![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Changeset 2726 for draft-ietf-httpbis/05/p1-messaging.html
- Timestamp:
- 14/06/14 11:20:37 (8 years ago)
- File:
-
- 1 edited
-
draft-ietf-httpbis/05/p1-messaging.html (modified) (44 diffs)
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/05/p1-messaging.html
r1099 r2726 2 2 PUBLIC "-//W3C//DTD HTML 4.01//EN"> 3 3 <html lang="en"> 4 <head profile="http:// www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">4 <head profile="http://dublincore.org/documents/2008/08/04/dc-html/"> 5 5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 6 <title>HTTP/1.1, part 1: URIs, Connections, and Message Parsing</title><style type="text/css" title="Xml2Rfc (sans serif)"> … … 24 24 body { 25 25 color: black; 26 font-family: verdana, helvetica, arial, sans-serif; 27 font-size: 10pt; 26 font-family: cambria, helvetica, arial, sans-serif; 27 font-size: 11pt; 28 margin-right: 2em; 28 29 } 29 30 cite { 30 31 font-style: normal; 31 32 } 32 dd {33 margin-right: 2em;34 }35 33 dl { 36 34 margin-left: 2em; 37 35 } 38 39 36 ul.empty { 40 37 list-style-type: none; … … 50 47 } 51 48 h1 { 52 font-size: 1 4pt;49 font-size: 130%; 53 50 line-height: 21pt; 54 51 page-break-after: avoid; … … 57 54 page-break-before: always; 58 55 } 59 h1 a {60 color: #333333;61 }62 56 h2 { 63 font-size: 12 pt;57 font-size: 120%; 64 58 line-height: 15pt; 65 59 page-break-after: avoid; 66 60 } 67 h3 , h4, h5, h6{68 font-size: 1 0pt;61 h3 { 62 font-size: 110%; 69 63 page-break-after: avoid; 70 64 } 71 h2 a, h3 a, h4 a, h5 a, h6 a { 65 h4, h5, h6 { 66 page-break-after: avoid; 67 } 68 h1 a, h2 a, h3 a, h4 a, h5 a, h6 a { 72 69 color: black; 73 70 } … … 77 74 li { 78 75 margin-left: 2em; 79 margin-right: 2em;80 76 } 81 77 ol { 82 78 margin-left: 2em; 83 margin-right: 2em; 79 } 80 ol.la { 81 list-style-type: lower-alpha; 82 } 83 ol.ua { 84 list-style-type: upper-alpha; 84 85 } 85 86 ol p { … … 88 89 p { 89 90 margin-left: 2em; 90 margin-right: 2em;91 91 } 92 92 pre { … … 94 94 background-color: lightyellow; 95 95 padding: .25em; 96 page-break-inside: avoid; 96 97 } 97 98 pre.text2 { … … 122 123 table.tt { 123 124 vertical-align: top; 125 border-color: gray; 126 } 127 table.tt th { 128 border-color: gray; 129 } 130 table.tt td { 131 border-color: gray; 132 } 133 table.all { 134 border-style: solid; 135 border-width: 2px; 124 136 } 125 137 table.full { 126 border-style: outset; 127 border-width: 1px; 128 } 129 table.headers { 130 border-style: outset; 131 border-width: 1px; 138 border-style: solid; 139 border-width: 2px; 132 140 } 133 141 table.tt td { 134 142 vertical-align: top; 135 143 } 144 table.all td { 145 border-style: solid; 146 border-width: 1px; 147 } 136 148 table.full td { 137 border-style: inset;149 border-style: none solid; 138 150 border-width: 1px; 139 151 } … … 141 153 vertical-align: top; 142 154 } 155 table.all th { 156 border-style: solid; 157 border-width: 1px; 158 } 143 159 table.full th { 144 border-style: inset;145 border-width: 1px ;160 border-style: solid; 161 border-width: 1px 1px 2px 1px; 146 162 } 147 163 table.headers th { 148 border-style: none none insetnone;149 border-width: 1px;164 border-style: none none solid none; 165 border-width: 2px; 150 166 } 151 167 table.left { … … 162 178 caption-side: bottom; 163 179 font-weight: bold; 164 font-size: 9pt;180 font-size: 10pt; 165 181 margin-top: .5em; 166 182 } … … 169 185 border-spacing: 1px; 170 186 width: 95%; 171 font-size: 1 0pt;187 font-size: 11pt; 172 188 color: white; 173 189 } … … 177 193 td.topnowrap { 178 194 vertical-align: top; 179 white-space: nowrap; 195 white-space: nowrap; 180 196 } 181 197 table.header td { … … 197 213 list-style: none; 198 214 margin-left: 1.5em; 199 margin-right: 0em;200 215 padding-left: 0em; 201 216 } … … 203 218 line-height: 150%; 204 219 font-weight: bold; 205 font-size: 10pt;206 220 margin-left: 0em; 207 margin-right: 0em;208 221 } 209 222 ul.toc li li { 210 223 line-height: normal; 211 224 font-weight: normal; 212 font-size: 9pt;225 font-size: 10pt; 213 226 margin-left: 0em; 214 margin-right: 0em;215 227 } 216 228 li.excluded { … … 219 231 ul p { 220 232 margin-left: 0em; 233 } 234 .title, .filename, h1, h2, h3, h4 { 235 font-family: candara, helvetica, arial, sans-serif; 236 } 237 samp, tt, code, pre { 238 font: consolas, monospace; 221 239 } 222 240 ul.ind, ul.ind ul { 223 241 list-style: none; 224 242 margin-left: 1.5em; 225 margin-right: 0em;226 243 padding-left: 0em; 227 244 page-break-before: avoid; … … 231 248 line-height: 200%; 232 249 margin-left: 0em; 233 margin-right: 0em;234 250 } 235 251 ul.ind li li { … … 237 253 line-height: 150%; 238 254 margin-left: 0em; 239 margin-right: 0em;240 255 } 241 256 .avoidbreak { … … 261 276 font-weight: bold; 262 277 text-align: center; 263 font-size: 9pt;278 font-size: 10pt; 264 279 } 265 280 .filename { 266 281 color: #333333; 282 font-size: 75%; 267 283 font-weight: bold; 268 font-size: 12pt;269 284 line-height: 21pt; 270 285 text-align: center; … … 273 288 font-weight: bold; 274 289 } 275 .hidden {276 display: none;277 }278 290 .left { 279 291 text-align: left; … … 283 295 } 284 296 .title { 285 color: #990000;286 font-size: 1 8pt;297 color: green; 298 font-size: 150%; 287 299 line-height: 18pt; 288 300 font-weight: bold; … … 290 302 margin-top: 36pt; 291 303 } 292 .vcardline {293 display: block;294 }295 304 .warning { 296 font-size: 1 4pt;305 font-size: 130%; 297 306 background-color: yellow; 298 307 } … … 303 312 display: none; 304 313 } 305 314 306 315 a { 307 316 color: black; … … 318 327 background-color: white; 319 328 vertical-align: top; 320 font-size: 1 2pt;329 font-size: 110%; 321 330 } 322 331 323 ul.toc a: :after {332 ul.toc a:nth-child(2)::after { 324 333 content: leader('.') target-counter(attr(href), page); 325 334 } 326 335 327 336 ul.ind li li a { 328 337 content: target-counter(attr(href), page); 329 338 } 330 339 331 340 .print2col { 332 341 column-count: 2; … … 338 347 @page { 339 348 @top-left { 340 content: "Internet-Draft"; 341 } 349 content: "Internet-Draft"; 350 } 342 351 @top-right { 343 content: "November 2008"; 344 } 352 content: "November 2008"; 353 } 345 354 @top-center { 346 content: "HTTP/1.1, Part 1"; 347 } 355 content: "HTTP/1.1, Part 1"; 356 } 348 357 @bottom-left { 349 content: "Fielding, et al."; 350 } 358 content: "Fielding, et al."; 359 } 351 360 @bottom-center { 352 content: " Standards Track";353 } 361 content: "Expires May 20, 2009"; 362 } 354 363 @bottom-right { 355 content: "[Page " counter(page) "]"; 356 } 364 content: "[Page " counter(page) "]"; 365 } 357 366 } 358 367 359 @page:first { 368 @page:first { 360 369 @top-left { 361 370 content: normal; … … 389 398 <link rel="Appendix" title="D Terminology" href="#rfc.section.D"> 390 399 <link rel="Appendix" title="E Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.E"> 391 <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1. 537, 2010-12-30 14:21:59, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">400 <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.640, 2014/06/13 12:42:58, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/"> 392 401 <link rel="schema.dct" href="http://purl.org/dc/terms/"> 393 402 <meta name="dct.creator" content="Fielding, R."> … … 418 427 </tr> 419 428 <tr> 420 <td class="left">Obsoletes: <a href="http ://tools.ietf.org/html/rfc2616">2616</a> (if approved)429 <td class="left">Obsoletes: <a href="https://tools.ietf.org/html/rfc2616">2616</a> (if approved) 421 430 </td> 422 431 <td class="right">J. Gettys</td> … … 489 498 </table> 490 499 <p class="title">HTTP/1.1, part 1: URIs, Connections, and Message Parsing<br><span class="filename">draft-ietf-httpbis-p1-messaging-05</span></p> 491 <h1><a id="rfc.status" href="#rfc.status">Status of this Memo</a></h1> 492 <p>By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she 493 is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 494 6 of BCP 79. 495 </p> 496 <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note 497 that other groups may also distribute working documents as Internet-Drafts. 498 </p> 499 <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other 500 documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work 501 in progress”. 502 </p> 503 <p>The list of current Internet-Drafts can be accessed at <a href="http://www.ietf.org/ietf/1id-abstracts.txt">http://www.ietf.org/ietf/1id-abstracts.txt</a>. 504 </p> 505 <p>The list of Internet-Draft Shadow Directories can be accessed at <a href="http://www.ietf.org/shadow.html">http://www.ietf.org/shadow.html</a>. 506 </p> 507 <p>This Internet-Draft will expire on May 20, 2009.</p> 508 <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1> 500 <div id="rfc.status"> 501 <h1><a href="#rfc.status">Status of this Memo</a></h1> 502 <p>By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she 503 is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 504 6 of BCP 79. 505 </p> 506 <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note 507 that other groups may also distribute working documents as Internet-Drafts. 508 </p> 509 <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other 510 documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work 511 in progress”. 512 </p> 513 <p>The list of current Internet-Drafts can be accessed at <a href="http://www.ietf.org/ietf/1id-abstracts.txt">http://www.ietf.org/ietf/1id-abstracts.txt</a>. 514 </p> 515 <p>The list of Internet-Draft Shadow Directories can be accessed at <a href="http://www.ietf.org/shadow.html">http://www.ietf.org/shadow.html</a>. 516 </p> 517 <p>This Internet-Draft will expire on May 20, 2009.</p> 518 </div> 519 <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1> 509 520 <p>The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information 510 521 systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 1 of the … … 513 524 (URI) schemes, defines the generic message syntax and parsing requirements for HTTP message frames, and describes general 514 525 security concerns for implementations. 515 </p> 516 <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1> 526 </p> 527 <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1> 517 528 <p>Discussion of this draft should take place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org). The current issues 518 529 list is at <<a href="http://tools.ietf.org/wg/httpbis/trac/report/11">http://tools.ietf.org/wg/httpbis/trac/report/11</a>> and related documents (including fancy diffs) can be found at <<a href="http://tools.ietf.org/wg/httpbis/">http://tools.ietf.org/wg/httpbis/</a>>. 519 </p> 530 </p> 520 531 <p>The changes in this draft are summarized in <a href="#changes.since.04" title="Since draft-ietf-httpbis-p1-messaging-04">Appendix E.6</a>. 521 </p> 532 </p> 522 533 <hr class="noprint"> 523 534 <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1> 524 535 <ul class="toc"> 525 <li> 1. <a href="#introduction">Introduction</a><ul>526 <li> 1.1 <a href="#intro.requirements">Requirements</a></li>527 <li> 1.2 <a href="#intro.overall.operation">Overall Operation</a></li>536 <li><a href="#rfc.section.1">1.</a> <a href="#introduction">Introduction</a><ul> 537 <li><a href="#rfc.section.1.1">1.1</a> <a href="#intro.requirements">Requirements</a></li> 538 <li><a href="#rfc.section.1.2">1.2</a> <a href="#intro.overall.operation">Overall Operation</a></li> 528 539 </ul> 529 540 </li> 530 <li> 2. <a href="#notation">Notational Conventions and Generic Grammar</a><ul>531 <li> 2.1 <a href="#notation.abnf">ABNF Extension: #rule</a></li>532 <li> 2.2 <a href="#basic.rules">Basic Rules</a></li>533 <li> 2.3 <a href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></li>541 <li><a href="#rfc.section.2">2.</a> <a href="#notation">Notational Conventions and Generic Grammar</a><ul> 542 <li><a href="#rfc.section.2.1">2.1</a> <a href="#notation.abnf">ABNF Extension: #rule</a></li> 543 <li><a href="#rfc.section.2.2">2.2</a> <a href="#basic.rules">Basic Rules</a></li> 544 <li><a href="#rfc.section.2.3">2.3</a> <a href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></li> 534 545 </ul> 535 546 </li> 536 <li> 3. <a href="#protocol.parameters">Protocol Parameters</a><ul>537 <li> 3.1 <a href="#http.version">HTTP Version</a></li>538 <li> 3.2 <a href="#uri">Uniform Resource Identifiers</a><ul>539 <li> 3.2.1 <a href="#http.uri">http URI scheme</a></li>540 <li> 3.2.2 <a href="#uri.comparison">URI Comparison</a></li>547 <li><a href="#rfc.section.3">3.</a> <a href="#protocol.parameters">Protocol Parameters</a><ul> 548 <li><a href="#rfc.section.3.1">3.1</a> <a href="#http.version">HTTP Version</a></li> 549 <li><a href="#rfc.section.3.2">3.2</a> <a href="#uri">Uniform Resource Identifiers</a><ul> 550 <li><a href="#rfc.section.3.2.1">3.2.1</a> <a href="#http.uri">http URI scheme</a></li> 551 <li><a href="#rfc.section.3.2.2">3.2.2</a> <a href="#uri.comparison">URI Comparison</a></li> 541 552 </ul> 542 553 </li> 543 <li> 3.3 <a href="#date.time.formats">Date/Time Formats</a><ul>544 <li> 3.3.1 <a href="#full.date">Full Date</a></li>554 <li><a href="#rfc.section.3.3">3.3</a> <a href="#date.time.formats">Date/Time Formats</a><ul> 555 <li><a href="#rfc.section.3.3.1">3.3.1</a> <a href="#full.date">Full Date</a></li> 545 556 </ul> 546 557 </li> 547 <li> 3.4 <a href="#transfer.codings">Transfer Codings</a><ul>548 <li> 3.4.1 <a href="#chunked.transfer.encoding">Chunked Transfer Coding</a></li>558 <li><a href="#rfc.section.3.4">3.4</a> <a href="#transfer.codings">Transfer Codings</a><ul> 559 <li><a href="#rfc.section.3.4.1">3.4.1</a> <a href="#chunked.transfer.encoding">Chunked Transfer Coding</a></li> 549 560 </ul> 550 561 </li> 551 <li> 3.5 <a href="#product.tokens">Product Tokens</a></li>562 <li><a href="#rfc.section.3.5">3.5</a> <a href="#product.tokens">Product Tokens</a></li> 552 563 </ul> 553 564 </li> 554 <li> 4. <a href="#http.message">HTTP Message</a><ul>555 <li> 4.1 <a href="#message.types">Message Types</a></li>556 <li> 4.2 <a href="#message.headers">Message Headers</a></li>557 <li> 4.3 <a href="#message.body">Message Body</a></li>558 <li> 4.4 <a href="#message.length">Message Length</a></li>559 <li> 4.5 <a href="#general.header.fields">General Header Fields</a></li>565 <li><a href="#rfc.section.4">4.</a> <a href="#http.message">HTTP Message</a><ul> 566 <li><a href="#rfc.section.4.1">4.1</a> <a href="#message.types">Message Types</a></li> 567 <li><a href="#rfc.section.4.2">4.2</a> <a href="#message.headers">Message Headers</a></li> 568 <li><a href="#rfc.section.4.3">4.3</a> <a href="#message.body">Message Body</a></li> 569 <li><a href="#rfc.section.4.4">4.4</a> <a href="#message.length">Message Length</a></li> 570 <li><a href="#rfc.section.4.5">4.5</a> <a href="#general.header.fields">General Header Fields</a></li> 560 571 </ul> 561 572 </li> 562 <li> 5. <a href="#request">Request</a><ul>563 <li> 5.1 <a href="#request-line">Request-Line</a><ul>564 <li> 5.1.1 <a href="#method">Method</a></li>565 <li> 5.1.2 <a href="#request-uri">Request-URI</a></li>573 <li><a href="#rfc.section.5">5.</a> <a href="#request">Request</a><ul> 574 <li><a href="#rfc.section.5.1">5.1</a> <a href="#request-line">Request-Line</a><ul> 575 <li><a href="#rfc.section.5.1.1">5.1.1</a> <a href="#method">Method</a></li> 576 <li><a href="#rfc.section.5.1.2">5.1.2</a> <a href="#request-uri">Request-URI</a></li> 566 577 </ul> 567 578 </li> 568 <li> 5.2 <a href="#the.resource.identified.by.a.request">The Resource Identified by a Request</a></li>579 <li><a href="#rfc.section.5.2">5.2</a> <a href="#the.resource.identified.by.a.request">The Resource Identified by a Request</a></li> 569 580 </ul> 570 581 </li> 571 <li> 6. <a href="#response">Response</a><ul>572 <li> 6.1 <a href="#status-line">Status-Line</a><ul>573 <li> 6.1.1 <a href="#status.code.and.reason.phrase">Status Code and Reason Phrase</a></li>582 <li><a href="#rfc.section.6">6.</a> <a href="#response">Response</a><ul> 583 <li><a href="#rfc.section.6.1">6.1</a> <a href="#status-line">Status-Line</a><ul> 584 <li><a href="#rfc.section.6.1.1">6.1.1</a> <a href="#status.code.and.reason.phrase">Status Code and Reason Phrase</a></li> 574 585 </ul> 575 586 </li> 576 587 </ul> 577 588 </li> 578 <li>7. <a href="#connections">Connections</a><ul> 579 <li>7.1 <a href="#persistent.connections">Persistent Connections</a><ul> 580 <li>7.1.1 <a href="#persistent.purpose">Purpose</a></li> 581 <li>7.1.2 <a href="#persistent.overall">Overall Operation</a><ul> 582 <li>7.1.2.1 <a href="#persistent.negotiation">Negotiation</a></li> 583 <li>7.1.2.2 <a href="#pipelining">Pipelining</a></li> 584 </ul> 585 </li> 586 <li>7.1.3 <a href="#persistent.proxy">Proxy Servers</a></li> 587 <li>7.1.4 <a href="#persistent.practical">Practical Considerations</a></li> 589 <li><a href="#rfc.section.7">7.</a> <a href="#connections">Connections</a><ul> 590 <li><a href="#rfc.section.7.1">7.1</a> <a href="#persistent.connections">Persistent Connections</a><ul> 591 <li><a href="#rfc.section.7.1.1">7.1.1</a> <a href="#persistent.purpose">Purpose</a></li> 592 <li><a href="#rfc.section.7.1.2">7.1.2</a> <a href="#persistent.overall">Overall Operation</a></li> 593 <li><a href="#rfc.section.7.1.3">7.1.3</a> <a href="#persistent.proxy">Proxy Servers</a></li> 594 <li><a href="#rfc.section.7.1.4">7.1.4</a> <a href="#persistent.practical">Practical Considerations</a></li> 588 595 </ul> 589 596 </li> 590 <li> 7.2 <a href="#message.transmission.requirements">Message Transmission Requirements</a><ul>591 <li> 7.2.1 <a href="#persistent.flow">Persistent Connections and Flow Control</a></li>592 <li> 7.2.2 <a href="#persistent.monitor">Monitoring Connections for Error Status Messages</a></li>593 <li> 7.2.3 <a href="#use.of.the.100.status">Use of the 100 (Continue) Status</a></li>594 <li> 7.2.4 <a href="#connection.premature">Client Behavior if Server Prematurely Closes Connection</a></li>597 <li><a href="#rfc.section.7.2">7.2</a> <a href="#message.transmission.requirements">Message Transmission Requirements</a><ul> 598 <li><a href="#rfc.section.7.2.1">7.2.1</a> <a href="#persistent.flow">Persistent Connections and Flow Control</a></li> 599 <li><a href="#rfc.section.7.2.2">7.2.2</a> <a href="#persistent.monitor">Monitoring Connections for Error Status Messages</a></li> 600 <li><a href="#rfc.section.7.2.3">7.2.3</a> <a href="#use.of.the.100.status">Use of the 100 (Continue) Status</a></li> 601 <li><a href="#rfc.section.7.2.4">7.2.4</a> <a href="#connection.premature">Client Behavior if Server Prematurely Closes Connection</a></li> 595 602 </ul> 596 603 </li> 597 604 </ul> 598 605 </li> 599 <li> 8. <a href="#header.fields">Header Field Definitions</a><ul>600 <li> 8.1 <a href="#header.connection">Connection</a></li>601 <li> 8.2 <a href="#header.content-length">Content-Length</a></li>602 <li> 8.3 <a href="#header.date">Date</a><ul>603 <li> 8.3.1 <a href="#clockless.origin.server.operation">Clockless Origin Server Operation</a></li>606 <li><a href="#rfc.section.8">8.