representation data such that a change would be
    observable in the payload body of a <x:ref>200 (OK)</x:ref> response to GET.
+</t>
+<t>   
    A strong validator &MAY; be changed for other reasons, such as when a semantically
    significant part of the representation metadata is changed (e.g.,
-   Content-Type), but it is in the best interests of the origin server to only
-   change the value when it is necessary to invalidate the stored responses
-   held by remote caches and authoring tools.  A strong validator &MUST; be
-   unique across all representations of a given resource, such that no two
-   representations of that resource share the same validator unless
-   their payload body would be identical.
+   <x:ref>Content-Type</x:ref>), but it is in the best interests of the origin
+   server to only change the value when it is necessary to invalidate the
+   stored responses held by remote caches and authoring tools.  A strong
+   validator &MUST; be unique across all representations of a given resource,
+   such that no two representations of that resource share the same validator
+   unless their payload body would be identical.
 </t>
 <t>
@@ -384 +387 @@
 <t>
    An origin server &SHOULD; obtain the Last-Modified value of the
-   representation as close as possible to the time that it generates
-   the Date field-value for its response. This allows a recipient to
+   representation as close as possible to the time that it generates the
+   <x:ref>Date</x:ref> field value for its response. This allows a recipient to
    make an accurate assessment of the representation's modification time,
    especially if the representation changes near the time that the
@@ -392 +395 @@
 <t>
    An origin server with a clock &MUST-NOT; send a Last-Modified date
-   that is later than the server's time of message origination (Date).
+   that is later than the server's time of message origination (<x:ref>Date</x:ref>).
    If the last modification time is derived from implementation-specific
    metadata that evaluates to some time in the future, according to the
@@ -426 +429 @@
         a cache entry, or <x:ref>If-Range</x:ref> for the associated
         representation, and</t>
-     <t>That cache entry includes a Date value, which gives the time
-        when the origin server sent the original response, and</t>
+     <t>That cache entry includes a <x:ref>Date</x:ref> value, which gives the
+        time when the origin server sent the original response, and</t>
      <t>The presented Last-Modified time is at least 60 seconds before
         the Date value.</t>
@@ -437 +440 @@
      <t>The validator is being compared by an intermediate cache to the
         validator stored in its cache entry for the representation, and</t>
-     <t>That cache entry includes a Date value, which gives the time
-        when the origin server sent the original response, and</t>
+     <t>That cache entry includes a <x:ref>Date</x:ref> value, which gives the
+        time when the origin server sent the original response, and</t>
      <t>The presented Last-Modified time is at least 60 seconds before
         the Date value.</t>
@@ -447 +450 @@
    sent by the origin server during the same second, but both had the
    same Last-Modified time, then at least one of those responses would
-   have a Date value equal to its Last-Modified time. The arbitrary 60-second
-   limit guards against the possibility that the Date and Last-Modified
-   values are generated from different clocks, or at somewhat
+   have a <x:ref>Date</x:ref> value equal to its Last-Modified time. The
+   arbitrary 60-second limit guards against the possibility that the Date and
+   Last-Modified values are generated from different clocks, or at somewhat
    different times during the preparation of the response. An
    implementation &MAY; use a value larger than 60 seconds, if it is
@@ -597 +600 @@
    Consider a resource that is subject to content negotiation (&content-negotiation;),
    and where the representations returned upon a GET request vary based on
-   the Accept-Encoding request header field (&header-accept-encoding;):
+   the <x:ref>Accept-Encoding</x:ref> request header field
+   (&header-accept-encoding;):
 </t>
 <figure><preamble>>> Request:</preamble><artwork type="message/http; msgtype=&#34;request&#34;"  x:indent-with="  ">
@@ -1015 +1019 @@
 </t>
 <t>
-   A 304 response &MUST; include a Date header field (&header-date;)
-   unless the origin server does not have a clock that can provide a
-   reasonable approximation of the current time.  If a <x:ref>200 (OK)</x:ref>
-   response to the same request would have included any of the header fields
-   <x:ref>Cache-Control</x:ref>, Content-Location, <x:ref>ETag</x:ref>,
-   <x:ref>Expires</x:ref>, or <x:ref>Vary</x:ref>, then those same header
-   fields &MUST; be sent in a 304 response.
+   A 304 response &MUST; include a <x:ref>Date</x:ref> header field
+   (&header-date;) unless the origin server does not have a clock that can
+   provide a reasonable approximation of the current time.  If a <x:ref>200
+   (OK)</x:ref> response to the same request would have included any of the
+   header fields <x:ref>Cache-Control</x:ref>, <x:ref>Content-Location</x:ref>,
+   <x:ref>ETag</x:ref>, <x:ref>Expires</x:ref>, or <x:ref>Vary</x:ref>, then
+   those same header fields &MUST; be sent in a 304 response.
 </t>
 <t>
@@ -1208 +1212 @@
     <x:defines>2xx (Successful)</x:defines>
     <x:defines>200 (OK)</x:defines>
+    <x:defines>Accept-Encoding</x:defines>
+    <x:defines>Content-Location</x:defines>
+    <x:defines>Content-Type</x:defines>
+    <x:defines>Date</x:defines>
+    <x:defines>Location</x:defines>
   </x:source>
 </reference>

draft-ietf-httpbis/latest/p5-range.html

@@ -683 +683 @@
          mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require
          different error handling strategies; for example, a Web browser might wish to transparently recover from a response where
-         the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type
-         of error recovery could lead to dangerous consequences.
+         the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery
+         could lead to dangerous consequences.
       </p>
       <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
@@ -738 +738 @@
       </p>
       <ul>
-         <li>Either a <a href="#header.content-range" class="smpl">Content-Range</a> header field (<a href="#header.content-range" id="rfc.xref.header.content-range.2" title="Content-Range">Section&nbsp;5.2</a>) indicating the range included with this response, or a multipart/byteranges Content-Type including Content-Range fields
-            for each part. If a Content-Length header field is present in the response, its value <em class="bcp14">MUST</em> match the actual number of octets transmitted in the message body.
+         <li>Either a <a href="#header.content-range" class="smpl">Content-Range</a> header field (<a href="#header.content-range" id="rfc.xref.header.content-range.2" title="Content-Range">Section&nbsp;5.2</a>) indicating the range included with this response, or a multipart/byteranges <a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> including Content-Range fields for each part. If a <a href="p1-messaging.html#header.content-length" class="smpl">Content-Length</a> header field is present in the response, its value <em class="bcp14">MUST</em> match the actual number of octets transmitted in the message body.
          </li>
          <li>Date</li>
-         <li> <a href="p6-cache.html#header.cache-control" class="smpl">Cache-Control</a>, <a href="p4-conditional.html#header.etag" class="smpl">ETag</a>, <a href="p6-cache.html#header.expires" class="smpl">Expires</a>, Content-Location and/or <a href="p6-cache.html#header.vary" class="smpl">Vary</a>, if the header field would have been sent in a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to the same request
+         <li> <a href="p6-cache.html#header.cache-control" class="smpl">Cache-Control</a>, <a href="p4-conditional.html#header.etag" class="smpl">ETag</a>, <a href="p6-cache.html#header.expires" class="smpl">Expires</a>, <a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> and/or <a href="p6-cache.html#header.vary" class="smpl">Vary</a>, if the header field would have been sent in a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to the same request
          </li>
       </ul>
@@ -1191 +1190 @@
          </p> 
       </div>
-      <p id="rfc.section.A.p.3">The multipart/byteranges media type includes one or more parts, each with its own Content-Type and <a href="#header.content-range" class="smpl">Content-Range</a> fields. The required boundary parameter specifies the boundary string used to separate each body-part.
+      <p id="rfc.section.A.p.3">The multipart/byteranges media type includes one or more parts, each with its own <a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> and <a href="#header.content-range" class="smpl">Content-Range</a> fields. The required boundary parameter specifies the boundary string used to separate each body-part.
       </p>
       <p id="rfc.section.A.p.4"> </p>

draft-ietf-httpbis/latest/p5-range.xml

@@ -187 +187 @@
    impact on security. This is because different uses of the protocol require
    different error handling strategies; for example, a Web browser might wish to
-   transparently recover from a response where the Location header field
-   doesn't parse according to the ABNF, whereby in a systems control protocol
-   using HTTP, this type of error recovery could lead to dangerous consequences.
+   transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereby in a systems
+   control protocol using HTTP, this type of error recovery could lead to
+   dangerous consequences.
 </t>
 </section>
@@ -329 +330 @@
         (<xref target="header.content-range"/>) indicating
         the range included with this response, or a multipart/byteranges
-        Content-Type including Content-Range fields for each part. If a
-        Content-Length header field is present in the response, its
-        value &MUST; match the actual number of octets transmitted in the
-        message body.
+        <x:ref>Content-Type</x:ref> including Content-Range fields for each
+        part. If a <x:ref>Content-Length</x:ref> header field is present in the
+        response, its value &MUST; match the actual number of octets
+        transmitted in the message body.