</a> <a href="#header.fields">Header Field Definitions</a><ul> 607 <li><a href="#rfc.section.8.1">8.1</a> <a href="#header.connection">Connection</a></li> 608 <li><a href="#rfc.section.8.2">8.2</a> <a href="#header.content-length">Content-Length</a></li> 609 <li><a href="#rfc.section.8.3">8.3</a> <a href="#header.date">Date</a><ul> 610 <li><a href="#rfc.section.8.3.1">8.3.1</a> <a href="#clockless.origin.server.operation">Clockless Origin Server Operation</a></li> 604 611 </ul> 605 612 </li> 606 <li> 8.4 <a href="#header.host">Host</a></li>607 <li> 8.5 <a href="#header.te">TE</a></li>608 <li> 8.6 <a href="#header.trailer">Trailer</a></li>609 <li> 8.7 <a href="#header.transfer-encoding">Transfer-Encoding</a></li>610 <li> 8.8 <a href="#header.upgrade">Upgrade</a></li>611 <li> 8.9 <a href="#header.via">Via</a></li>613 <li><a href="#rfc.section.8.4">8.4</a> <a href="#header.host">Host</a></li> 614 <li><a href="#rfc.section.8.5">8.5</a> <a href="#header.te">TE</a></li> 615 <li><a href="#rfc.section.8.6">8.6</a> <a href="#header.trailer">Trailer</a></li> 616 <li><a href="#rfc.section.8.7">8.7</a> <a href="#header.transfer-encoding">Transfer-Encoding</a></li> 617 <li><a href="#rfc.section.8.8">8.8</a> <a href="#header.upgrade">Upgrade</a></li> 618 <li><a href="#rfc.section.8.9">8.9</a> <a href="#header.via">Via</a></li> 612 619 </ul> 613 620 </li> 614 <li> 9. <a href="#IANA.considerations">IANA Considerations</a><ul>615 <li> 9.1 <a href="#message.header.registration">Message Header Registration</a></li>616 <li> 9.2 <a href="#uri.scheme.registration">URI Scheme Registration</a></li>617 <li> 9.3 <a href="#internet.media.type.http">Internet Media Type Registrations</a><ul>618 <li> 9.3.1 <a href="#internet.media.type.message.http">Internet Media Type message/http</a></li>619 <li> 9.3.2 <a href="#internet.media.type.application.http">Internet Media Type application/http</a></li>621 <li><a href="#rfc.section.9">9.</a> <a href="#IANA.considerations">IANA Considerations</a><ul> 622 <li><a href="#rfc.section.9.1">9.1</a> <a href="#message.header.registration">Message Header Registration</a></li> 623 <li><a href="#rfc.section.9.2">9.2</a> <a href="#uri.scheme.registration">URI Scheme Registration</a></li> 624 <li><a href="#rfc.section.9.3">9.3</a> <a href="#internet.media.type.http">Internet Media Type Registrations</a><ul> 625 <li><a href="#rfc.section.9.3.1">9.3.1</a> <a href="#internet.media.type.message.http">Internet Media Type message/http</a></li> 626 <li><a href="#rfc.section.9.3.2">9.3.2</a> <a href="#internet.media.type.application.http">Internet Media Type application/http</a></li> 620 627 </ul> 621 628 </li> 622 629 </ul> 623 630 </li> 624 <li> 10. <a href="#security.considerations">Security Considerations</a><ul>625 <li> 10.1 <a href="#personal.information">Personal Information</a></li>626 <li> 10.2 <a href="#abuse.of.server.log.information">Abuse of Server Log Information</a></li>627 <li> 10.3 <a href="#attack.pathname">Attacks Based On File and Path Names</a></li>628 <li> 10.4 <a href="#dns.spoofing">DNS Spoofing</a></li>629 <li> 10.5 <a href="#attack.proxies">Proxies and Caching</a></li>630 <li> 10.6 <a href="#attack.DoS">Denial of Service Attacks on Proxies</a></li>631 <li><a href="#rfc.section.10">10.</a> <a href="#security.considerations">Security Considerations</a><ul> 632 <li><a href="#rfc.section.10.1">10.1</a> <a href="#personal.information">Personal Information</a></li> 633 <li><a href="#rfc.section.10.2">10.2</a> <a href="#abuse.of.server.log.information">Abuse of Server Log Information</a></li> 634 <li><a href="#rfc.section.10.3">10.3</a> <a href="#attack.pathname">Attacks Based On File and Path Names</a></li> 635 <li><a href="#rfc.section.10.4">10.4</a> <a href="#dns.spoofing">DNS Spoofing</a></li> 636 <li><a href="#rfc.section.10.5">10.5</a> <a href="#attack.proxies">Proxies and Caching</a></li> 637 <li><a href="#rfc.section.10.6">10.6</a> <a href="#attack.DoS">Denial of Service Attacks on Proxies</a></li> 631 638 </ul> 632 639 </li> 633 <li> 11. <a href="#ack">Acknowledgments</a></li>634 <li> 12. <a href="#rfc.references">References</a><ul>635 <li> 12.1 <a href="#rfc.references.1">Normative References</a></li>636 <li> 12.2 <a href="#rfc.references.2">Informative References</a></li>640 <li><a href="#rfc.section.11">11.</a> <a href="#ack">Acknowledgments</a></li> 641 <li><a href="#rfc.section.12">12.</a> <a href="#rfc.references">References</a><ul> 642 <li><a href="#rfc.section.12.1">12.1</a> <a href="#rfc.references.1">Normative References</a></li> 643 <li><a href="#rfc.section.12.2">12.2</a> <a href="#rfc.references.2">Informative References</a></li> 637 644 </ul> 638 645 </li> 639 <li><a href="#rfc.authors">Authors' Addresses</a></li> 640 <li>A. <a href="#tolerant.applications">Tolerant Applications</a></li> 641 <li>B. <a href="#conversion.of.date.formats">Conversion of Date Formats</a></li> 642 <li>C. <a href="#compatibility">Compatibility with Previous Versions</a><ul> 643 <li>C.1 <a href="#changes.from.1.0">Changes from HTTP/1.0</a><ul> 644 <li>C.1.1 <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses">Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses</a></li> 646 <li><a href="#rfc.section.A">A.</a> <a href="#tolerant.applications">Tolerant Applications</a></li> 647 <li><a href="#rfc.section.B">B.</a> <a href="#conversion.of.date.formats">Conversion of Date Formats</a></li> 648 <li><a href="#rfc.section.C">C.</a> <a href="#compatibility">Compatibility with Previous Versions</a><ul> 649 <li><a href="#rfc.section.C.1">C.1</a> <a href="#changes.from.1.0">Changes from HTTP/1.0</a><ul> 650 <li><a href="#rfc.section.C.1.1">C.1.1</a> <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses">Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses</a></li> 645 651 </ul> 646 652 </li> 647 <li> C.2 <a href="#compatibility.with.http.1.0.persistent.connections">Compatibility with HTTP/1.0 Persistent Connections</a></li>648 <li> C.3 <a href="#changes.from.rfc.2068">Changes from RFC 2068</a></li>649 <li> C.4 <a href="#changes.from.rfc.2616">Changes from RFC 2616</a></li>653 <li><a href="#rfc.section.C.2">C.2</a> <a href="#compatibility.with.http.1.0.persistent.connections">Compatibility with HTTP/1.0 Persistent Connections</a></li> 654 <li><a href="#rfc.section.C.3">C.3</a> <a href="#changes.from.rfc.2068">Changes from RFC 2068</a></li> 655 <li><a href="#rfc.section.C.4">C.4</a> <a href="#changes.from.rfc.2616">Changes from RFC 2616</a></li> 650 656 </ul> 651 657 </li> 652 <li> D. <a href="#terminology">Terminology</a></li>653 <li> E. <a href="#change.log">Change Log (to be removed by RFC Editor before publication)</a><ul>654 <li> E.1 <a href="#rfc.section.E.1">Since RFC2616</a></li>655 <li> E.2 <a href="#rfc.section.E.2">Since draft-ietf-httpbis-p1-messaging-00</a></li>656 <li> E.3 <a href="#rfc.section.E.3">Since draft-ietf-httpbis-p1-messaging-01</a></li>657 <li> E.4 <a href="#changes.since.02">Since draft-ietf-httpbis-p1-messaging-02</a></li>658 <li> E.5 <a href="#changes.since.03">Since draft-ietf-httpbis-p1-messaging-03</a></li>659 <li> E.6 <a href="#changes.since.04">Since draft-ietf-httpbis-p1-messaging-04</a></li>658 <li><a href="#rfc.section.D">D.</a> <a href="#terminology">Terminology</a></li> 659 <li><a href="#rfc.section.E">E.</a> <a href="#change.log">Change Log (to be removed by RFC Editor before publication)</a><ul> 660 <li><a href="#rfc.section.E.1">E.1</a> <a href="#rfc.section.E.1">Since RFC2616</a></li> 661 <li><a href="#rfc.section.E.2">E.2</a> <a href="#rfc.section.E.2">Since draft-ietf-httpbis-p1-messaging-00</a></li> 662 <li><a href="#rfc.section.E.3">E.3</a> <a href="#rfc.section.E.3">Since draft-ietf-httpbis-p1-messaging-01</a></li> 663 <li><a href="#rfc.section.E.4">E.4</a> <a href="#changes.since.02">Since draft-ietf-httpbis-p1-messaging-02</a></li> 664 <li><a href="#rfc.section.E.5">E.5</a> <a href="#changes.since.03">Since draft-ietf-httpbis-p1-messaging-03</a></li> 665 <li><a href="#rfc.section.E.6">E.6</a> <a href="#changes.since.04">Since draft-ietf-httpbis-p1-messaging-04</a></li> 660 666 </ul> 661 667 </li> 662 668 <li><a href="#rfc.index">Index</a></li> 669 <li><a href="#rfc.authors">Authors' Addresses</a></li> 663 670 <li><a href="#rfc.ipr">Intellectual Property and Copyright Statements</a></li> 664 671 </ul> 665 <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a> <a id="introduction" href="#introduction">Introduction</a></h1> 666 <p id="rfc.section.1.p.1">The Hypertext Transfer Protocol (HTTP) is an application-level request/response protocol that uses extensible semantics and 667 MIME-like message payloads for flexible interaction with network-based hypermedia information systems. HTTP relies upon the 668 Uniform Resource Identifier (URI) standard <a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> to indicate resource targets for interaction and to identify other resources. Messages are passed in a format similar to that 669 used by Internet mail <a href="#RFC5322" id="rfc.xref.RFC5322.1"><cite title="Internet Message Format">[RFC5322]</cite></a> and the Multipurpose Internet Mail Extensions (MIME) <a href="#RFC2045" id="rfc.xref.RFC2045.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a> (see <a href="p3-payload.html#differences.between.http.entities.and.rfc.2045.entities" title="Differences Between HTTP Entities and RFC 2045 Entities">Appendix A</a> of <a href="#Part3" id="rfc.xref.Part3.1"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a> for the differences between HTTP and MIME messages). 670 </p> 671 <p id="rfc.section.1.p.2">HTTP is also designed for use as a generic protocol for translating communication to and from other Internet information systems, 672 such as USENET news services via NNTP <a href="#RFC3977" id="rfc.xref.RFC3977.1"><cite title="Network News Transfer Protocol (NNTP)">[RFC3977]</cite></a>, file services via FTP <a href="#RFC959" id="rfc.xref.RFC959.1"><cite title="File Transfer Protocol">[RFC959]</cite></a>, Gopher <a href="#RFC1436" id="rfc.xref.RFC1436.1"><cite title="The Internet Gopher Protocol (a distributed document search and retrieval protocol)">[RFC1436]</cite></a>, and WAIS <a href="#WAIS" id="rfc.xref.WAIS.1"><cite title="WAIS Interface Protocol Prototype Functional Specification (v1.5)">[WAIS]</cite></a>. HTTP proxies and gateways provide access to alternative information services by translating their diverse protocols into 673 a hypermedia format that can be viewed and manipulated by clients in the same way as HTTP services. 674 </p> 675 <p id="rfc.section.1.p.3">This document is Part 1 of the seven-part specification of HTTP, defining the protocol referred to as "HTTP/1.1" and obsoleting <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>. Part 1 defines how clients determine when to use HTTP, the URI schemes specific to HTTP-based resources, overall network 676 operation with transport protocol connection management, and HTTP message framing. Our goal is to define all of the mechanisms 677 necessary for HTTP message handling that are independent of message semantics, thereby defining the complete set of requirements 678 for an HTTP message relay or generic message parser. 679 </p> 680 <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a> <a id="intro.requirements" href="#intro.requirements">Requirements</a></h2> 681 <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 682 in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>. 683 </p> 684 <p id="rfc.section.1.1.p.2">An implementation is not compliant if it fails to satisfy one or more of the <em class="bcp14">MUST</em> or <em class="bcp14">REQUIRED</em> level requirements for the protocols it implements. An implementation that satisfies all the <em class="bcp14">MUST</em> or <em class="bcp14">REQUIRED</em> level and all the <em class="bcp14">SHOULD</em> level requirements for its protocols is said to be "unconditionally compliant"; one that satisfies all the <em class="bcp14">MUST</em> level requirements but not all the <em class="bcp14">SHOULD</em> level requirements for its protocols is said to be "conditionally compliant." 685 </p> 686 <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a> <a id="intro.overall.operation" href="#intro.overall.operation">Overall Operation</a></h2> 687 <p id="rfc.section.1.2.p.1">HTTP is a request/response protocol. A client sends a request to the server in the form of a request method, URI, and protocol 688 version, followed by a MIME-like message containing request modifiers, client information, and possible body content over 689 a connection with a server. The server responds with a status line, including the message's protocol version and a success 690 or error code, followed by a MIME-like message containing server information, entity metainformation, and possible entity-body 691 content. The relationship between HTTP and MIME is described in <a href="p3-payload.html#differences.between.http.entities.and.rfc.2045.entities" title="Differences Between HTTP Entities and RFC 2045 Entities">Appendix A</a> of <a href="#Part3" id="rfc.xref.Part3.2"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 692 </p> 693 <p id="rfc.section.1.2.p.2">Most HTTP communication is initiated by a user agent and consists of a request to be applied to a resource on some origin 694 server. In the simplest case, this may be accomplished via a single connection (v) between the user agent (UA) and the origin 695 server (O). 696 </p> 697 <div id="rfc.figure.u.1"></div><pre class="drawing"> request chain ------------------------> 672 <div id="introduction"> 673 <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a> <a href="#introduction">Introduction</a></h1> 674 <p id="rfc.section.1.p.1">The Hypertext Transfer Protocol (HTTP) is an application-level request/response protocol that uses extensible semantics and 675 MIME-like message payloads for flexible interaction with network-based hypermedia information systems. HTTP relies upon the 676 Uniform Resource Identifier (URI) standard <a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> to indicate resource targets for interaction and to identify other resources. Messages are passed in a format similar to that 677 used by Internet mail <a href="#RFC5322" id="rfc.xref.RFC5322.1"><cite title="Internet Message Format">[RFC5322]</cite></a> and the Multipurpose Internet Mail Extensions (MIME) <a href="#RFC2045" id="rfc.xref.RFC2045.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a> (see <a href="p3-payload.html#differences.between.http.entities.and.rfc.2045.entities" title="Differences Between HTTP Entities and RFC 2045 Entities">Appendix A</a> of <a href="#Part3" id="rfc.xref.Part3.1"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a> for the differences between HTTP and MIME messages). 678 </p> 679 <p id="rfc.section.1.p.2">HTTP is also designed for use as a generic protocol for translating communication to and from other Internet information systems, 680 such as USENET news services via NNTP <a href="#RFC3977" id="rfc.xref.RFC3977.1"><cite title="Network News Transfer Protocol (NNTP)">[RFC3977]</cite></a>, file services via FTP <a href="#RFC959" id="rfc.xref.RFC959.1"><cite title="File Transfer Protocol">[RFC959]</cite></a>, Gopher <a href="#RFC1436" id="rfc.xref.RFC1436.1"><cite title="The Internet Gopher Protocol (a distributed document search and retrieval protocol)">[RFC1436]</cite></a>, and WAIS <a href="#WAIS" id="rfc.xref.WAIS.1"><cite title="WAIS Interface Protocol Prototype Functional Specification (v1.5)">[WAIS]</cite></a>. HTTP proxies and gateways provide access to alternative information services by translating their diverse protocols into 681 a hypermedia format that can be viewed and manipulated by clients in the same way as HTTP services. 682 </p> 683 <p id="rfc.section.1.p.3">This document is Part 1 of the seven-part specification of HTTP, defining the protocol referred to as "HTTP/1.1" and obsoleting <a href="#RFC2616" id="rfc.xref.RFC2616.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>. Part 1 defines how clients determine when to use HTTP, the URI schemes specific to HTTP-based resources, overall network 684 operation with transport protocol connection management, and HTTP message framing. Our goal is to define all of the mechanisms 685 necessary for HTTP message handling that are independent of message semantics, thereby defining the complete set of requirements 686 for an HTTP message relay or generic message parser. 687 </p> 688 <div id="intro.requirements"> 689 <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a> <a href="#intro.requirements">Requirements</a></h2> 690 <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" 691 in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>. 692 </p> 693 <p id="rfc.section.1.1.p.2">An implementation is not compliant if it fails to satisfy one or more of the <em class="bcp14">MUST</em> or <em class="bcp14">REQUIRED</em> level requirements for the protocols it implements. An implementation that satisfies all the <em class="bcp14">MUST</em> or <em class="bcp14">REQUIRED</em> level and all the <em class="bcp14">SHOULD</em> level requirements for its protocols is said to be "unconditionally compliant"; one that satisfies all the <em class="bcp14">MUST</em> level requirements but not all the <em class="bcp14">SHOULD</em> level requirements for its protocols is said to be "conditionally compliant." 694 </p> 695 </div> 696 <div id="intro.overall.operation"> 697 <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a> <a href="#intro.overall.operation">Overall Operation</a></h2> 698 <p id="rfc.section.1.2.p.1">HTTP is a request/response protocol. A client sends a request to the server in the form of a request method, URI, and protocol 699 version, followed by a MIME-like message containing request modifiers, client information, and possible body content over 700 a connection with a server. The server responds with a status line, including the message's protocol version and a success 701 or error code, followed by a MIME-like message containing server information, entity metainformation, and possible entity-body 702 content. The relationship between HTTP and MIME is described in <a href="p3-payload.html#differences.between.http.entities.and.rfc.2045.entities" title="Differences Between HTTP Entities and RFC 2045 Entities">Appendix A</a> of <a href="#Part3" id="rfc.xref.Part3.2"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 703 </p> 704 <p id="rfc.section.1.2.p.2">Most HTTP communication is initiated by a user agent and consists of a request to be applied to a resource on some origin 705 server. In the simplest case, this may be accomplished via a single connection (v) between the user agent (UA) and the origin 706 server (O). 707 </p> 708 <div id="rfc.figure.u.1"></div><pre class="drawing"> request chain ------------------------> 698 709 UA -------------------v------------------- O 699 710 <----------------------- response chain 700 711 </pre><p id="rfc.section.1.2.p.4">A more complicated situation occurs when one or more intermediaries are present in the request/response chain. There are three 701 common forms of intermediary: proxy, gateway, and tunnel. A proxy is a forwarding agent, receiving requests for a URI in its702 absolute form, rewriting all or part of the message, and forwarding the reformatted request toward the server identified by703 the URI. A gateway is a receiving agent, acting as a layer above some other server(s) and, if necessary, translating the requests704 to the underlying server's protocol. A tunnel acts as a relay point between two connections without changing the messages;705 tunnels are used when the communication needs to pass through an intermediary (such as a firewall) even when the intermediary706 cannot understand the contents of the messages.707 </p>708 <div id="rfc.figure.u.2"></div><pre class="drawing"> request chain -------------------------------------->712 common forms of intermediary: proxy, gateway, and tunnel. A proxy is a forwarding agent, receiving requests for a URI in its 713 absolute form, rewriting all or part of the message, and forwarding the reformatted request toward the server identified by 714 the URI. A gateway is a receiving agent, acting as a layer above some other server(s) and, if necessary, translating the requests 715 to the underlying server's protocol. A tunnel acts as a relay point between two connections without changing the messages; 716 tunnels are used when the communication needs to pass through an intermediary (such as a firewall) even when the intermediary 717 cannot understand the contents of the messages. 718 </p> 719 <div id="rfc.figure.u.2"></div><pre class="drawing"> request chain --------------------------------------> 709 720 UA -----v----- A -----v----- B -----v----- C -----v----- O 710 721 <------------------------------------- response chain 711 722 </pre><p id="rfc.section.1.2.p.6">The figure above shows three intermediaries (A, B, and C) between the user agent and origin server. A request or response 712 message that travels the whole chain will pass through four separate connections. This distinction is important because some713 HTTP communication options may apply only to the connection with the nearest, non-tunnel neighbor, only to the end-points714 of the chain, or to all connections along the chain. Although the diagram is linear, each participant may be engaged in multiple,715 simultaneous communications. For example, B may be receiving requests from many clients other than A, and/or forwarding requests716 to servers other than C, at the same time that it is handling A's request.717 </p>718 <p id="rfc.section.1.2.p.7">Any party to the communication which is not acting as a tunnel may employ an internal cache for handling requests. The effect719 of a cache is that the request/response chain is shortened if one of the participants along the chain has a cached response720 applicable to that request. The following illustrates the resulting chain if B has a cached copy of an earlier response from721 O (via C) for a request which has not been cached by UA or A.722 </p>723 <div id="rfc.figure.u.3"></div><pre class="drawing"> request chain ---------->723 message that travels the whole chain will pass through four separate connections. This distinction is important because some 724 HTTP communication options may apply only to the connection with the nearest, non-tunnel neighbor, only to the end-points 725 of the chain, or to all connections along the chain. Although the diagram is linear, each participant may be engaged in multiple, 726 simultaneous communications. For example, B may be receiving requests from many clients other than A, and/or forwarding requests 727 to servers other than C, at the same time that it is handling A's request. 728 </p> 729 <p id="rfc.section.1.2.p.7">Any party to the communication which is not acting as a tunnel may employ an internal cache for handling requests. The effect 730 of a cache is that the request/response chain is shortened if one of the participants along the chain has a cached response 731 applicable to that request. The following illustrates the resulting chain if B has a cached copy of an earlier response from 732 O (via C) for a request which has not been cached by UA or A. 733 </p> 734 <div id="rfc.figure.u.3"></div><pre class="drawing"> request chain ----------> 724 735 UA -----v----- A -----v----- B - - - - - - C - - - - - - O 725 736 <--------- response chain 726 737 </pre><p id="rfc.section.1.2.p.9">Not all responses are usefully cacheable, and some requests may contain modifiers which place special requirements on cache 727 behavior. HTTP requirements for cache behavior and cacheable responses are defined in <a href="p6-cache.html#caching" title="Introduction">Section 1</a> of <a href="#Part6" id="rfc.xref.Part6.1"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>. 728 </p> 729 <p id="rfc.section.1.2.p.10">In fact, there are a wide variety of architectures and configurations of caches and proxies currently being experimented with 730 or deployed across the World Wide Web. These systems include national hierarchies of proxy caches to save transoceanic bandwidth, 731 systems that broadcast or multicast cache entries, organizations that distribute subsets of cached data via CD-ROM, and so 732 on. HTTP systems are used in corporate intranets over high-bandwidth links, and for access via PDAs with low-power radio links 733 and intermittent connectivity. The goal of HTTP/1.1 is to support the wide diversity of configurations already deployed while 734 introducing protocol constructs that meet the needs of those who build web applications that require high reliability and, 735 failing that, at least reliable indications of failure. 736 </p> 737 <p id="rfc.section.1.2.p.11">HTTP communication usually takes place over TCP/IP connections. The default port is TCP 80 (<<a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a>>), but other ports can be used. This does not preclude HTTP from being implemented on top of any other protocol on the Internet, 738 or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used; the 739 mapping of the HTTP/1.1 request and response structures onto the transport data units of the protocol in question is outside 740 the scope of this specification. 741 </p> 742 <p id="rfc.section.1.2.p.12">In HTTP/1.0, most implementations used a new connection for each request/response exchange. In HTTP/1.1, a connection may 743 be used for one or more request/response exchanges, although connections may be closed for a variety of reasons (see <a href="#persistent.connections" title="Persistent Connections">Section 7.1</a>). 744 </p> 745 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a id="notation" href="#notation">Notational Conventions and Generic Grammar</a></h1> 746 <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a> <a id="notation.abnf" href="#notation.abnf">ABNF Extension: #rule</a></h2> 747 <p id="rfc.section.2.1.p.1">One extension to the ABNF rules of <a href="#RFC5234" id="rfc.xref.RFC5234.1"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a> is used to improve readability. 748 </p> 749 <p id="rfc.section.2.1.p.2">A construct "#" is defined, similar to "*", for defining lists of elements. The full form is "<n>#<m>element" indicating at 750 least <n> and at most <m> elements, each separated by one or more commas (",") and <em class="bcp14">OPTIONAL</em> linear white space (OWS). This makes the usual form of lists very easy; a rule such as 751 </p> 752 <div id="rfc.figure.u.4"></div><pre class="text"> ( *<a href="#rule.whitespace" class="smpl">OWS</a> element *( *<a href="#rule.whitespace" class="smpl">OWS</a> "," *<a href="#rule.whitespace" class="smpl">OWS</a> element ))</pre><p id="rfc.section.2.1.p.3">can be shown as </p> 753 <div id="rfc.figure.u.5"></div><pre class="text"> 1#element</pre><p id="rfc.section.2.1.p.4">Wherever this construct is used, null elements are allowed, but do not contribute to the count of elements present. That is, 754 "(element), , (element) " is permitted, but counts as only two elements. Therefore, where at least one element is required, 755 at least one non-null element <em class="bcp14">MUST</em> be present. Default values are 0 and infinity so that "#element" allows any number, including zero; "1#element" requires at 756 least one; and "1#2element" allows one or two. 757 </p> 758 <p id="rfc.section.2.1.p.5"> <span class="comment" id="abnf.list">[<a href="#abnf.list" class="smpl">abnf.list</a>: At a later point of time, we may want to add an appendix containing the whole ABNF, with the list rules expanded to strict 759 RFC 5234 notation.]</span> 760 </p> 761 <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a> <a id="basic.rules" href="#basic.rules">Basic Rules</a></h2> 762 <div id="core.rules"> 763 <p id="rfc.section.2.2.p.1"> This specification uses the Augmented Backus-Naur Form (ABNF) notation of <a href="#RFC5234" id="rfc.xref.RFC5234.2"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>. The following core rules are included by reference, as defined in <a href="#RFC5234" id="rfc.xref.RFC5234.3"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>, <a href="http://tools.ietf.org/html/rfc5234#appendix-B.1">Appendix B.1</a>: ALPHA (letters), CHAR (any <a href="#USASCII" id="rfc.xref.USASCII.1"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a> character, excluding NUL), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), 764 HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line feed), OCTET (any 8-bit sequence of data), SP (space) and 765 WSP (white space). 766 </p> 738 behavior. HTTP requirements for cache behavior and cacheable responses are defined in <a href="p6-cache.html#caching" title="Introduction">Section 1</a> of <a href="#Part6" id="rfc.xref.Part6.1"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>. 739 </p> 740 <p id="rfc.section.1.2.p.10">In fact, there are a wide variety of architectures and configurations of caches and proxies currently being experimented with 741 or deployed across the World Wide Web. These systems include national hierarchies of proxy caches to save transoceanic bandwidth, 742 systems that broadcast or multicast cache entries, organizations that distribute subsets of cached data via CD-ROM, and so 743 on. HTTP systems are used in corporate intranets over high-bandwidth links, and for access via PDAs with low-power radio links 744 and intermittent connectivity. The goal of HTTP/1.1 is to support the wide diversity of configurations already deployed while 745 introducing protocol constructs that meet the needs of those who build web applications that require high reliability and, 746 failing that, at least reliable indications of failure. 747 </p> 748 <p id="rfc.section.1.2.p.11">HTTP communication usually takes place over TCP/IP connections. The default port is TCP 80 (<<a href="http://www.iana.org/assignments/port-numbers">http://www.iana.org/assignments/port-numbers</a>>), but other ports can be used. This does not preclude HTTP from being implemented on top of any other protocol on the Internet, 749 or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used; the 750 mapping of the HTTP/1.1 request and response structures onto the transport data units of the protocol in question is outside 751 the scope of this specification. 752 </p> 753 <p id="rfc.section.1.2.p.12">In HTTP/1.0, most implementations used a new connection for each request/response exchange. In HTTP/1.1, a connection may 754 be used for one or more request/response exchanges, although connections may be closed for a variety of reasons (see <a href="#persistent.connections" title="Persistent Connections">Section 7.1</a>). 755 </p> 756 </div> 767 757 </div> 768 <div id="rule.CRLF"> 769 <p id="rfc.section.2.2.p.2"> HTTP/1.1 defines the sequence CR LF as the end-of-line marker for all protocol elements except the entity-body (see <a href="#tolerant.applications" title="Tolerant Applications">Appendix A</a> for tolerant applications). The end-of-line marker within an entity-body is defined by its associated media type, as described 770 in <a href="p3-payload.html#media.types" title="Media Types">Section 3.3</a> of <a href="#Part3" id="rfc.xref.Part3.3"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 771 </p> 772 </div> 773 <div id="rule.LWS"> 774 <p id="rfc.section.2.2.p.3">All linear white space (LWS) in header field-values has the same semantics as SP. A recipient <em class="bcp14">MAY</em> replace any such linear white space with a single SP before interpreting the field value or forwarding the message downstream. 775 </p> 776 </div> 777 <p id="rfc.section.2.2.p.4">Historically, HTTP/1.1 header field values allow linear white space folding across multiple lines. However, this specification 778 deprecates its use; senders <em class="bcp14">MUST NOT</em> produce messages that include LWS folding (i.e., use the obs-fold rule), except within the message/http media type (<a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section 9.3.1</a>). Receivers <em class="bcp14">SHOULD</em> still parse folded linear white space. 779 </p> 780 <p id="rfc.section.2.2.p.5">This specification uses three rules to denote the use of linear white space; BWS ("Bad" White Space), OWS (Optional White 781 Space), and RWS (Required White Space). 782 </p> 783 <p id="rfc.section.2.2.p.6">"Bad" white space is allowed by the BNF, but senders <em class="bcp14">SHOULD NOT</em> produce it in messages. Receivers <em class="bcp14">MUST</em> accept it in incoming messages. 784 </p> 785 <p id="rfc.section.2.2.p.7">Required white space is used when at least one linear white space character is required to separate field tokens. In all such 786 cases, a single SP character <em class="bcp14">SHOULD</em> be used. 787 </p> 788 <div id="rule.whitespace"> 789 <p id="rfc.section.2.2.p.8"> </p> 790 </div> 791 <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.g.3"></span> <a href="#rule.whitespace" class="smpl">OWS</a> = *( [ obs-fold ] <a href="#core.rules" class="smpl">WSP</a> ) 758 <div id="notation"> 759 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a href="#notation">Notational Conventions and Generic Grammar</a></h1> 760 <div id="notation.abnf"> 761 <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a> <a href="#notation.abnf">ABNF Extension: #rule</a></h2> 762 <p id="rfc.section.2.1.p.1">One extension to the ABNF rules of <a href="#RFC5234" id="rfc.xref.RFC5234.1"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a> is used to improve readability. 763 </p> 764 <p id="rfc.section.2.1.p.2">A construct "#" is defined, similar to "*", for defining lists of elements. The full form is "<n>#<m>element" indicating at 765 least <n> and at most <m> elements, each separated by one or more commas (",") and <em class="bcp14">OPTIONAL</em> linear white space (OWS). This makes the usual form of lists very easy; a rule such as 766 </p><span id="rfc.figure.u.4"></span><pre class="text"> ( *<a href="#rule.whitespace" class="smpl">OWS</a> element *( *<a href="#rule.whitespace" class="smpl">OWS</a> "," *<a href="#rule.whitespace" class="smpl">OWS</a> element ))</pre><p id="rfc.section.2.1.p.3">can be shown as </p><span id="rfc.figure.u.5"></span><pre class="text"> 1#element</pre><p id="rfc.section.2.1.p.4">Wherever this construct is used, null elements are allowed, but do not contribute to the count of elements present. That is, 767 "(element), , (element) " is permitted, but counts as only two elements. Therefore, where at least one element is required, 768 at least one non-null element <em class="bcp14">MUST</em> be present. Default values are 0 and infinity so that "#element" allows any number, including zero; "1#element" requires at 769 least one; and "1#2element" allows one or two. 770 </p> 771 <p id="rfc.section.2.1.p.5"><span class="comment" id="abnf.list">[<a href="#abnf.list" class="smpl">abnf.list</a>: At a later point of time, we may want to add an appendix containing the whole ABNF, with the list rules expanded to strict 772 RFC 5234 notation.]