     </t>
     <t>
@@ -339 +340 @@
     <t>
         <x:ref>Cache-Control</x:ref>, <x:ref>ETag</x:ref>,
-        <x:ref>Expires</x:ref>, Content-Location and/or
+        <x:ref>Expires</x:ref>, <x:ref>Content-Location</x:ref> and/or
         <x:ref>Vary</x:ref>, if the header field would have been sent in a
         <x:ref>200 (OK)</x:ref> response to the same request
@@ -1008 +1009 @@
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p1-messaging-&ID-VERSION;"/>
-  <x:source href="p1-messaging.xml" basename="p1-messaging"/>
+  <x:source href="p1-messaging.xml" basename="p1-messaging">
+    <x:defines>Content-Length</x:defines>
+  </x:source>
 </reference>
 
@@ -1032 +1035 @@
     <x:defines>200 (OK)</x:defines>
     <x:defines>410 (Gone)</x:defines>
+    <x:defines>Content-Location</x:defines>
+    <x:defines>Content-Type</x:defines>
+    <x:defines>Location</x:defines>
   </x:source>
 </reference>
@@ -1260 +1266 @@
 <t>
    The multipart/byteranges media type includes one or more parts, each
-   with its own Content-Type and <x:ref>Content-Range</x:ref> fields. The
-   required boundary parameter specifies the boundary string used to separate
-   each body-part.
+   with its own <x:ref>Content-Type</x:ref> and <x:ref>Content-Range</x:ref>
+   fields. The required boundary parameter specifies the boundary string used
+   to separate each body-part.
 </t>
 <t>

draft-ietf-httpbis/latest/p6-cache.html

@@ -794 +794 @@
          mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require
          different error handling strategies; for example, a Web browser might wish to transparently recover from a response where
-         the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type
-         of error recovery could lead to dangerous consequences.
+         the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery
+         could lead to dangerous consequences.
       </p>
       <h2 id="rfc.section.1.4"><a href="#rfc.section.1.4">1.4</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
@@ -913 +913 @@
       <p id="rfc.section.2.2.p.5">Also, note that unsafe requests might invalidate already stored responses; see <a href="#invalidation.after.updates.or.deletions" title="Request Methods that Invalidate">Section&nbsp;2.6</a>.
       </p>
-      <p id="rfc.section.2.2.p.6">When more than one suitable response is stored, a cache <em class="bcp14">MUST</em> use the most recent response (as determined by the Date header field). It can also forward a request with "Cache-Control:
-         max-age=0" or "Cache-Control: no-cache" to disambiguate which response to use.
+      <p id="rfc.section.2.2.p.6">When more than one suitable response is stored, a cache <em class="bcp14">MUST</em> use the most recent response (as determined by the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field). It can also forward a request with "Cache-Control: max-age=0" or "Cache-Control: no-cache" to disambiguate
+         which response to use.
       </p>
       <p id="rfc.section.2.2.p.7">A cache that does not have a clock available <em class="bcp14">MUST NOT</em> use stored responses without revalidating them on every use. A cache, especially a shared cache, <em class="bcp14">SHOULD</em> use a mechanism, such as NTP <a href="#RFC1305" id="rfc.xref.RFC1305.1"><cite title="Network Time Protocol (Version 3) Specification, Implementation">[RFC1305]</cite></a>, to synchronize its clock with a reliable external standard.
@@ -951 +951 @@
          <li>If the max-age response cache directive (<a href="#cache-response-directive" title="Response Cache-Control Directives">Section&nbsp;3.2.2</a>) is present, use its value, or
          </li>
-         <li>If the <a href="#header.expires" class="smpl">Expires</a> response header field (<a href="#header.expires" id="rfc.xref.header.expires.3" title="Expires">Section&nbsp;3.3</a>) is present, use its value minus the value of the Date response header field, or
+         <li>If the <a href="#header.expires" class="smpl">Expires</a> response header field (<a href="#header.expires" id="rfc.xref.header.expires.3" title="Expires">Section&nbsp;3.3</a>) is present, use its value minus the value of the <a href="p2-semantics.html#header.date" class="smpl">Date</a> response header field, or
          </li>
          <li>Otherwise, no explicit expiration time is present in the response. A heuristic freshness lifetime might be applicable; see <a href="#heuristic.freshness" title="Calculating Heuristic Freshness">Section&nbsp;2.3.1.1</a>.
@@ -993 +993 @@
       </p>
       <ul class="empty">
-         <li>HTTP/1.1 requires origin servers to send a Date header field, if possible, with every response, giving the time at which the
-            response was generated. The term "date_value" denotes the value of the Date header field, in a form appropriate for arithmetic
-            operations. See <a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a> for the definition of the Date header field, and for requirements regarding responses without it.
+         <li>HTTP/1.1 requires origin servers to send a <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field, if possible, with every response, giving the time at which the response was generated. The term "date_value"
+            denotes the value of the Date header field, in a form appropriate for arithmetic operations. See <a href="p2-semantics.html#header.date" title="Date">Section 9.10</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a> for the definition of the Date header field, and for requirements regarding responses without it.
          </li>
       </ul>
@@ -1138 +1137 @@
          to keep their contents up-to-date.