</span> 773 </p> 774 </div> 775 <div id="basic.rules"> 776 <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a> <a href="#basic.rules">Basic Rules</a></h2> 777 <div id="core.rules"> 778 <p id="rfc.section.2.2.p.1"> This specification uses the Augmented Backus-Naur Form (ABNF) notation of <a href="#RFC5234" id="rfc.xref.RFC5234.2"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>. The following core rules are included by reference, as defined in <a href="#RFC5234" id="rfc.xref.RFC5234.3"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>, <a href="https://tools.ietf.org/html/rfc5234#appendix-B.1">Appendix B.1</a>: ALPHA (letters), CHAR (any <a href="#USASCII" id="rfc.xref.USASCII.1"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a> character, excluding NUL), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), 779 HEXDIG (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line feed), OCTET (any 8-bit sequence of data), SP (space) and 780 WSP (white space). 781 </p> 782 </div> 783 <div id="rule.CRLF"> 784 <p id="rfc.section.2.2.p.2"> HTTP/1.1 defines the sequence CR LF as the end-of-line marker for all protocol elements except the entity-body (see <a href="#tolerant.applications" title="Tolerant Applications">Appendix A</a> for tolerant applications). The end-of-line marker within an entity-body is defined by its associated media type, as described 785 in <a href="p3-payload.html#media.types" title="Media Types">Section 3.3</a> of <a href="#Part3" id="rfc.xref.Part3.3"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 786 </p> 787 </div> 788 <div id="rule.LWS"> 789 <p id="rfc.section.2.2.p.3">All linear white space (LWS) in header field-values has the same semantics as SP. A recipient <em class="bcp14">MAY</em> replace any such linear white space with a single SP before interpreting the field value or forwarding the message downstream. 790 </p> 791 </div> 792 <p id="rfc.section.2.2.p.4">Historically, HTTP/1.1 header field values allow linear white space folding across multiple lines. However, this specification 793 deprecates its use; senders <em class="bcp14">MUST NOT</em> produce messages that include LWS folding (i.e., use the obs-fold rule), except within the message/http media type (<a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section 9.3.1</a>). Receivers <em class="bcp14">SHOULD</em> still parse folded linear white space. 794 </p> 795 <p id="rfc.section.2.2.p.5">This specification uses three rules to denote the use of linear white space; BWS ("Bad" White Space), OWS (Optional White 796 Space), and RWS (Required White Space). 797 </p> 798 <p id="rfc.section.2.2.p.6">"Bad" white space is allowed by the BNF, but senders <em class="bcp14">SHOULD NOT</em> produce it in messages. Receivers <em class="bcp14">MUST</em> accept it in incoming messages. 799 </p> 800 <p id="rfc.section.2.2.p.7">Required white space is used when at least one linear white space character is required to separate field tokens. In all such 801 cases, a single SP character <em class="bcp14">SHOULD</em> be used. 802 </p> 803 <div id="rule.whitespace"> 804 <p id="rfc.section.2.2.p.8"> </p> 805 </div> 806 <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.g.3"></span> <a href="#rule.whitespace" class="smpl">OWS</a> = *( [ obs-fold ] <a href="#core.rules" class="smpl">WSP</a> ) 792 807 ; "optional" white space 793 808 <a href="#rule.whitespace" class="smpl">RWS</a> = 1*( [ obs-fold ] <a href="#core.rules" class="smpl">WSP</a> ) … … 797 812 <a href="#rule.whitespace" class="smpl">obs-fold</a> = <a href="#core.rules" class="smpl">CRLF</a> 798 813 </pre><div id="rule.TEXT"> 799 <p id="rfc.section.2.2.p.10">The TEXT rule is only used for descriptive field contents and values that are not intended to be interpreted by the message800 parser. Words of *TEXT <em class="bcp14">MAY</em> contain characters from character sets other than ISO-8859-1 <a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a> only when encoded according to the rules of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a>.801 </p>802 </div>803 <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.4"></span> <a href="#rule.TEXT" class="smpl">TEXT</a> = %x20-7E / %x80-FF / <a href="#rule.whitespace" class="smpl">OWS</a>814 <p id="rfc.section.2.2.p.10"> The TEXT rule is only used for descriptive field contents and values that are not intended to be interpreted by the message 815 parser. Words of *TEXT <em class="bcp14">MAY</em> contain characters from character sets other than ISO-8859-1 <a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a> only when encoded according to the rules of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a>. 816 </p> 817 </div> 818 <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.4"></span> <a href="#rule.TEXT" class="smpl">TEXT</a> = %x20-7E / %x80-FF / <a href="#rule.whitespace" class="smpl">OWS</a> 804 819 ; any <a href="#core.rules" class="smpl">OCTET</a> except <a href="#core.rules" class="smpl">CTL</a>s, but including <a href="#rule.whitespace" class="smpl">OWS</a> 805 820 </pre><p id="rfc.section.2.2.p.12">A CRLF is allowed in the definition of TEXT only as part of a header field continuation. It is expected that the folding LWS 806 will be replaced with a single SP before interpretation of the TEXT value.807 </p>808 <div id="rule.token.separators">809 <p id="rfc.section.2.2.p.13">Many HTTP/1.1 header field values consist of words separated by LWS or special characters. These special characters <em class="bcp14">MUST</em> be in a quoted string to be used within a parameter value (as defined in <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>).810 </p>811 </div>812 <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span> <a href="#rule.token.separators" class="smpl">tchar</a> = "!" / "#" / "$" / "%" / "&" / "'" / "*"821 will be replaced with a single SP before interpretation of the TEXT value. 822 </p> 823 <div id="rule.token.separators"> 824 <p id="rfc.section.2.2.p.13"> Many HTTP/1.1 header field values consist of words separated by LWS or special characters. These special characters <em class="bcp14">MUST</em> be in a quoted string to be used within a parameter value (as defined in <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>). 825 </p> 826 </div> 827 <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span> <a href="#rule.token.separators" class="smpl">tchar</a> = "!" / "#" / "$" / "%" / "&" / "'" / "*" 813 828 / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" 814 829 / <a href="#core.rules" class="smpl">DIGIT</a> / <a href="#core.rules" class="smpl">ALPHA</a> … … 816 831 <a href="#rule.token.separators" class="smpl">token</a> = 1*<a href="#rule.token.separators" class="smpl">tchar</a> 817 832 </pre><div id="rule.comment"> 818 <p id="rfc.section.2.2.p.15">Comments can be included in some HTTP header fields by surrounding the comment text with parentheses. Comments are only allowed819 in fields containing "comment" as part of their field value definition. In all other fields, parentheses are considered part820 of the field value.821 </p>822 </div>823 <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span> <a href="#rule.comment" class="smpl">comment</a> = "(" *( <a href="#rule.comment" class="smpl">ctext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> / <a href="#rule.comment" class="smpl">comment</a> ) ")"833 <p id="rfc.section.2.2.p.15"> Comments can be included in some HTTP header fields by surrounding the comment text with parentheses. Comments are only allowed 834 in fields containing "comment" as part of their field value definition. In all other fields, parentheses are considered part 835 of the field value. 836 </p> 837 </div> 838 <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span> <a href="#rule.comment" class="smpl">comment</a> = "(" *( <a href="#rule.comment" class="smpl">ctext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> / <a href="#rule.comment" class="smpl">comment</a> ) ")" 824 839 <a href="#rule.comment" class="smpl">ctext</a> = <any <a href="#rule.TEXT" class="smpl">TEXT</a> excluding "(" and ")"> 825 840 </pre><div id="rule.quoted-string"> 826 <p id="rfc.section.2.2.p.17">A string of text is parsed as a single word if it is quoted using double-quote marks.</p>827 </div>828 <div id="rfc.figure.u.10"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span> <a href="#rule.quoted-string" class="smpl">quoted-string</a> = <a href="#core.rules" class="smpl">DQUOTE</a> *(<a href="#rule.quoted-string" class="smpl">qdtext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> ) <a href="#core.rules" class="smpl">DQUOTE</a>841 <p id="rfc.section.2.2.p.17"> A string of text is parsed as a single word if it is quoted using double-quote marks.</p> 842 </div> 843 <div id="rfc.figure.u.10"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span> <a href="#rule.quoted-string" class="smpl">quoted-string</a> = <a href="#core.rules" class="smpl">DQUOTE</a> *(<a href="#rule.quoted-string" class="smpl">qdtext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> ) <a href="#core.rules" class="smpl">DQUOTE</a> 829 844 <a href="#rule.quoted-string" class="smpl">qdtext</a> = <any <a href="#rule.TEXT" class="smpl">TEXT</a> excluding <a href="#core.rules" class="smpl">DQUOTE</a> and "\"> 830 845 </pre><div id="rule.quoted-pair"> 831 <p id="rfc.section.2.2.p.19">The backslash character ("\") <em class="bcp14">MAY</em> be used as a single-character quoting mechanism only within quoted-string and comment constructs.832 </p>833 </div>834 <div id="rfc.figure.u.11"></div><pre class="inline"><span id="rfc.iref.g.11"></span><span id="rfc.iref.g.12"></span> <a href="#rule.quoted-pair" class="smpl">quoted-text</a> = %x01-09 /846 <p id="rfc.section.2.2.p.19"> The backslash character ("\") <em class="bcp14">MAY</em> be used as a single-character quoting mechanism only within quoted-string and comment constructs. 847 </p> 848 </div> 849 <div id="rfc.figure.u.11"></div><pre class="inline"><span id="rfc.iref.g.11"></span><span id="rfc.iref.g.12"></span> <a href="#rule.quoted-pair" class="smpl">quoted-text</a> = %x01-09 / 835 850 %x0B-0C / 836 851 %x0E-FF ; Characters excluding NUL, <a href="#core.rules" class="smpl">CR</a> and <a href="#core.rules" class="smpl">LF</a> 837 852 <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> = "\" <a href="#rule.quoted-pair" class="smpl">quoted-text</a> 838 </pre><h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a> <a id="abnf.dependencies" href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></h2> 839 <p id="rfc.section.2.3.p.1">The ABNF rules below are defined in other parts:</p> 840 <div id="rfc.figure.u.12"></div><pre class="inline"> <a href="#abnf.dependencies" class="smpl">request-header</a> = <request-header, defined in <a href="#Part2" id="rfc.xref.Part2.1"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>, <a href="p2-semantics.html#request.header.fields" title="Request Header Fields">Section 4</a>> 853 </pre></div> 854 <div id="abnf.dependencies"> 855 <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a> <a href="#abnf.dependencies">ABNF Rules defined in other Parts of the Specification</a></h2> 856 <p id="rfc.section.2.3.p.1">The ABNF rules below are defined in other parts:</p> 857 <div id="rfc.figure.u.12"></div><pre class="inline"> <a href="#abnf.dependencies" class="smpl">request-header</a> = <request-header, defined in <a href="#Part2" id="rfc.xref.Part2.1"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>, <a href="p2-semantics.html#request.header.fields" title="Request Header Fields">Section 4</a>> 841 858 <a href="#abnf.dependencies" class="smpl">response-header</a> = <response-header, defined in <a href="#Part2" id="rfc.xref.Part2.2"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>, <a href="p2-semantics.html#response.header.fields" title="Response Header Fields">Section 6</a>> 842 859 </pre><div id="rfc.figure.u.13"></div><pre class="inline"> <a href="#abnf.dependencies" class="smpl">accept-params</a> = <accept-params, defined in <a href="#Part3" id="rfc.xref.Part3.4"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>, <a href="p3-payload.html#header.accept" title="Accept">Section 6.1</a>> … … 846 863 <a href="#abnf.dependencies" class="smpl">Pragma</a> = <Pragma, defined in <a href="#Part6" id="rfc.xref.Part6.3"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.pragma" title="Pragma">Section 16.4</a>> 847 864 <a href="#abnf.dependencies" class="smpl">Warning</a> = <Warning, defined in <a href="#Part6" id="rfc.xref.Part6.4"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.warning" title="Warning">Section 16.6</a>> 848 </pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> <a id="protocol.parameters" href="#protocol.parameters">Protocol Parameters</a></h1> 849 <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a> <a id="http.version" href="#http.version">HTTP Version</a></h2> 850 <p id="rfc.section.3.1.p.1">HTTP uses a "<major>.<minor>" numbering scheme to indicate versions of the protocol. The protocol versioning policy is intended 851 to allow the sender to indicate the format of a message and its capacity for understanding further HTTP communication, rather 852 than the features obtained via that communication. No change is made to the version number for the addition of message components 853 which do not affect communication behavior or which only add to extensible field values. The <minor> number is incremented 854 when the changes made to the protocol add features which do not change the general message parsing algorithm, but which may 855 add to the message semantics and imply additional capabilities of the sender. The <major> number is incremented when the format 856 of a message within the protocol is changed. See <a href="#RFC2145" id="rfc.xref.RFC2145.1"><cite title="Use and Interpretation of HTTP Version Numbers">[RFC2145]</cite></a> for a fuller explanation. 857 </p> 858 <p id="rfc.section.3.1.p.2">The version of an HTTP message is indicated by an HTTP-Version field in the first line of the message. HTTP-Version is case-sensitive.</p> 859 <div id="rfc.figure.u.15"></div><pre class="inline"><span id="rfc.iref.g.13"></span><span id="rfc.iref.g.14"></span> <a href="#http.version" class="smpl">HTTP-Version</a> = <a href="#http.version" class="smpl">HTTP-Prot-Name</a> "/" 1*<a href="#core.rules" class="smpl">DIGIT</a> "." 1*<a href="#core.rules" class="smpl">DIGIT</a> 865 </pre></div> 866 </div> 867 <div id="protocol.parameters"> 868 <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> <a href="#protocol.parameters">Protocol Parameters</a></h1> 869 <div id="http.version"> 870 <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a> <a href="#http.version">HTTP Version</a></h2> 871 <p id="rfc.section.3.1.p.1">HTTP uses a "<major>.<minor>" numbering scheme to indicate versions of the protocol. The protocol versioning policy is intended 872 to allow the sender to indicate the format of a message and its capacity for understanding further HTTP communication, rather 873 than the features obtained via that communication. No change is made to the version number for the addition of message components 874 which do not affect communication behavior or which only add to extensible field values. The <minor> number is incremented 875 when the changes made to the protocol add features which do not change the general message parsing algorithm, but which may 876 add to the message semantics and imply additional capabilities of the sender. The <major> number is incremented when the format 877 of a message within the protocol is changed. See <a href="#RFC2145" id="rfc.xref.RFC2145.1"><cite title="Use and Interpretation of HTTP Version Numbers">[RFC2145]</cite></a> for a fuller explanation. 878 </p> 879 <p id="rfc.section.3.1.p.2">The version of an HTTP message is indicated by an HTTP-Version field in the first line of the message. HTTP-Version is case-sensitive.</p> 880 <div id="rfc.figure.u.15"></div><pre class="inline"><span id="rfc.iref.g.13"></span><span id="rfc.iref.g.14"></span> <a href="#http.version" class="smpl">HTTP-Version</a> = <a href="#http.version" class="smpl">HTTP-Prot-Name</a> "/" 1*<a href="#core.rules" class="smpl">DIGIT</a> "." 1*<a href="#core.rules" class="smpl">DIGIT</a> 860 881 <a href="#http.version" class="smpl">HTTP-Prot-Name</a> = %x48.54.54.50 ; "HTTP", case-sensitive 861 882 </pre><p id="rfc.section.3.1.p.4">Note that the major and minor numbers <em class="bcp14">MUST</em> be treated as separate integers and that each <em class="bcp14">MAY</em> be incremented higher than a single digit. Thus, HTTP/2.4 is a lower version than HTTP/2.13, which in turn is lower than HTTP/12.3. 862 Leading zeros <em class="bcp14">MUST</em> be ignored by recipients and <em class="bcp14">MUST NOT</em> be sent. 863 </p> 864 <p id="rfc.section.3.1.p.5">An application that sends a request or response message that includes HTTP-Version of "HTTP/1.1" <em class="bcp14">MUST</em> be at least conditionally compliant with this specification. Applications that are at least conditionally compliant with this 865 specification <em class="bcp14">SHOULD</em> use an HTTP-Version of "HTTP/1.1" in their messages, and <em class="bcp14">MUST</em> do so for any message that is not compatible with HTTP/1.0. For more details on when to send specific HTTP-Version values, 866 see <a href="#RFC2145" id="rfc.xref.RFC2145.2"><cite title="Use and Interpretation of HTTP Version Numbers">[RFC2145]</cite></a>. 867 </p> 868 <p id="rfc.section.3.1.p.6">The HTTP version of an application is the highest HTTP version for which the application is at least conditionally compliant.</p> 869 <p id="rfc.section.3.1.p.7">Proxy and gateway applications need to be careful when forwarding messages in protocol versions different from that of the 870 application. Since the protocol version indicates the protocol capability of the sender, a proxy/gateway <em class="bcp14">MUST NOT</em> send a message with a version indicator which is greater than its actual version. If a higher version request is received, 871 the proxy/gateway <em class="bcp14">MUST</em> either downgrade the request version, or respond with an error, or switch to tunnel behavior. 872 </p> 873 <p id="rfc.section.3.1.p.8">Due to interoperability problems with HTTP/1.0 proxies discovered since the publication of <a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, caching proxies <em class="bcp14">MUST</em>, gateways <em class="bcp14">MAY</em>, and tunnels <em class="bcp14">MUST NOT</em> upgrade the request to the highest version they support. The proxy/gateway's response to that request <em class="bcp14">MUST</em> be in the same major version as the request. 874 </p> 875 <p id="rfc.section.3.1.p.9"> </p> 876 <ul class="empty"> 877 <li> <b>Note:</b> Converting between versions of HTTP may involve modification of header fields required or forbidden by the versions involved. 878 </li> 879 </ul> 880 <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a> <a id="uri" href="#uri">Uniform Resource Identifiers</a></h2> 881 <p id="rfc.section.3.2.p.1">Uniform Resource Identifiers (URIs) <a href="#RFC3986" id="rfc.xref.RFC3986.2"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> are used in HTTP to indicate the target of a request and to identify additional resources related to that resource, the request, 882 or the response. Each protocol element in HTTP that allows a URI reference will indicate in its ABNF whether the element allows 883 only a URI in absolute form, any relative reference, or some limited subset of the URI-reference grammar. Unless otherwise 884 indicated, relative URI references are to be parsed relative to the URI corresponding to the request target (the base URI). 885 </p> 886 <p id="rfc.section.3.2.p.2">This specification adopts the definitions of "URI-reference", "absolute-URI", "fragment", "port", "host", "path-abempty", 887 "path-absolute", "query", and "authority" from <a href="#RFC3986" id="rfc.xref.RFC3986.3"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>: 888 </p> 889 <div id="rfc.figure.u.16"></div><pre class="inline"><span id="rfc.iref.g.15"></span><span id="rfc.iref.g.16"></span><span id="rfc.iref.g.17"></span><span id="rfc.iref.g.18"></span><span id="rfc.iref.g.19"></span><span id="rfc.iref.g.20"></span><span id="rfc.iref.g.21"></span><span id="rfc.iref.g.22"></span><span id="rfc.iref.g.23"></span> <a href="#uri" class="smpl">absolute-URI</a> = <absolute-URI, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.4"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>> 890 <a href="#uri" class="smpl">authority</a> = <authority, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.5"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2">Section 3.2</a>> 891 <a href="#uri" class="smpl">fragment</a> = <fragment, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.6"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>> 892 <a href="#uri" class="smpl">path-abempty</a> = <path-abempty, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.7"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>> 893 <a href="#uri" class="smpl">path-absolute</a> = <path-absolute, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.8"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>> 894 <a href="#uri" class="smpl">port</a> = <port, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.9"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.3">Section 3.2.3</a>> 895 <a href="#uri" class="smpl">query</a> = <query, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.10"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.4">Section 3.4</a>> 896 <a href="#uri" class="smpl">uri-host</a> = <host, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.11"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>> 883 Leading zeros <em class="bcp14">MUST</em> be ignored by recipients and <em class="bcp14">MUST NOT</em> be sent. 884 </p> 885 <p id="rfc.section.3.1.p.5">An application that sends a request or response message that includes HTTP-Version of "HTTP/1.1" <em class="bcp14">MUST</em> be at least conditionally compliant with this specification. Applications that are at least conditionally compliant with this 886 specification <em class="bcp14">SHOULD</em> use an HTTP-Version of "HTTP/1.1" in their messages, and <em class="bcp14">MUST</em> do so for any message that is not compatible with HTTP/1.0. For more details on when to send specific HTTP-Version values, 887 see <a href="#RFC2145" id="rfc.xref.RFC2145.2"><cite title="Use and Interpretation of HTTP Version Numbers">[RFC2145]</cite></a>. 888 </p> 889 <p id="rfc.section.3.1.p.6">The HTTP version of an application is the highest HTTP version for which the application is at least conditionally compliant.</p> 890 <p id="rfc.section.3.1.p.7">Proxy and gateway applications need to be careful when forwarding messages in protocol versions different from that of the 891 application. Since the protocol version indicates the protocol capability of the sender, a proxy/gateway <em class="bcp14">MUST NOT</em> send a message with a version indicator which is greater than its actual version. If a higher version request is received, 892 the proxy/gateway <em class="bcp14">MUST</em> either downgrade the request version, or respond with an error, or switch to tunnel behavior. 893 </p> 894 <p id="rfc.section.3.1.p.8">Due to interoperability problems with HTTP/1.0 proxies discovered since the publication of <a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, caching proxies <em class="bcp14">MUST</em>, gateways <em class="bcp14">MAY</em>, and tunnels <em class="bcp14">MUST NOT</em> upgrade the request to the highest version they support. The proxy/gateway's response to that request <em class="bcp14">MUST</em> be in the same major version as the request. 895 </p> 896 <p id="rfc.section.3.1.p.9"></p> 897 <ul class="empty"> 898 <li><b>Note:</b> Converting between versions of HTTP may involve modification of header fields required or forbidden by the versions involved. 899 </li> 900 </ul> 901 </div> 902 <div id="uri"> 903 <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a> <a href="#uri">Uniform Resource Identifiers</a></h2> 904 <p id="rfc.section.3.2.p.1">Uniform Resource Identifiers (URIs) <a href="#RFC3986" id="rfc.xref.RFC3986.2"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> are used in HTTP to indicate the target of a request and to identify additional resources related to that resource, the request, 905 or the response. Each protocol element in HTTP that allows a URI reference will indicate in its ABNF whether the element allows 906 only a URI in absolute form, any relative reference, or some limited subset of the URI-reference grammar. Unless otherwise 907 indicated, relative URI references are to be parsed relative to the URI corresponding to the request target (the base URI). 908 </p> 909 <p id="rfc.section.3.2.p.2">This specification adopts the definitions of "URI-reference", "absolute-URI", "fragment", "port", "host", "path-abempty", 910 "path-absolute", "query", and "authority" from <a href="#RFC3986" id="rfc.xref.RFC3986.3"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>: 911 </p> 912 <div id="rfc.figure.u.16"></div><pre class="inline"><span id="rfc.iref.g.15"></span><span id="rfc.iref.g.16"></span><span id="rfc.iref.g.17"></span><span id="rfc.iref.g.18"></span><span id="rfc.iref.g.19"></span><span id="rfc.iref.g.20"></span><span id="rfc.iref.g.21"></span><span id="rfc.iref.g.22"></span><span id="rfc.iref.g.23"></span> <a href="#uri" class="smpl">absolute-URI</a> = <absolute-URI, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.4"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>> 913 <a href="#uri" class="smpl">authority</a> = <authority, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.5"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2">Section 3.2</a>> 914 <a href="#uri" class="smpl">fragment</a> = <fragment, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.6"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>> 915 <a href="#uri" class="smpl">path-abempty</a> = <path-abempty, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.7"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>> 916 <a href="#uri" class="smpl">path-absolute</a> = <path-absolute, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.8"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>> 917 <a href="#uri" class="smpl">port</a> = <port, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.9"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.3">Section 3.2.3</a>> 918 <a href="#uri" class="smpl">query</a> = <query, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.10"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.4">Section 3.4</a>> 919 <a href="#uri" class="smpl">uri-host</a> = <host, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.11"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>> 897 920 898 <a href="#uri" class="smpl">relative-part</a> = <relative-part, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.12"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http ://tools.ietf.org/html/rfc3986#section-4.2">Section 4.2</a>>921 <a href="#uri" class="smpl">relative-part</a> = <relative-part, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.12"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-4.2">Section 4.2</a>> 899 922 <a href="#uri" class="smpl">relativeURI</a> = <a href="#uri" class="smpl">relative-part</a> [ "?" <a href="#uri" class="smpl">query</a> ] 900 923 </pre><p id="rfc.section.3.2.p.4">HTTP does not place an a priori limit on the length of a URI. Servers <em class="bcp14">MUST</em> be able to handle the URI of any resource they serve, and <em class="bcp14">SHOULD</em> be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs. A server <em class="bcp14">SHOULD</em> return 414 (Request-URI Too Long) status if a URI is longer than the server can handle (see <a href="p2-semantics.html#status.414" title="414 Request-URI Too Long">Section 9.4.15</a> of <a href="#Part2" id="rfc.xref.Part2.3"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). 901 </p> 902 <p id="rfc.section.3.2.p.5"> </p> 903 <ul class="empty"> 904 <li> <b>Note:</b> Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations 905 might not properly support these lengths. 906 </li> 907 </ul> 908 <h3 id="rfc.section.3.2.1"><a href="#rfc.section.3.2.1">3.2.1</a> <a id="http.uri" href="#http.uri">http URI scheme</a></h3> 909 <div id="rfc.iref.h.1"></div> 910 <div id="rfc.iref.u.1"></div> 911 <p id="rfc.section.3.2.1.p.1">The "http" scheme is used to locate network resources via the HTTP protocol. This section defines the syntax and semantics 912 for identifiers using the http or https URI schemes. 913 </p> 914 <div id="rfc.figure.u.17"></div><pre class="inline"><span id="rfc.iref.g.24"></span> <a href="#http.uri" class="smpl">http-URI</a> = "http:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ] 924 </p> 925 <p id="rfc.section.3.2.p.5"></p> 926 <ul class="empty"> 927 <li><b>Note:</b> Servers ought to be cautious about depending on URI lengths above 255 bytes, because some older client or proxy implementations 928 might not properly support these lengths. 929 </li> 930 </ul> 931 <div id="http.uri"> 932 <h3 id="rfc.section.3.2.1"><a href="#rfc.section.3.2.1">3.2.1</a> <a href="#http.uri">http URI scheme</a></h3> 933 <div id="rfc.iref.h.1"></div> 934 <div id="rfc.iref.u.1"></div> 935 <p id="rfc.section.3.2.1.p.1">The "http" scheme is used to locate network resources via the HTTP protocol. This section defines the syntax and semantics 936 for identifiers using the http or https URI schemes. 937 </p> 938 <div id="rfc.figure.u.17"></div><pre class="inline"><span id="rfc.iref.g.24"></span> <a href="#http.uri" class="smpl">http-URI</a> = "http:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ] 915 939 </pre><p id="rfc.section.3.2.1.p.3">If the port is empty or not given, port 80 is assumed. The semantics are that the identified resource is located at the server 916 listening for TCP connections on that port of that host, and the Request-URI for the resource is path-absolute (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>). The use of IP addresses in URLs <em class="bcp14">SHOULD</em> be avoided whenever possible (see <a href="#RFC1900" id="rfc.xref.RFC1900.1"><cite title="Renumbering Needs Work">[RFC1900]</cite></a>). If the path-absolute is not present in the URL, it <em class="bcp14">MUST</em> be given as "/" when used as a Request-URI for a resource (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>). If a proxy receives a host name which is not a fully qualified domain name, it <em class="bcp14">MAY</em> add its domain to the host name it received. If a proxy receives a fully qualified domain name, the proxy <em class="bcp14">MUST NOT</em> change the host name. 917 </p> 918 <ul class="empty"> 919 <li> <span id="rfc.iref.h.2"></span> <span id="rfc.iref.u.2"></span> <b>Note:</b> the "https" scheme is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>. 920 </li> 921 </ul> 922 <h3 id="rfc.section.3.2.2"><a href="#rfc.section.3.2.2">3.2.2</a> <a id="uri.comparison" href="#uri.comparison">URI Comparison</a></h3> 923 <p id="rfc.section.3.2.2.p.1">When comparing two URIs to decide if they match or not, a client <em class="bcp14">SHOULD</em> use a case-sensitive octet-by-octet comparison of the entire URIs, with these exceptions: 924 </p> 925 <ul> 926 <li>A port that is empty or not given is equivalent to the default port for that URI-reference;</li> 927 <li>Comparisons of host names <em class="bcp14">MUST</em> be case-insensitive; 928 </li> 929 <li>Comparisons of scheme names <em class="bcp14">MUST</em> be case-insensitive; 930 </li> 931 <li>An empty path-absolute is equivalent to an path-absolute of "/".</li> 932 </ul> 933 <p id="rfc.section.3.2.2.p.2">Characters other than those in the "reserved" set (see <a href="#RFC3986" id="rfc.xref.RFC3986.13"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.2">Section 2.2</a>) are equivalent to their ""%" <a href="#core.rules" class="smpl">HEXDIG</a> <a href="#core.rules" class="smpl">HEXDIG</a>" encoding. 934 </p> 935 <p id="rfc.section.3.2.2.p.3">For example, the following three URIs are equivalent:</p> 936 <div id="rfc.figure.u.18"></div><pre class="text"> http://example.com:80/~smith/home.html 940 listening for TCP connections on that port of that host, and the Request-URI for the resource is path-absolute (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>). The use of IP addresses in URLs <em class="bcp14">SHOULD</em> be avoided whenever possible (see <a href="#RFC1900" id="rfc.xref.RFC1900.1"><cite title="Renumbering Needs Work">[RFC1900]</cite></a>). If the path-absolute is not present in the URL, it <em class="bcp14">MUST</em> be given as "/" when used as a Request-URI for a resource (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>). If a proxy receives a host name which is not a fully qualified domain name, it <em class="bcp14">MAY</em> add its domain to the host name it received. If a proxy receives a fully qualified domain name, the proxy <em class="bcp14">MUST NOT</em> change the host name. 941 </p> 942 <ul class="empty"> 943 <li><span id="rfc.iref.h.2"></span> <span id="rfc.iref.u.2"></span> <b>Note:</b> the "https" scheme is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>. 944 </li> 945 </ul> 946 </div> 947 <div id="uri.comparison"> 948 <h3 id="rfc.section.3.2.2"><a href="#rfc.section.3.2.2">3.2.2</a> <a href="#uri.comparison">URI Comparison</a></h3> 949 <p id="rfc.section.3.2.2.p.1">When comparing two URIs to decide if they match or not, a client <em class="bcp14">SHOULD</em> use a case-sensitive octet-by-octet comparison of the entire URIs, with these exceptions: 950 </p> 951 <ul> 952 <li>A port that is empty or not given is equivalent to the default port for that URI-reference;</li> 953 <li>Comparisons of host names <em class="bcp14">MUST</em> be case-insensitive; 954 </li> 955 <li>Comparisons of scheme names <em class="bcp14">MUST</em> be case-insensitive; 956 </li> 957 <li>An empty path-absolute is equivalent to an path-absolute of "/".</li> 958 </ul> 959 <p id="rfc.section.3.2.2.p.2">Characters other than those in the "reserved" set (see <a href="#RFC3986" id="rfc.xref.RFC3986.13"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-2.2">Section 2.2</a>) are equivalent to their ""%" <a href="#core.rules" class="smpl">HEXDIG</a> <a href="#core.rules" class="smpl">HEXDIG</a>" encoding. 