       </p>
-      <p id="rfc.section.2.6.p.2">A cache <em class="bcp14">MUST</em> invalidate the effective Request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.13"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) as well as the URI(s) in the Location and Content-Location response header fields (if present) when a non-error response
-         to a request with an unsafe method is received.
-      </p>
-      <p id="rfc.section.2.6.p.3">However, a cache <em class="bcp14">MUST NOT</em> invalidate a URI from a Location or Content-Location response header field if the host part of that URI differs from the host
-         part in the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.14"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). This helps prevent denial of service attacks.
+      <p id="rfc.section.2.6.p.2">A cache <em class="bcp14">MUST</em> invalidate the effective Request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.13"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) as well as the URI(s) in the <a href="p2-semantics.html#header.location" class="smpl">Location</a> and <a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> response header fields (if present) when a non-error response to a request with an unsafe method is received.
+      </p>
+      <p id="rfc.section.2.6.p.3">However, a cache <em class="bcp14">MUST NOT</em> invalidate a URI from a <a href="p2-semantics.html#header.location" class="smpl">Location</a> or <a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> response header field if the host part of that URI differs from the host part in the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.14"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). This helps prevent denial of service attacks.
       </p>
       <p id="rfc.section.2.6.p.4">A cache <em class="bcp14">MUST</em> invalidate the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 5.5</a> of <a href="#Part1" id="rfc.xref.Part1.15"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) when it receives a non-error response to a request with a method whose safety is unknown.
@@ -1184 +1181 @@
       </p>
       <p id="rfc.section.2.8.p.5">The stored response with matching selecting header fields is known as the selected response.</p>
-      <p id="rfc.section.2.8.p.6">If multiple selected responses are available, the most recent response (as determined by the Date header field) is used; see <a href="#constructing.responses.from.caches" title="Constructing Responses from Caches">Section&nbsp;2.2</a>.
+      <p id="rfc.section.2.8.p.6">If multiple selected responses are available, the most recent response (as determined by the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field) is used; see <a href="#constructing.responses.from.caches" title="Constructing Responses from Caches">Section&nbsp;2.2</a>.
       </p>
       <p id="rfc.section.2.8.p.7">If no selected response is available, the cache can forward the presented request to the origin server in a conditional request;
@@ -1305 +1302 @@
       <div id="rfc.iref.n.3"></div>
       <h4 id="rfc.section.3.2.1.6"><a href="#rfc.section.3.2.1.6">3.2.1.6</a>&nbsp;<a id="cache-request-directive.no-transform" href="#cache-request-directive.no-transform">no-transform</a></h4>
-      <p id="rfc.section.3.2.1.6.p.1">The no-transform request directive indicates that an intermediary (whether or not it implements a cache) <em class="bcp14">MUST NOT</em> change the Content-Encoding, <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> or Content-Type request header fields, nor the request representation.
+      <p id="rfc.section.3.2.1.6.p.1">The no-transform request directive indicates that an intermediary (whether or not it implements a cache) <em class="bcp14">MUST NOT</em> change the <a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a>, <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> or <a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> request header fields, nor the request representation.
       </p>
       <div id="rfc.iref.c.13"></div>
@@ -1421 +1418 @@
       <div id="rfc.iref.n.6"></div>
       <h4 id="rfc.section.3.2.2.9"><a href="#rfc.section.3.2.2.9">3.2.2.9</a>&nbsp;<a id="cache-response-directive.no-transform" href="#cache-response-directive.no-transform">no-transform</a></h4>
-      <p id="rfc.section.3.2.2.9.p.1">The no-transform response directive indicates that an intermediary (regardless of whether it implements a cache) <em class="bcp14">MUST NOT</em> change the Content-Encoding, <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> or Content-Type response header fields, nor the response representation.
+      <p id="rfc.section.3.2.2.9.p.1">The no-transform response directive indicates that an intermediary (regardless of whether it implements a cache) <em class="bcp14">MUST NOT</em> change the <a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a>, <a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> or <a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> response header fields, nor the response representation.
       </p>
       <h3 id="rfc.section.3.2.3"><a href="#rfc.section.3.2.3">3.2.3</a>&nbsp;<a id="cache.control.extensions" href="#cache.control.extensions">Cache Control Extensions</a></h3>
@@ -1592 +1589 @@
       </ul>
       <p id="rfc.section.3.6.p.9">If an implementation sends a message with one or more Warning header fields to a receiver whose version is HTTP/1.0 or lower,
-         then the sender <em class="bcp14">MUST</em> include in each warning-value a warn-date that matches the Date header field in the message.
-      </p>
-      <p id="rfc.section.3.6.p.10">If a system receives a message with a warning-value that includes a warn-date, and that warn-date is different from the Date
-         value in the response, then that warning-value <em class="bcp14">MUST</em> be deleted from the message before storing, forwarding, or using it. (preventing the consequences of naive caching of Warning
+         then the sender <em class="bcp14">MUST</em> include in each warning-value a warn-date that matches the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field in the message.