960 </p> 961 <p id="rfc.section.3.2.2.p.3">For example, the following three URIs are equivalent:</p> 962 <div id="rfc.figure.u.18"></div><pre class="text"> http://example.com:80/~smith/home.html 937 963 http://EXAMPLE.com/%7Esmith/home.html 938 964 http://EXAMPLE.com:/%7esmith/home.html 939 </pre><h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a> <a id="date.time.formats" href="#date.time.formats">Date/Time Formats</a></h2> 940 <h3 id="rfc.section.3.3.1"><a href="#rfc.section.3.3.1">3.3.1</a> <a id="full.date" href="#full.date">Full Date</a></h3> 941 <p id="rfc.section.3.3.1.p.1">HTTP applications have historically allowed three different formats for the representation of date/time stamps:</p> 942 <div id="rfc.figure.u.19"></div><pre class="text"> Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 965 </pre></div> 966 </div> 967 <div id="date.time.formats"> 968 <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a> <a href="#date.time.formats">Date/Time Formats</a></h2> 969 <div id="full.date"> 970 <h3 id="rfc.section.3.3.1"><a href="#rfc.section.3.3.1">3.3.1</a> <a href="#full.date">Full Date</a></h3> 971 <p id="rfc.section.3.3.1.p.1">HTTP applications have historically allowed three different formats for the representation of date/time stamps:</p> 972 <div id="rfc.figure.u.19"></div><pre class="text"> Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 943 973 Sunday, 06-Nov-94 08:49:37 GMT ; obsolete RFC 850 format 944 974 Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format 945 975 </pre><p id="rfc.section.3.3.1.p.3">The first format is preferred as an Internet standard and represents a fixed-length subset of that defined by <a href="#RFC1123" id="rfc.xref.RFC1123.1"><cite title="Requirements for Internet Hosts - Application and Support">[RFC1123]</cite></a> (an update to <a href="#RFC822" id="rfc.xref.RFC822.1"><cite title="Standard for the format of ARPA Internet text messages">[RFC822]</cite></a>). The other formats are described here only for compatibility with obsolete implementations. HTTP/1.1 clients and servers 946 that parse the date value <em class="bcp14">MUST</em> accept all three formats (for compatibility with HTTP/1.0), though they <em class="bcp14">MUST</em> only generate the RFC 1123 format for representing HTTP-date values in header fields. See <a href="#tolerant.applications" title="Tolerant Applications">Appendix A</a> for further information.947 </p>948 <ul class="empty">949 <li><b>Note:</b> Recipients of date values are encouraged to be robust in accepting date values that may have been sent by non-HTTP applications,950 as is sometimes the case when retrieving or posting messages via proxies/gateways to SMTP or NNTP.951 </li>952 </ul>953 <p id="rfc.section.3.3.1.p.5">All HTTP date/time stamps <em class="bcp14">MUST</em> be represented in Greenwich Mean Time (GMT), without exception. For the purposes of HTTP, GMT is exactly equal to UTC (Coordinated954 Universal Time). This is indicated in the first two formats by the inclusion of "GMT" as the three-letter abbreviation for955 time zone, and <em class="bcp14">MUST</em> be assumed when reading the asctime format. HTTP-date is case sensitive and <em class="bcp14">MUST NOT</em> include additional LWS beyond that specifically included as SP in the grammar.956 </p>957 <div id="rfc.figure.u.20"></div><pre class="inline"><span id="rfc.iref.g.25"></span><span id="rfc.iref.g.26"></span><span id="rfc.iref.g.27"></span><span id="rfc.iref.g.28"></span><span id="rfc.iref.g.29"></span><span id="rfc.iref.g.30"></span><span id="rfc.iref.g.31"></span><span id="rfc.iref.g.32"></span><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span> <a href="#full.date" class="smpl">HTTP-date</a> = <a href="#full.date" class="smpl">rfc1123-date</a> / <a href="#full.date" class="smpl">obsolete-date</a>976 that parse the date value <em class="bcp14">MUST</em> accept all three formats (for compatibility with HTTP/1.0), though they <em class="bcp14">MUST</em> only generate the RFC 1123 format for representing HTTP-date values in header fields. See <a href="#tolerant.applications" title="Tolerant Applications">Appendix A</a> for further information. 977 </p> 978 <ul class="empty"> 979 <li><b>Note:</b> Recipients of date values are encouraged to be robust in accepting date values that may have been sent by non-HTTP applications, 980 as is sometimes the case when retrieving or posting messages via proxies/gateways to SMTP or NNTP. 981 </li> 982 </ul> 983 <p id="rfc.section.3.3.1.p.5">All HTTP date/time stamps <em class="bcp14">MUST</em> be represented in Greenwich Mean Time (GMT), without exception. For the purposes of HTTP, GMT is exactly equal to UTC (Coordinated 984 Universal Time). This is indicated in the first two formats by the inclusion of "GMT" as the three-letter abbreviation for 985 time zone, and <em class="bcp14">MUST</em> be assumed when reading the asctime format. HTTP-date is case sensitive and <em class="bcp14">MUST NOT</em> include additional LWS beyond that specifically included as SP in the grammar. 986 </p> 987 <div id="rfc.figure.u.20"></div><pre class="inline"><span id="rfc.iref.g.25"></span><span id="rfc.iref.g.26"></span><span id="rfc.iref.g.27"></span><span id="rfc.iref.g.28"></span><span id="rfc.iref.g.29"></span><span id="rfc.iref.g.30"></span><span id="rfc.iref.g.31"></span><span id="rfc.iref.g.32"></span><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span> <a href="#full.date" class="smpl">HTTP-date</a> = <a href="#full.date" class="smpl">rfc1123-date</a> / <a href="#full.date" class="smpl">obsolete-date</a> 958 988 <a href="#full.date" class="smpl">obsolete-date</a> = <a href="#full.date" class="smpl">rfc850-date</a> / <a href="#full.date" class="smpl">asctime-date</a> 959 989 <a href="#full.date" class="smpl">rfc1123-date</a> = <a href="#full.date" class="smpl">wkday</a> "," <a href="#core.rules" class="smpl">SP</a> date1 <a href="#core.rules" class="smpl">SP</a> time <a href="#core.rules" class="smpl">SP</a> GMT … … 1006 1036 s-Nov = %x4E.6F.76 ; "Nov", case-sensitive 1007 1037 s-Dec = %x44.65.63 ; "Dec", case-sensitive 1008 </pre><p id="rfc.section.3.3.1.p.7"> <b>Note:</b> HTTP requirements for the date/time stamp format apply only to their usage within the protocol stream. Clients and servers 1009 are not required to use these formats for user presentation, request logging, etc. 1010 </p> 1011 <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a> <a id="transfer.codings" href="#transfer.codings">Transfer Codings</a></h2> 1012 <p id="rfc.section.3.4.p.1">Transfer-coding values are used to indicate an encoding transformation that has been, can be, or may need to be applied to 1013 an entity-body in order to ensure "safe transport" through the network. This differs from a content coding in that the transfer-coding 1014 is a property of the message, not of the original entity. 1015 </p> 1016 <div id="rfc.figure.u.21"></div><pre class="inline"><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span> <a href="#transfer.codings" class="smpl">transfer-coding</a> = "chunked" / <a href="#transfer.codings" class="smpl">transfer-extension</a> 1038 </pre><p id="rfc.section.3.3.1.p.7"><b>Note:</b> HTTP requirements for the date/time stamp format apply only to their usage within the protocol stream. Clients and servers 1039 are not required to use these formats for user presentation, request logging, etc. 1040 </p> 1041 </div> 1042 </div> 1043 <div id="transfer.codings"> 1044 <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a> <a href="#transfer.codings">Transfer Codings</a></h2> 1045 <p id="rfc.section.3.4.p.1">Transfer-coding values are used to indicate an encoding transformation that has been, can be, or may need to be applied to 1046 an entity-body in order to ensure "safe transport" through the network. This differs from a content coding in that the transfer-coding 1047 is a property of the message, not of the original entity. 1048 </p> 1049 <div id="rfc.figure.u.21"></div><pre class="inline"><span id="rfc.iref.g.37"></span><span id="rfc.iref.g.38"></span> <a href="#transfer.codings" class="smpl">transfer-coding</a> = "chunked" / <a href="#transfer.codings" class="smpl">transfer-extension</a> 1017 1050 <a href="#transfer.codings" class="smpl">transfer-extension</a> = <a href="#rule.token.separators" class="smpl">token</a> *( <a href="#rule.whitespace" class="smpl">OWS</a> ";" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#transfer.codings" class="smpl">parameter</a> ) 1018 1051 </pre><div id="rule.parameter"> 1019 <p id="rfc.section.3.4.p.3">Parameters are in the form of attribute/value pairs.</p>1020 </div>1021 <div id="rfc.figure.u.22"></div><pre class="inline"><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span><span id="rfc.iref.g.41"></span> <a href="#transfer.codings" class="smpl">parameter</a> = <a href="#rule.parameter" class="smpl">attribute</a> <a href="#rule.whitespace" class="smpl">BWS</a> "=" <a href="#rule.whitespace" class="smpl">BWS</a> <a href="#rule.parameter" class="smpl">value</a>1052 <p id="rfc.section.3.4.p.3"> Parameters are in the form of attribute/value pairs.</p> 1053 </div> 1054 <div id="rfc.figure.u.22"></div><pre class="inline"><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span><span id="rfc.iref.g.41"></span> <a href="#transfer.codings" class="smpl">parameter</a> = <a href="#rule.parameter" class="smpl">attribute</a> <a href="#rule.whitespace" class="smpl">BWS</a> "=" <a href="#rule.whitespace" class="smpl">BWS</a> <a href="#rule.parameter" class="smpl">value</a> 1022 1055 <a href="#rule.parameter" class="smpl">attribute</a> = <a href="#rule.token.separators" class="smpl">token</a> 1023 1056 <a href="#rule.parameter" class="smpl">value</a> = <a href="#rule.token.separators" class="smpl">token</a> / <a href="#rule.quoted-string" class="smpl">quoted-string</a> 1024 1057 </pre><p id="rfc.section.3.4.p.5">All transfer-coding values are case-insensitive. HTTP/1.1 uses transfer-coding values in the TE header field (<a href="#header.te" id="rfc.xref.header.te.1" title="TE">Section 8.5</a>) and in the Transfer-Encoding header field (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.1" title="Transfer-Encoding">Section 8.7</a>). 1025 </p> 1026 <p id="rfc.section.3.4.p.6">Whenever a transfer-coding is applied to a message-body, the set of transfer-codings <em class="bcp14">MUST</em> include "chunked", unless the message indicates it is terminated by closing the connection. When the "chunked" transfer-coding 1027 is used, it <em class="bcp14">MUST</em> be the last transfer-coding applied to the message-body. The "chunked" transfer-coding <em class="bcp14">MUST NOT</em> be applied more than once to a message-body. These rules allow the recipient to determine the transfer-length of the message 1028 (<a href="#message.length" title="Message Length">Section 4.4</a>). 1029 </p> 1030 <p id="rfc.section.3.4.p.7">Transfer-codings are analogous to the Content-Transfer-Encoding values of MIME <a href="#RFC2045" id="rfc.xref.RFC2045.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>, which were designed to enable safe transport of binary data over a 7-bit transport service. However, safe transport has 1031 a different focus for an 8bit-clean transfer protocol. In HTTP, the only unsafe characteristic of message-bodies is the difficulty 1032 in determining the exact body length (<a href="#message.length" title="Message Length">Section 4.4</a>), or the desire to encrypt data over a shared transport. 1033 </p> 1034 <p id="rfc.section.3.4.p.8">The Internet Assigned Numbers Authority (IANA) acts as a registry for transfer-coding value tokens. Initially, the registry 1035 contains the following tokens: "chunked" (<a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a>), "gzip", "compress", and "deflate" (<a href="p3-payload.html#content.codings" title="Content Codings">Section 3.2</a> of <a href="#Part3" id="rfc.xref.Part3.7"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>). 1036 </p> 1037 <p id="rfc.section.3.4.p.9">New transfer-coding value tokens <em class="bcp14">SHOULD</em> be registered in the same way as new content-coding value tokens (<a href="p3-payload.html#content.codings" title="Content Codings">Section 3.2</a> of <a href="#Part3" id="rfc.xref.Part3.8"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>). 1038 </p> 1039 <p id="rfc.section.3.4.p.10">A server which receives an entity-body with a transfer-coding it does not understand <em class="bcp14">SHOULD</em> return 501 (Not Implemented), and close the connection. A server <em class="bcp14">MUST NOT</em> send transfer-codings to an HTTP/1.0 client. 1040 </p> 1041 <h3 id="rfc.section.3.4.1"><a href="#rfc.section.3.4.1">3.4.1</a> <a id="chunked.transfer.encoding" href="#chunked.transfer.encoding">Chunked Transfer Coding</a></h3> 1042 <p id="rfc.section.3.4.1.p.1">The chunked encoding modifies the body of a message in order to transfer it as a series of chunks, each with its own size 1043 indicator, followed by an <em class="bcp14">OPTIONAL</em> trailer containing entity-header fields. This allows dynamically produced content to be transferred along with the information 1044 necessary for the recipient to verify that it has received the full message. 1045 </p> 1046 <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.42"></span><span id="rfc.iref.g.43"></span><span id="rfc.iref.g.44"></span><span id="rfc.iref.g.45"></span><span id="rfc.iref.g.46"></span><span id="rfc.iref.g.47"></span><span id="rfc.iref.g.48"></span><span id="rfc.iref.g.49"></span><span id="rfc.iref.g.50"></span> <a href="#chunked.transfer.encoding" class="smpl">Chunked-Body</a> = *<a href="#chunked.transfer.encoding" class="smpl">chunk</a> 1058 </p> 1059 <p id="rfc.section.3.4.p.6">Whenever a transfer-coding is applied to a message-body, the set of transfer-codings <em class="bcp14">MUST</em> include "chunked", unless the message indicates it is terminated by closing the connection. When the "chunked" transfer-coding 1060 is used, it <em class="bcp14">MUST</em> be the last transfer-coding applied to the message-body. The "chunked" transfer-coding <em class="bcp14">MUST NOT</em> be applied more than once to a message-body. These rules allow the recipient to determine the transfer-length of the message 1061 (<a href="#message.length" title="Message Length">Section 4.4</a>). 1062 </p> 1063 <p id="rfc.section.3.4.p.7">Transfer-codings are analogous to the Content-Transfer-Encoding values of MIME <a href="#RFC2045" id="rfc.xref.RFC2045.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>, which were designed to enable safe transport of binary data over a 7-bit transport service. However, safe transport has 1064 a different focus for an 8bit-clean transfer protocol. In HTTP, the only unsafe characteristic of message-bodies is the difficulty 1065 in determining the exact body length (<a href="#message.length" title="Message Length">Section 4.4</a>), or the desire to encrypt data over a shared transport. 1066 </p> 1067 <p id="rfc.section.3.4.p.8">The Internet Assigned Numbers Authority (IANA) acts as a registry for transfer-coding value tokens. Initially, the registry 1068 contains the following tokens: "chunked" (<a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a>), "gzip", "compress", and "deflate" (<a href="p3-payload.html#content.codings" title="Content Codings">Section 3.2</a> of <a href="#Part3" id="rfc.xref.Part3.7"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>). 1069 </p> 1070 <p id="rfc.section.3.4.p.9">New transfer-coding value tokens <em class="bcp14">SHOULD</em> be registered in the same way as new content-coding value tokens (<a href="p3-payload.html#content.codings" title="Content Codings">Section 3.2</a> of <a href="#Part3" id="rfc.xref.Part3.8"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>). 1071 </p> 1072 <p id="rfc.section.3.4.p.10">A server which receives an entity-body with a transfer-coding it does not understand <em class="bcp14">SHOULD</em> return 501 (Not Implemented), and close the connection. A server <em class="bcp14">MUST NOT</em> send transfer-codings to an HTTP/1.0 client. 1073 </p> 1074 <div id="chunked.transfer.encoding"> 1075 <h3 id="rfc.section.3.4.1"><a href="#rfc.section.3.4.1">3.4.1</a> <a href="#chunked.transfer.encoding">Chunked Transfer Coding</a></h3> 1076 <p id="rfc.section.3.4.1.p.1">The chunked encoding modifies the body of a message in order to transfer it as a series of chunks, each with its own size 1077 indicator, followed by an <em class="bcp14">OPTIONAL</em> trailer containing entity-header fields. This allows dynamically produced content to be transferred along with the information 1078 necessary for the recipient to verify that it has received the full message. 1079 </p> 1080 <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.42"></span><span id="rfc.iref.g.43"></span><span id="rfc.iref.g.44"></span><span id="rfc.iref.g.45"></span><span id="rfc.iref.g.46"></span><span id="rfc.iref.g.47"></span><span id="rfc.iref.g.48"></span><span id="rfc.iref.g.49"></span><span id="rfc.iref.g.50"></span> <a href="#chunked.transfer.encoding" class="smpl">Chunked-Body</a> = *<a href="#chunked.transfer.encoding" class="smpl">chunk</a> 1047 1081 <a href="#chunked.transfer.encoding" class="smpl">last-chunk</a> 1048 1082 <a href="#chunked.transfer.encoding" class="smpl">trailer-part</a> … … 1061 1095 <a href="#chunked.transfer.encoding" class="smpl">trailer-part</a> = *(<a href="#abnf.dependencies" class="smpl">entity-header</a> <a href="#core.rules" class="smpl">CRLF</a>) 1062 1096 </pre><p id="rfc.section.3.4.1.p.3">The chunk-size field is a string of hex digits indicating the size of the chunk-data in octets. The chunked encoding is ended 1063 by any chunk whose size is zero, followed by the trailer, which is terminated by an empty line.1064 </p>1065 <p id="rfc.section.3.4.1.p.4">The trailer allows the sender to include additional HTTP header fields at the end of the message. The Trailer header field1066 can be used to indicate which header fields are included in a trailer (see <a href="#header.trailer" id="rfc.xref.header.trailer.1" title="Trailer">Section 8.6</a>).1067 </p>1068 <p id="rfc.section.3.4.1.p.5">A server using chunked transfer-coding in a response <em class="bcp14">MUST NOT</em> use the trailer for any header fields unless at least one of the following is true:1069 </p>1070 <ol>1071 <li>the request included a TE header field that indicates "trailers" is acceptable in the transfer-coding of the response, as1072 described in <a href="#header.te" id="rfc.xref.header.te.2" title="TE">Section 8.5</a>; or,1073 </li>1074 <li>the server is the origin server for the response, the trailer fields consist entirely of optional metadata, and the recipient1075 could use the message (in a manner acceptable to the origin server) without receiving this metadata. In other words, the origin1076 server is willing to accept the possibility that the trailer fields might be silently discarded along the path to the client.1077 </li>1078 </ol>1079 <p id="rfc.section.3.4.1.p.6">This requirement prevents an interoperability failure when the message is being received by an HTTP/1.1 (or later) proxy and1080 forwarded to an HTTP/1.0 recipient. It avoids a situation where compliance with the protocol would have necessitated a possibly1081 infinite buffer on the proxy.1082 </p>1083 <p id="rfc.section.3.4.1.p.7">A process for decoding the "chunked" transfer-coding can be represented in pseudo-code as:</p>1084 <div id="rfc.figure.u.24"></div><pre class="text"> length := 01097 by any chunk whose size is zero, followed by the trailer, which is terminated by an empty line. 1098 </p> 1099 <p id="rfc.section.3.4.1.p.4">The trailer allows the sender to include additional HTTP header fields at the end of the message. The Trailer header field 1100 can be used to indicate which header fields are included in a trailer (see <a href="#header.trailer" id="rfc.xref.header.trailer.1" title="Trailer">Section 8.6</a>). 1101 </p> 1102 <p id="rfc.section.3.4.1.p.5">A server using chunked transfer-coding in a response <em class="bcp14">MUST NOT</em> use the trailer for any header fields unless at least one of the following is true: 1103 </p> 1104 <ol> 1105 <li>the request included a TE header field that indicates "trailers" is acceptable in the transfer-coding of the response, as 1106 described in <a href="#header.te" id="rfc.xref.header.te.2" title="TE">Section 8.5</a>; or, 1107 </li> 1108 <li>the server is the origin server for the response, the trailer fields consist entirely of optional metadata, and the recipient 1109 could use the message (in a manner acceptable to the origin server) without receiving this metadata. In other words, the origin 1110 server is willing to accept the possibility that the trailer fields might be silently discarded along the path to the client. 1111 </li> 1112 </ol> 1113 <p id="rfc.section.3.4.1.p.6">This requirement prevents an interoperability failure when the message is being received by an HTTP/1.1 (or later) proxy and 1114 forwarded to an HTTP/1.0 recipient. It avoids a situation where compliance with the protocol would have necessitated a possibly 1115 infinite buffer on the proxy. 1116 </p> 1117 <p id="rfc.section.3.4.1.p.7">A process for decoding the "chunked" transfer-coding can be represented in pseudo-code as:</p> 1118 <div id="rfc.figure.u.24"></div><pre class="text"> length := 0 1085 1119 read chunk-size, chunk-ext (if any) and CRLF 1086 1120 while (chunk-size > 0) { … … 1098 1132 Remove "chunked" from Transfer-Encoding 1099 1133 </pre><p id="rfc.section.3.4.1.p.9">All HTTP/1.1 applications <em class="bcp14">MUST</em> be able to receive and decode the "chunked" transfer-coding, and <em class="bcp14">MUST</em> ignore chunk-ext extensions they do not understand. 1100 </p> 1101 <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a> <a id="product.tokens" href="#product.tokens">Product Tokens</a></h2> 1102 <p id="rfc.section.3.5.p.1">Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields 1103 using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white 1104 space. By convention, the products are listed in order of their significance for identifying the application. 1105 </p> 1106 <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.51"></span><span id="rfc.iref.g.52"></span> <a href="#product.tokens" class="smpl">product</a> = <a href="#rule.token.separators" class="smpl">token</a> ["/" <a href="#product.tokens" class="smpl">product-version</a>] 1134 </p> 1135 </div> 1136 </div> 1137 <div id="product.tokens"> 1138 <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a> <a href="#product.tokens">Product Tokens</a></h2> 1139 <p id="rfc.section.3.5.p.1">Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields 1140 using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white 1141 space. By convention, the products are listed in order of their significance for identifying the application. 1142 </p> 1143 <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.51"></span><span id="rfc.iref.g.52"></span> <a href="#product.tokens" class="smpl">product</a> = <a href="#rule.token.separators" class="smpl">token</a> ["/" <a href="#product.tokens" class="smpl">product-version</a>] 1107 1144 <a href="#product.tokens" class="smpl">product-version</a> = <a href="#rule.token.separators" class="smpl">token</a> 1108 1145 </pre><p id="rfc.section.3.5.p.3">Examples:</p> 1109 <div id="rfc.figure.u.26"></div><pre class="text"> User-Agent: CERN-LineMode/2.15 libwww/2.17b31146 <div id="rfc.figure.u.26"></div><pre class="text"> User-Agent: CERN-LineMode/2.15 libwww/2.17b3 1110 1147 Server: Apache/0.8.4 1111 1148 </pre><p id="rfc.section.3.5.p.5">Product tokens <em class="bcp14">SHOULD</em> be short and to the point. They <em class="bcp14">MUST NOT</em> be used for advertising or other non-essential information. Although any token character <em class="bcp14">MAY</em> appear in a product-version, this token <em class="bcp14">SHOULD</em> only be used for a version identifier (i.e., successive versions of the same product <em class="bcp14">SHOULD</em> only differ in the product-version portion of the product value). 1112 </p> 1113 <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a> <a id="http.message" href="#http.message">HTTP Message</a></h1> 1114 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> <a id="message.types" href="#message.types">Message Types</a></h2> 1115 <p id="rfc.section.4.1.p.1">HTTP messages consist of requests from client to server and responses from server to client.</p> 1116 <div id="rfc.figure.u.27"></div><pre class="inline"><span id="rfc.iref.g.53"></span> <a href="#message.types" class="smpl">HTTP-message</a> = <a href="#request" class="smpl">Request</a> / <a href="#response" class="smpl">Response</a> ; HTTP/1.1 messages 1149 </p> 1150 </div> 1151 </div> 1152 <div id="http.message"> 1153 <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a> <a href="#http.message">HTTP Message</a></h1> 1154 <div id="message.types"> 1155 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> <a href="#message.types">Message Types</a></h2> 1156 <p id="rfc.section.4.1.p.1">HTTP messages consist of requests from client to server and responses from server to client.</p> 1157 <div id="rfc.figure.u.27"></div><pre class="inline"><span id="rfc.iref.g.53"></span> <a href="#message.types" class="smpl">HTTP-message</a> = <a href="#request" class="smpl">Request</a> / <a href="#response" class="smpl">Response</a> ; HTTP/1.1 messages 1117 1158 </pre><p id="rfc.section.4.1.p.3">Request (<a href="#request" title="Request">Section 5</a>) and Response (<a href="#response" title="Response">Section 6</a>) messages use the generic message format of <a href="#RFC5322" id="rfc.xref.RFC5322.2"><cite title="Internet Message Format">[RFC5322]</cite></a> for transferring entities (the payload of the message). Both types of message consist of a start-line, zero or more header 1118 fields (also known as "headers"), an empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header1119 fields, and possibly a message-body.1120 </p>1121 <div id="rfc.figure.u.28"></div><pre class="inline"><span id="rfc.iref.g.54"></span><span id="rfc.iref.g.55"></span> <a href="#message.types" class="smpl">generic-message</a> = <a href="#message.types" class="smpl">start-line</a>1159 fields (also known as "headers"), an empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header 1160 fields, and possibly a message-body. 1161 </p> 1162 <div id="rfc.figure.u.28"></div><pre class="inline"><span id="rfc.iref.g.54"></span><span id="rfc.iref.g.55"></span> <a href="#message.types" class="smpl">generic-message</a> = <a href="#message.types" class="smpl">start-line</a> 1122 1163 *(<a href="#message.headers" class="smpl">message-header</a> <a href="#core.rules" class="smpl">CRLF</a>) 1123 1164 <a href="#core.rules" class="smpl">CRLF</a> … … 1125 1166 <a href="#message.types" class="smpl">start-line</a> = <a href="#request-line" class="smpl">Request-Line</a> / <a href="#status-line" class="smpl">Status-Line</a> 1126 1167 </pre><p id="rfc.section.4.1.p.5">In the interest of robustness, servers <em class="bcp14">SHOULD</em> ignore any empty line(s) received where a Request-Line is expected. In other words, if the server is reading the protocol 1127 stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF. 1128 </p> 1129 <p id="rfc.section.4.1.p.6">Certain buggy HTTP/1.0 client implementations generate extra CRLF's after a POST request. To restate what is explicitly forbidden 1130 by the BNF, an HTTP/1.1 client <em class="bcp14">MUST NOT</em> preface or follow a request with an extra CRLF. 1131 </p> 1132 <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a> <a id="message.headers" href="#message.headers">Message Headers</a></h2> 1133 <p id="rfc.section.4.2.p.1">HTTP header fields, which include general-header (<a href="#general.header.fields" title="General Header Fields">Section 4.5</a>), request-header (<a href="p2-semantics.html#request.header.fields" title="Request Header Fields">Section 4</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>), response-header (<a href="p2-semantics.html#response.header.fields" title="Response Header Fields">Section 6</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>), and entity-header (<a href="p3-payload.html#entity.header.fields" title="Entity Header Fields">Section 4.1</a> of <a href="#Part3" id="rfc.xref.Part3.9"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) fields, follow the same generic format as that given in <a href="http://tools.ietf.org/html/rfc5322#section-2.1">Section 2.1</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.3"><cite title="Internet Message Format">[RFC5322]</cite></a>. Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive. The 1134 field value <em class="bcp14">MAY</em> be preceded by any amount of LWS, though a single SP is preferred. Header fields can be extended over multiple lines by preceding 1135 each extra line with at least one SP or HTAB. Applications ought to follow "common form", where one is known or indicated, 1136 when generating HTTP constructs, since there might exist some implementations that fail to accept anything beyond the common 1137 forms. 1138 </p> 1139 <div id="rfc.figure.u.29"></div><pre class="inline"><span id="rfc.iref.g.56"></span><span id="rfc.iref.g.57"></span><span id="rfc.iref.g.58"></span><span id="rfc.iref.g.59"></span> <a href="#message.headers" class="smpl">message-header</a> = <a href="#message.headers" class="smpl">field-name</a> ":" [ <a href="#message.headers" class="smpl">field-value</a> ] 1168 stream at the beginning of a message and receives a CRLF first, it should ignore the CRLF. 1169 </p> 1170 <p id="rfc.section.4.1.p.6">Certain buggy HTTP/1.0 client implementations generate extra CRLF's after a POST request. To restate what is explicitly forbidden 1171 by the BNF, an HTTP/1.1 client <em class="bcp14">MUST NOT</em> preface or follow a request with an extra CRLF. 1172 </p> 1173 </div> 1174 <div id="message.headers"> 1175 <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a> <a href="#message.headers">Message Headers</a></h2> 1176 <p id="rfc.section.4.2.p.1">HTTP header fields, which include general-header (<a href="#general.header.fields" title="General Header Fields">Section 4.5</a>), request-header (<a href="p2-semantics.html#request.header.fields" title="Request Header Fields">Section 4</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>), response-header (<a href="p2-semantics.html#response.header.fields" title="Response Header Fields">Section 6</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>), and entity-header (<a href="p3-payload.html#entity.header.fields" title="Entity Header Fields">Section 4.1</a> of <a href="#Part3" id="rfc.xref.Part3.9"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) fields, follow the same generic format as that given in <a href="https://tools.ietf.org/html/rfc5322#section-2.1">Section 2.1</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.3"><cite title="Internet Message Format">[RFC5322]</cite></a>. Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive. The 1177 field value <em class="bcp14">MAY</em> be preceded by any amount of LWS, though a single SP is preferred. Header fields can be extended over multiple lines by preceding 1178 each extra line with at least one SP or HTAB. Applications ought to follow "common form", where one is known or indicated, 1179 when generating HTTP constructs, since there might exist some implementations that fail to accept anything beyond the common 1180 forms. 1181 </p> 1182 <div id="rfc.figure.u.29"></div><pre class="inline"><span id="rfc.iref.g.56"></span><span id="rfc.iref.g.57"></span><span id="rfc.iref.g.58"></span><span id="rfc.iref.g.59"></span> <a href="#message.headers" class="smpl">message-header</a> = <a href="#message.headers" class="smpl">field-name</a> ":" [ <a href="#message.headers" class="smpl">field-value</a> ] 1140 1183 <a href="#message.headers" class="smpl">field-name</a> = <a href="#rule.token.separators" class="smpl">token</a> 1141 1184 <a href="#message.headers" class="smpl">field-value</a> = *( <a href="#message.headers" class="smpl">field-content</a> / <a href="#rule.whitespace" class="smpl">OWS</a> ) 1142 1185 <a href="#message.headers" class="smpl">field-content</a> = <field content> 1143 </pre><p id="rfc.section.4.2.p.3"> <span class="comment" id="rfc.comment.1">[<a href="#rfc.comment.1" class="smpl">rfc.comment.1</a>: whitespace between field-name and colon is an error and MUST NOT be accepted]</span> 1144 </p> 1145 <p id="rfc.section.4.2.p.4">The field-content does not include any leading or trailing LWS: linear white space occurring before the first non-whitespace 1146 character of the field-value or after the last non-whitespace character of the field-value. Such leading or trailing LWS <em class="bcp14">MAY</em> be removed without changing the semantics of the field value. Any LWS that occurs between field-content <em class="bcp14">MAY</em> be replaced with a single SP before interpreting the field value or forwarding the message downstream. 1147 </p> 1148 <p id="rfc.section.4.2.p.5">The order in which header fields with differing field names are received is not significant. However, it is "good practice" 1149 to send general-header fields first, followed by request-header or response-header fields, and ending with the entity-header 1150 fields. 1151 </p> 1152 <p id="rfc.section.4.2.p.6">Multiple message-header fields with the same field-name <em class="bcp14">MAY</em> be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., 1153 #(values)]. It <em class="bcp14">MUST</em> be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics 1154 of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header 1155 fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and 1156 thus a proxy <em class="bcp14">MUST NOT</em> change the order of these field values when a message is forwarded. 1157 </p> 1158 <p id="rfc.section.4.2.p.7"> </p> 1159 <ul class="empty"> 1160 <li> <b>Note:</b> the "Set-Cookie" header as implemented in practice (as opposed to how it is specified in <a href="#RFC2109" id="rfc.xref.RFC2109.1"><cite title="HTTP State Management Mechanism">[RFC2109]</cite></a>) can occur multiple times, but does not use the list syntax, and thus cannot be combined into a single line. (See Appendix 1161 A.2.3 of <a href="#Kri2001" id="rfc.xref.Kri2001.1"><cite title="HTTP Cookies: Standards, Privacy, and Politics">[Kri2001]</cite></a> for details.) Also note that the Set-Cookie2 header specified in <a href="#RFC2965" id="rfc.xref.RFC2965.1"><cite title="HTTP State Management Mechanism">[RFC2965]</cite></a> does not share this problem. 1162 </li> 1163 </ul> 1164 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a id="message.body" href="#message.body">Message Body</a></h2> 1165 <p id="rfc.section.4.3.p.1">The message-body (if any) of an HTTP message is used to carry the entity-body associated with the request or response. The 1166 message-body differs from the entity-body only when a transfer-coding has been applied, as indicated by the Transfer-Encoding 1167 header field (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.2" title="Transfer-Encoding">Section 8.7</a>). 1168 </p> 1169 <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.60"></span> <a href="#message.body" class="smpl">message-body</a> = <a href="#abnf.dependencies" class="smpl">entity-body</a> 1186 </pre><p id="rfc.section.4.2.p.3"><span class="comment" id="rfc.comment.1">[<a href="#rfc.comment.1" class="smpl">rfc.comment.1</a>: whitespace between field-name and colon is an error and MUST NOT be accepted]</span> 1187 </p> 1188 <p id="rfc.section.4.2.p.4">The field-content does not include any leading or trailing LWS: linear white space occurring before the first non-whitespace 1189 character of the field-value or after the last non-whitespace character of the field-value. Such leading or trailing LWS <em class="bcp14">MAY</em> be removed without changing the semantics of the field value. Any LWS that occurs between field-content <em class="bcp14">MAY</em> be replaced with a single SP before interpreting the field value or forwarding the message downstream. 1190 </p> 1191 <p id="rfc.section.4.2.p.5">The order in which header fields with differing field names are received is not significant. However, it is "good practice" 1192 to send general-header fields first, followed by request-header or response-header fields, and ending with the entity-header 1193 fields. 1194 </p> 1195 <p id="rfc.section.4.2.p.6">Multiple message-header fields with the same field-name <em class="bcp14">MAY</em> be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., 1196 #(values)]. It <em class="bcp14">MUST</em> be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics 1197 of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header 1198 fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and 1199 thus a proxy <em class="bcp14">MUST NOT</em> change the order of these field values when a message is forwarded. 1200 </p> 1201 <p id="rfc.section.4.2.p.7"></p> 1202 <ul class="empty"> 1203 <li><b>Note:</b> the "Set-Cookie" header as implemented in practice (as opposed to how it is specified in <a href="#RFC2109" id="rfc.xref.RFC2109.1"><cite title="HTTP State Management Mechanism">[RFC2109]</cite></a>) can occur multiple times, but does not use the list syntax, and thus cannot be combined into a single line. (See Appendix 1204 A.2.3 of <a href="#Kri2001" id="rfc.xref.Kri2001.1"><cite title="HTTP Cookies: Standards, Privacy, and Politics">[Kri2001]</cite></a> for details.) Also note that the Set-Cookie2 header specified in <a href="#RFC2965" id="rfc.xref.RFC2965.1"><cite title="HTTP State Management Mechanism">[RFC2965]</cite></a> does not share this problem. 