+      </p>
+      <p id="rfc.section.3.6.p.10">If a system receives a message with a warning-value that includes a warn-date, and that warn-date is different from the <a href="p2-semantics.html#header.date" class="smpl">Date</a> value in the response, then that warning-value <em class="bcp14">MUST</em> be deleted from the message before storing, forwarding, or using it. (preventing the consequences of naive caching of Warning
          header fields.) If all of the warning-values are deleted for this reason, the Warning header field <em class="bcp14">MUST</em> be deleted as well.
       </p>
@@ -1970 +1966 @@
       <p id="rfc.section.A.p.1">Make the specified age calculation algorithm less conservative. (<a href="#age.calculations" title="Calculating Age">Section&nbsp;2.3.2</a>)
       </p>
-      <p id="rfc.section.A.p.2">Remove requirement to consider Content-Location in successful responses in order to determine the appropriate response to
-         use. (<a href="#validation.model" title="Validation Model">Section&nbsp;2.4</a>)
+      <p id="rfc.section.A.p.2">Remove requirement to consider <a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> in successful responses in order to determine the appropriate response to use. (<a href="#validation.model" title="Validation Model">Section&nbsp;2.4</a>)
       </p>
       <p id="rfc.section.A.p.3">Clarify denial of service attack avoidance requirement. (<a href="#invalidation.after.updates.or.deletions" title="Request Methods that Invalidate">Section&nbsp;2.6</a>)

draft-ietf-httpbis/latest/p6-cache.xml

@@ -332 +332 @@
    impact on security. This is because different uses of the protocol require
    different error handling strategies; for example, a Web browser might wish to
-   transparently recover from a response where the Location header field
-   doesn't parse according to the ABNF, whereby in a systems control protocol
-   using HTTP, this type of error recovery could lead to dangerous consequences.
+   transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereby in a systems
+   control protocol using HTTP, this type of error recovery could lead to
+   dangerous consequences.
 </t>
 </section>
@@ -580 +581 @@
 <t>
    When more than one suitable response is stored, a cache &MUST; use the 
-   most recent response (as determined by the Date header field). It can also
-   forward a request with "Cache-Control: max-age=0" or "Cache-Control:
-   no-cache" to disambiguate which response to use.
+   most recent response (as determined by the <x:ref>Date</x:ref> header
+   field). It can also forward a request with "Cache-Control: max-age=0" or
+   "Cache-Control: no-cache" to disambiguate which response to use.
 </t>
 <t>
@@ -662 +663 @@
       <t>If the <x:ref>Expires</x:ref> response header field
       (<xref target="header.expires" />) is present, use its value minus the
-      value of the Date response header field, or</t>
+      value of the <x:ref>Date</x:ref> response header field, or</t>
       <t>Otherwise, no explicit expiration time is present in the response. A
       heuristic freshness lifetime might be applicable; see <xref
@@ -742 +743 @@
    <list>
       <t>
-         HTTP/1.1 requires origin servers to send a Date header field, if possible,
-         with every response, giving the time at which the response was
-         generated. The term "date_value" denotes the value of the Date
-         header field, in a form appropriate for arithmetic operations. See
+         HTTP/1.1 requires origin servers to send a <x:ref>Date</x:ref> header
+         field, if possible, with every response, giving the time at which the
+         response was generated. The term "date_value" denotes the value of the
+         Date header field, in a form appropriate for arithmetic operations. See
          &header-date; for the definition of the Date header field, and for
          requirements regarding responses without it.
@@ -1022 +1023 @@
 <t>
    A cache &MUST; invalidate the effective Request URI 
-   (&effective-request-uri;) as well as the URI(s) in the Location
-   and Content-Location response header fields (if present) when a non-error 
-   response to a request with an unsafe method is received.
-</t>
-<t>
-   However, a cache &MUST-NOT; invalidate a URI from a Location or
-   Content-Location response header field if the host part of that URI differs
-   from the host part in the effective request URI (&effective-request-uri;).
-   This helps prevent denial of service attacks.
+   (&effective-request-uri;) as well as the URI(s) in the <x:ref>Location</x:ref>
+   and <x:ref>Content-Location</x:ref> response header fields (if present) when
+   a non-error response to a request with an unsafe method is received.
+</t>
+<t>
+   However, a cache &MUST-NOT; invalidate a URI from a <x:ref>Location</x:ref>
+   or <x:ref>Content-Location</x:ref> response header field if the host part of
+   that URI differs from the host part in the effective request URI
+   (&effective-request-uri;). This helps prevent denial of service attacks.
 </t>
 <t>
@@ -1122 +1123 @@
 <t>
    If multiple selected responses are available, the most recent response 
-   (as determined by the Date header field) is used; see <xref 
+   (as determined by the <x:ref>Date</x:ref> header field) is used; see <xref 
    target="constructing.responses.from.caches"/>.
 </t>
@@ -1360 +1361 @@
    The no-transform request directive indicates that an intermediary
    (whether or not it implements a cache) &MUST-NOT; change the 
-   Content-Encoding, <x:ref>Content-Range</x:ref> or Content-Type request
-   header fields, nor the request representation.
+   <x:ref>Content-Encoding</x:ref>, <x:ref>Content-Range</x:ref> or
+   <x:ref>Content-Type</x:ref> request header fields, nor the request
+   representation.
 </t>
 </section>
@@ -1589 +1591 @@
    The no-transform response directive indicates that an intermediary
    (regardless of whether it implements a cache) &MUST-NOT; change the 
-   Content-Encoding, <x:ref>Content-Range</x:ref> or Content-Type response
-   header fields, nor the response representation.
+   <x:ref>Content-Encoding</x:ref>, <x:ref>Content-Range</x:ref> or 
+   <x:ref>Content-Type</x:ref> response header fields, nor the response
+   representation.
 </t>
 </section>
@@ -1912 +1915 @@
    If an implementation sends a message with one or more Warning header fields to a
    receiver whose version is HTTP/1.0 or lower, then the sender &MUST; include
-   in each warning-value a warn-date that matches the Date header field in the
-   message.
+   in each warning-value a warn-date that matches the <x:ref>Date</x:ref> header
+   field in the message.
 </t>
 <t>
    If a system receives a message with a warning-value that includes
-   a warn-date, and that warn-date is different from the Date value in the
-   response, then that warning-value &MUST; be deleted from the message before
-   storing, forwarding, or using it. (preventing the consequences of naive
-   caching of Warning header fields.) If all of the warning-values are deleted
-   for this reason, the Warning header field &MUST; be deleted as well.
+   a warn-date, and that warn-date is different from the <x:ref>Date</x:ref>
+   value in the response, then that warning-value &MUST; be deleted from the
+   message before storing, forwarding, or using it. (preventing the consequences
+   of naive caching of Warning header fields.) If all of the warning-values are
+   deleted for this reason, the Warning header field &MUST; be deleted as well.
 </t>
 <t>
@@ -2309 +2312 @@
       <x:defines>5xx (Server Error)</x:defines>
       <x:defines>504 (Gateway Timeout)</x:defines>
+      <x:defines>Content-Encoding</x:defines>
+      <x:defines>Content-Location</x:defines>
+      <x:defines>Content-Type</x:defines>
+      <x:defines>Date</x:defines>
+      <x:defines>Location</x:defines>
     </x:source>
   </reference>
@@ -2532 +2540 @@
 </t>
 <t>
-  Remove requirement to consider Content-Location in successful responses
-  in order to determine the appropriate response to use.
+  Remove requirement to consider <x:ref>Content-Location</x:ref> in successful
+  responses in order to determine the appropriate response to use.
   (<xref target="validation.model" />)
 </t>

draft-ietf-httpbis/latest/p7-auth.html

@@ -648 +648 @@
          mechanisms, except in cases where it has direct impact on security. This is because different uses of the protocol require
          different error handling strategies; for example, a Web browser might wish to transparently recover from a response where
-         the Location header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type
-         of error recovery could lead to dangerous consequences.
+         the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereby in a systems control protocol using HTTP, this type of error recovery
+         could lead to dangerous consequences.
       </p>
       <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
@@ -683 +683 @@
          with or without padding, but excluding whitespace (<a href="#RFC4648" id="rfc.xref.RFC4648.1"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a>).
       </p>
-      <p id="rfc.section.2.1.p.5">The <a href="#status.401" class="smpl">401 (Unauthorized)</a> response message is used by an origin server to challenge the authorization of a user agent. This response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource.
-      </p>
-      <p id="rfc.section.2.1.p.6">The <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.
+      <p id="rfc.section.2.1.p.5">The <a href="#status.401" class="smpl">401 (Unauthorized)</a> response message is used by an origin server to challenge the authorization of a user agent. This response <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field containing at least one challenge applicable to the requested resource.
+      </p>
+      <p id="rfc.section.2.1.p.6">The <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field containing at least one challenge applicable to the proxy for the requested resource.
       </p>
       <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.g.4"></span>  <a href="#challenge.and.response" class="smpl">challenge</a>   = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
 </pre><div class="note" id="rfc.section.2.1.p.8"> 
-         <p> <b>Note:</b> User agents will need to take special care in parsing the WWW-Authenticate and Proxy-Authenticate header field values because
-            they can contain more than one challenge, or if more than one of each is provided, since the contents of a challenge can itself
-            contain a comma-separated list of authentication parameters.
+         <p> <b>Note:</b> User agents will need to take special care in parsing the <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> and <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field values because they can contain more than one challenge, or if more than one of each is provided, since the contents
+            of a challenge can itself contain a comma-separated list of authentication parameters.
          </p> 
       </div>
@@ -701 +700 @@
       <p id="rfc.section.2.1.p.10">A user agent that wishes to authenticate itself with an origin server — usually, but not necessarily, after receiving a <a href="#status.401" class="smpl">401 (Unauthorized)</a> — can do so by including an <a href="#header.authorization" class="smpl">Authorization</a> header field with the request.
       </p>
-      <p id="rfc.section.2.1.p.11">A client that wishes to authenticate itself with a proxy — usually, but not necessarily, after receiving a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> — can do so by including a Proxy-Authorization header field with the request.
-      </p>
-      <p id="rfc.section.2.1.p.12">Both the <a href="#header.authorization" class="smpl">Authorization</a> field value and the Proxy-Authorization field value contain the client's credentials for the realm of the resource being requested,
-         based upon a challenge received from the server (possibly at some point in the past). When creating their values, the user
-         agent ought to do so by selecting the challenge with what it considers to be the most secure auth-scheme that it understands,
-         obtaining credentials from the user as appropriate.
+      <p id="rfc.section.2.1.p.11">A client that wishes to authenticate itself with a proxy — usually, but not necessarily, after receiving a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> — can do so by including a <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> header field with the request.
+      </p>
+      <p id="rfc.section.2.1.p.12">Both the <a href="#header.authorization" class="smpl">Authorization</a> field value and the <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> field value contain the client's credentials for the realm of the resource being requested, based upon a challenge received
+         from the server (possibly at some point in the past). When creating their values, the user agent ought to do so by selecting
+         the challenge with what it considers to be the most secure auth-scheme that it understands, obtaining credentials from the
+         user as appropriate.
       </p>
       <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span>  <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
 </pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial
-         credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
+         credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response. Such responses <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field containing at least one (possibly new) challenge applicable to the requested resource.
       </p>
       <p id="rfc.section.2.1.p.15">Likewise, upon a request that requires authentication by proxies that omit credentials or contain invalid or partial credentials,
-         a proxy <em class="bcp14">SHOULD</em> return a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy.
+         a proxy <em class="bcp14">SHOULD</em> return a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response. Such responses <em class="bcp14">MUST</em> include a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field containing a (possibly new) challenge applicable to the proxy.
       </p>
       <p id="rfc.section.2.1.p.16">A server receiving credentials that are valid, but not adequate to gain access, ought to respond with the <a href="p2-semantics.html#status.403" class="smpl">403 (Forbidden)</a> status code (<a href="p2-semantics.html#status.403" title="403 Forbidden">Section 4.6.3</a> of <a href="#Part2" id="rfc.xref.Part2.1"><cite title="HTTP/1.1, part 2: Message Semantics, Payload and Content Negotiation">[Part2]</cite></a>).
@@ -721 +720 @@
          authentication information. However, such additional mechanisms are not defined by this specification.
       </p>
-      <p id="rfc.section.2.1.p.18">Proxies <em class="bcp14">MUST</em> forward the WWW-Authenticate and <a href="#header.authorization" class="smpl">Authorization</a> header fields unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
+      <p id="rfc.section.2.1.p.18">Proxies <em class="bcp14">MUST</em> forward the <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> and <a href="#header.authorization" class="smpl">Authorization</a> header fields unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
       </p>
       <div id="rfc.iref.p.1"></div>
@@ -794 +793 @@
          </li>
          <li>
-            <p>Authentication schemes need to document whether they are usable in origin-server authentication (i.e., using WWW-Authenticate),
-               and/or proxy authentication (i.e., using Proxy-Authenticate).
+            <p>Authentication schemes need to document whether they are usable in origin-server authentication (i.e., using <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>), and/or proxy authentication (i.e., using <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a>).
             </p>
          </li>
@@ -811 +809 @@
       <div id="rfc.iref.s.1"></div>
       <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a id="status.401" href="#status.401">401 Unauthorized</a></h2>
-      <p id="rfc.section.3.1.p.1">The request requires user authentication. The response <em class="bcp14">MUST</em> include a WWW-Authenticate header field (<a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.1" title="WWW-Authenticate">Section&nbsp;4.4</a>) containing a challenge applicable to the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable <a href="#header.authorization" class="smpl">Authorization</a> header field (<a href="#header.authorization" id="rfc.xref.header.authorization.2" title="Authorization">Section&nbsp;4.1</a>). If the request already included Authorization credentials, then the 401 response indicates that authorization has been
+      <p id="rfc.section.3.1.p.1">The request requires user authentication. The response <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field (<a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.1" title="WWW-Authenticate">Section&nbsp;4.4</a>) containing a challenge applicable to the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable <a href="#header.authorization" class="smpl">Authorization</a> header field (<a href="#header.authorization" id="rfc.xref.header.authorization.2" title="Authorization">Section&nbsp;4.1</a>). If the request already included Authorization credentials, then the 401 response indicates that authorization has been
          refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has
          already attempted authentication at least once, then the user <em class="bcp14">SHOULD</em> be presented the representation that was given in the response, since that representation might include relevant diagnostic
@@ -819 +817 @@
       <div id="rfc.iref.s.2"></div>
       <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="status.407" href="#status.407">407 Proxy Authentication Required</a></h2>
-      <p id="rfc.section.3.2.p.1">This code is similar to <a href="#status.401" class="smpl">401 (Unauthorized)</a>, but indicates that the client ought to first authenticate itself with the proxy. The proxy <em class="bcp14">MUST</em> return a Proxy-Authenticate header field (<a href="#header.proxy-authenticate" id="rfc.xref.header.proxy-authenticate.1" title="Proxy-Authenticate">Section&nbsp;4.2</a>) containing a challenge applicable to the proxy for the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable Proxy-Authorization header field (<a href="#header.proxy-authorization" id="rfc.xref.header.proxy-authorization.1" title="Proxy-Authorization">Section&nbsp;4.3</a>).
+      <p id="rfc.section.3.2.p.1">This code is similar to <a href="#status.401" class="smpl">401 (Unauthorized)</a>, but indicates that the client ought to first authenticate itself with the proxy. The proxy <em class="bcp14">MUST</em> return a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field (<a href="#header.proxy-authenticate" id="rfc.xref.header.proxy-authenticate.1" title="Proxy-Authenticate">Section&nbsp;4.2</a>) containing a challenge applicable to the proxy for the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> header field (<a href="#header.proxy-authorization" id="rfc.xref.header.proxy-authorization.1" title="Proxy-Authorization">Section&nbsp;4.3</a>).
       </p>
       <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="header.field.definitions" href="#header.field.definitions">Header Field Definitions</a></h1>
@@ -854 +852 @@
       </p>
       <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
-</pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries <em class="bcp14">SHOULD NOT</em> forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them
+</pre><p id="rfc.section.4.2.p.3">Unlike <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>, the Proxy-Authenticate header field applies only to the current connection, and intermediaries <em class="bcp14">SHOULD NOT</em> forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them
          from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate header
          field.
       </p>
-      <p id="rfc.section.4.2.p.4">Note that the parsing considerations for WWW-Authenticate apply to this header field as well; see <a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.2" title="WWW-Authenticate">Section&nbsp;4.4</a> for details.
+      <p id="rfc.section.4.2.p.4">Note that the parsing considerations for <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> apply to this header field as well; see <a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.2" title="WWW-Authenticate">Section&nbsp;4.4</a> for details.
       </p>
       <div id="rfc.iref.p.3"></div>
@@ -868 +866 @@
       </p>
       <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a>
-</pre><p id="rfc.section.4.3.p.3">Unlike <a href="#header.authorization" class="smpl">Authorization</a>, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication using the Proxy-Authenticate
-         field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed by the first outbound proxy
+</pre><p id="rfc.section.4.3.p.3">Unlike <a href="#header.authorization" class="smpl">Authorization</a>, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication using the <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed by the first outbound proxy
          that was expecting to receive credentials. A proxy <em class="bcp14">MAY</em> relay the credentials from the client request to the next proxy if that is the mechanism by which the proxies cooperatively
          authenticate a given request.

draft-ietf-httpbis/latest/p7-auth.xml

@@ -173 +173 @@
    impact on security. This is because different uses of the protocol require
    different error handling strategies; for example, a Web browser might wish to
-   transparently recover from a response where the Location header field
-   doesn't parse according to the ABNF, whereby in a systems control protocol
-   using HTTP, this type of error recovery could lead to dangerous consequences.
+   transparently recover from a response where the <x:ref>Location</x:ref>
+   header field doesn't parse according to the ABNF, whereby in a systems
+   control protocol using HTTP, this type of error recovery could lead to
+   dangerous consequences.
 </t>
 </section>
@@ -325 +326 @@
    credentials or contain invalid or partial credentials, a proxy &SHOULD;
    return a <x:ref>407 (Proxy Authentication Required)</x:ref> response. Such responses
-   &MUST; include a <x:ref>Proxy-Authenticate header</x:ref> field containing a (possibly
+   &MUST; include a <x:ref>Proxy-Authenticate</x:ref> header field containing a (possibly
    new) challenge applicable to the proxy.
 </t>
@@ -896 +897 @@
   <x:source basename="p2-semantics" href="p2-semantics.xml">
     <x:defines>403 (Forbidden)</x:defines>
+    <x:defines>Location</x:defines>
   </x:source>
 </reference>