1205 </li> 1206 </ul> 1207 </div> 1208 <div id="message.body"> 1209 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a href="#message.body">Message Body</a></h2> 1210 <p id="rfc.section.4.3.p.1">The message-body (if any) of an HTTP message is used to carry the entity-body associated with the request or response. The 1211 message-body differs from the entity-body only when a transfer-coding has been applied, as indicated by the Transfer-Encoding 1212 header field (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.2" title="Transfer-Encoding">Section 8.7</a>). 1213 </p> 1214 <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.60"></span> <a href="#message.body" class="smpl">message-body</a> = <a href="#abnf.dependencies" class="smpl">entity-body</a> 1170 1215 / <entity-body encoded as per <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>> 1171 1216 </pre><p id="rfc.section.4.3.p.3">Transfer-Encoding <em class="bcp14">MUST</em> be used to indicate any transfer-codings applied by an application to ensure safe and proper transfer of the message. Transfer-Encoding 1172 is a property of the message, not of the entity, and thus <em class="bcp14">MAY</em> be added or removed by any application along the request/response chain. (However, <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a> places restrictions on when certain transfer-codings may be used.) 1173 </p> 1174 <p id="rfc.section.4.3.p.4">The rules for when a message-body is allowed in a message differ for requests and responses.</p> 1175 <p id="rfc.section.4.3.p.5">The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field 1176 in the request's message-headers. A message-body <em class="bcp14">MUST NOT</em> be included in a request if the specification of the request method (<a href="p2-semantics.html#method" title="Method">Section 3</a> of <a href="#Part2" id="rfc.xref.Part2.6"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) explicitly disallows an entity-body in requests. When a request message contains both a message-body of non-zero length 1177 and a method that does not define any semantics for that request message-body, then an origin server <em class="bcp14">SHOULD</em> either ignore the message-body or respond with an appropriate error message (e.g., 413). A proxy or gateway, when presented 1178 the same request, <em class="bcp14">SHOULD</em> either forward the request inbound with the message-body or ignore the message-body when determining a response. 1179 </p> 1180 <p id="rfc.section.4.3.p.6">For response messages, whether or not a message-body is included with a message is dependent on both the request method and 1181 the response status code (<a href="#status.code.and.reason.phrase" title="Status Code and Reason Phrase">Section 6.1.1</a>). All responses to the HEAD request method <em class="bcp14">MUST NOT</em> include a message-body, even though the presence of entity-header fields might lead one to believe they do. All 1xx (informational), 1182 204 (No Content), and 304 (Not Modified) responses <em class="bcp14">MUST NOT</em> include a message-body. All other responses do include a message-body, although it <em class="bcp14">MAY</em> be of zero length. 1183 </p> 1184 <h2 id="rfc.section.4.4"><a href="#rfc.section.4.4">4.4</a> <a id="message.length" href="#message.length">Message Length</a></h2> 1185 <p id="rfc.section.4.4.p.1">The transfer-length of a message is the length of the message-body as it appears in the message; that is, after any transfer-codings 1186 have been applied. When a message-body is included with a message, the transfer-length of that body is determined by one of 1187 the following (in order of precedence): 1188 </p> 1189 <p id="rfc.section.4.4.p.2"> </p> 1190 <ol> 1191 <li> 1192 <p>Any response message which "<em class="bcp14">MUST NOT</em>" include a message-body (such as the 1xx, 204, and 304 responses and any response to a HEAD request) is always terminated 1193 by the first empty line after the header fields, regardless of the entity-header fields present in the message. 1194 </p> 1195 </li> 1196 <li> 1197 <p>If a Transfer-Encoding header field (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.3" title="Transfer-Encoding">Section 8.7</a>) is present and the "chunked" transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>) is used, the transfer-length is defined by the use of this transfer-coding. If a Transfer-Encoding header field is present 1198 and the "chunked" transfer-coding is not present, the transfer-length is defined by the sender closing the connection. 1199 </p> 1200 </li> 1201 <li> 1202 <p>If a Content-Length header field (<a href="#header.content-length" id="rfc.xref.header.content-length.1" title="Content-Length">Section 8.2</a>) is present, its decimal value in OCTETs represents both the entity-length and the transfer-length. The Content-Length header 1203 field <em class="bcp14">MUST NOT</em> be sent if these two lengths are different (i.e., if a Transfer-Encoding header field is present). If a message is received 1204 with both a Transfer-Encoding header field and a Content-Length header field, the latter <em class="bcp14">MUST</em> be ignored. 1205 </p> 1206 </li> 1207 <li> 1208 <p>If the message uses the media type "multipart/byteranges", and the transfer-length is not otherwise specified, then this self-delimiting 1209 media type defines the transfer-length. This media type <em class="bcp14">MUST NOT</em> be used unless the sender knows that the recipient can parse it; the presence in a request of a Range header with multiple 1210 byte-range specifiers from a 1.1 client implies that the client can parse multipart/byteranges responses. 1211 </p> 1212 <ul class="empty"> 1213 <li>A range header might be forwarded by a 1.0 proxy that does not understand multipart/byteranges; in this case the server <em class="bcp14">MUST</em> delimit the message using methods defined in items 1, 3 or 5 of this section. 1214 </li> 1215 </ul> 1216 </li> 1217 <li> 1218 <p>By the server closing the connection. (Closing the connection cannot be used to indicate the end of a request body, since 1219 that would leave no possibility for the server to send back a response.) 1220 </p> 1221 </li> 1222 </ol> 1223 <p id="rfc.section.4.4.p.3">For compatibility with HTTP/1.0 applications, HTTP/1.1 requests containing a message-body <em class="bcp14">MUST</em> include a valid Content-Length header field unless the server is known to be HTTP/1.1 compliant. If a request contains a message-body 1224 and a Content-Length is not given, the server <em class="bcp14">SHOULD</em> respond with 400 (Bad Request) if it cannot determine the length of the message, or with 411 (Length Required) if it wishes 1225 to insist on receiving a valid Content-Length. 1226 </p> 1227 <p id="rfc.section.4.4.p.4">All HTTP/1.1 applications that receive entities <em class="bcp14">MUST</em> accept the "chunked" transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>), thus allowing this mechanism to be used for messages when the message length cannot be determined in advance. 1228 </p> 1229 <p id="rfc.section.4.4.p.5">Messages <em class="bcp14">MUST NOT</em> include both a Content-Length header field and a transfer-coding. If the message does include a transfer-coding, the Content-Length <em class="bcp14">MUST</em> be ignored. 1230 </p> 1231 <p id="rfc.section.4.4.p.6">When a Content-Length is given in a message where a message-body is allowed, its field value <em class="bcp14">MUST</em> exactly match the number of OCTETs in the message-body. HTTP/1.1 user agents <em class="bcp14">MUST</em> notify the user when an invalid length is received and detected. 1232 </p> 1233 <h2 id="rfc.section.4.5"><a href="#rfc.section.4.5">4.5</a> <a id="general.header.fields" href="#general.header.fields">General Header Fields</a></h2> 1234 <p id="rfc.section.4.5.p.1">There are a few header fields which have general applicability for both request and response messages, but which do not apply 1235 to the entity being transferred. These header fields apply only to the message being transmitted. 1236 </p> 1237 <div id="rfc.figure.u.31"></div><pre class="inline"><span id="rfc.iref.g.61"></span> <a href="#general.header.fields" class="smpl">general-header</a> = <a href="#abnf.dependencies" class="smpl">Cache-Control</a> ; <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 16.2</a> 1217 is a property of the message, not of the entity, and thus <em class="bcp14">MAY</em> be added or removed by any application along the request/response chain. (However, <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a> places restrictions on when certain transfer-codings may be used.) 1218 </p> 1219 <p id="rfc.section.4.3.p.4">The rules for when a message-body is allowed in a message differ for requests and responses.</p> 1220 <p id="rfc.section.4.3.p.5">The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field 1221 in the request's message-headers. A message-body <em class="bcp14">MUST NOT</em> be included in a request if the specification of the request method (<a href="p2-semantics.html#method" title="Method">Section 3</a> of <a href="#Part2" id="rfc.xref.Part2.6"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) explicitly disallows an entity-body in requests. When a request message contains both a message-body of non-zero length 1222 and a method that does not define any semantics for that request message-body, then an origin server <em class="bcp14">SHOULD</em> either ignore the message-body or respond with an appropriate error message (e.g., 413). A proxy or gateway, when presented 1223 the same request, <em class="bcp14">SHOULD</em> either forward the request inbound with the message-body or ignore the message-body when determining a response. 1224 </p> 1225 <p id="rfc.section.4.3.p.6">For response messages, whether or not a message-body is included with a message is dependent on both the request method and 1226 the response status code (<a href="#status.code.and.reason.phrase" title="Status Code and Reason Phrase">Section 6.1.1</a>). All responses to the HEAD request method <em class="bcp14">MUST NOT</em> include a message-body, even though the presence of entity-header fields might lead one to believe they do. All 1xx (informational), 1227 204 (No Content), and 304 (Not Modified) responses <em class="bcp14">MUST NOT</em> include a message-body. All other responses do include a message-body, although it <em class="bcp14">MAY</em> be of zero length. 1228 </p> 1229 </div> 1230 <div id="message.length"> 1231 <h2 id="rfc.section.4.4"><a href="#rfc.section.4.4">4.4</a> <a href="#message.length">Message Length</a></h2> 1232 <p id="rfc.section.4.4.p.1">The transfer-length of a message is the length of the message-body as it appears in the message; that is, after any transfer-codings 1233 have been applied. When a message-body is included with a message, the transfer-length of that body is determined by one of 1234 the following (in order of precedence): 1235 </p> 1236 <p id="rfc.section.4.4.p.2"></p> 1237 <ol> 1238 <li> 1239 <p>Any response message which "<em class="bcp14">MUST NOT</em>" include a message-body (such as the 1xx, 204, and 304 responses and any response to a HEAD request) is always terminated 1240 by the first empty line after the header fields, regardless of the entity-header fields present in the message. 1241 </p> 1242 </li> 1243 <li> 1244 <p>If a Transfer-Encoding header field (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.3" title="Transfer-Encoding">Section 8.7</a>) is present and the "chunked" transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>) is used, the transfer-length is defined by the use of this transfer-coding. If a Transfer-Encoding header field is present 1245 and the "chunked" transfer-coding is not present, the transfer-length is defined by the sender closing the connection. 1246 </p> 1247 </li> 1248 <li> 1249 <p>If a Content-Length header field (<a href="#header.content-length" id="rfc.xref.header.content-length.1" title="Content-Length">Section 8.2</a>) is present, its decimal value in OCTETs represents both the entity-length and the transfer-length. The Content-Length header 1250 field <em class="bcp14">MUST NOT</em> be sent if these two lengths are different (i.e., if a Transfer-Encoding header field is present). If a message is received 1251 with both a Transfer-Encoding header field and a Content-Length header field, the latter <em class="bcp14">MUST</em> be ignored. 1252 </p> 1253 </li> 1254 <li> 1255 <p>If the message uses the media type "multipart/byteranges", and the transfer-length is not otherwise specified, then this self-delimiting 1256 media type defines the transfer-length. This media type <em class="bcp14">MUST NOT</em> be used unless the sender knows that the recipient can parse it; the presence in a request of a Range header with multiple 1257 byte-range specifiers from a 1.1 client implies that the client can parse multipart/byteranges responses. 1258 </p> 1259 <ul class="empty"> 1260 <li>A range header might be forwarded by a 1.0 proxy that does not understand multipart/byteranges; in this case the server <em class="bcp14">MUST</em> delimit the message using methods defined in items 1, 3 or 5 of this section. 1261 </li> 1262 </ul> 1263 </li> 1264 <li> 1265 <p>By the server closing the connection. (Closing the connection cannot be used to indicate the end of a request body, since 1266 that would leave no possibility for the server to send back a response.) 1267 </p> 1268 </li> 1269 </ol> 1270 <p id="rfc.section.4.4.p.3">For compatibility with HTTP/1.0 applications, HTTP/1.1 requests containing a message-body <em class="bcp14">MUST</em> include a valid Content-Length header field unless the server is known to be HTTP/1.1 compliant. If a request contains a message-body 1271 and a Content-Length is not given, the server <em class="bcp14">SHOULD</em> respond with 400 (Bad Request) if it cannot determine the length of the message, or with 411 (Length Required) if it wishes 1272 to insist on receiving a valid Content-Length. 1273 </p> 1274 <p id="rfc.section.4.4.p.4">All HTTP/1.1 applications that receive entities <em class="bcp14">MUST</em> accept the "chunked" transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>), thus allowing this mechanism to be used for messages when the message length cannot be determined in advance. 1275 </p> 1276 <p id="rfc.section.4.4.p.5">Messages <em class="bcp14">MUST NOT</em> include both a Content-Length header field and a transfer-coding. If the message does include a transfer-coding, the Content-Length <em class="bcp14">MUST</em> be ignored. 1277 </p> 1278 <p id="rfc.section.4.4.p.6">When a Content-Length is given in a message where a message-body is allowed, its field value <em class="bcp14">MUST</em> exactly match the number of OCTETs in the message-body. HTTP/1.1 user agents <em class="bcp14">MUST</em> notify the user when an invalid length is received and detected. 1279 </p> 1280 </div> 1281 <div id="general.header.fields"> 1282 <h2 id="rfc.section.4.5"><a href="#rfc.section.4.5">4.5</a> <a href="#general.header.fields">General Header Fields</a></h2> 1283 <p id="rfc.section.4.5.p.1">There are a few header fields which have general applicability for both request and response messages, but which do not apply 1284 to the entity being transferred. These header fields apply only to the message being transmitted. 1285 </p> 1286 <div id="rfc.figure.u.31"></div><pre class="inline"><span id="rfc.iref.g.61"></span> <a href="#general.header.fields" class="smpl">general-header</a> = <a href="#abnf.dependencies" class="smpl">Cache-Control</a> ; <a href="#Part6" id="rfc.xref.Part6.5"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 16.2</a> 1238 1287 / <a href="#header.connection" class="smpl">Connection</a> ; <a href="#header.connection" id="rfc.xref.header.connection.1" title="Connection">Section 8.1</a> 1239 1288 / <a href="#header.date" class="smpl">Date</a> ; <a href="#header.date" id="rfc.xref.header.date.1" title="Date">Section 8.3</a> … … 1245 1294 / <a href="#abnf.dependencies" class="smpl">Warning</a> ; <a href="#Part6" id="rfc.xref.Part6.7"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>, <a href="p6-cache.html#header.warning" title="Warning">Section 16.6</a> 1246 1295 </pre><p id="rfc.section.4.5.p.3">General-header field names can be extended reliably only in combination with a change in the protocol version. However, new 1247 or experimental header fields may be given the semantics of general header fields if all parties in the communication recognize 1248 them to be general-header fields. Unrecognized header fields are treated as entity-header fields. 1249 </p> 1250 <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a> <a id="request" href="#request">Request</a></h1> 1251 <p id="rfc.section.5.p.1">A request message from a client to a server includes, within the first line of that message, the method to be applied to the 1252 resource, the identifier of the resource, and the protocol version in use. 1253 </p> 1254 <div id="rfc.figure.u.32"></div><pre class="inline"><span id="rfc.iref.g.62"></span> <a href="#request" class="smpl">Request</a> = <a href="#request-line" class="smpl">Request-Line</a> ; <a href="#request-line" title="Request-Line">Section 5.1</a> 1296 or experimental header fields may be given the semantics of general header fields if all parties in the communication recognize 1297 them to be general-header fields. Unrecognized header fields are treated as entity-header fields. 1298 </p> 1299 </div> 1300 </div> 1301 <div id="request"> 1302 <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a> <a href="#request">Request</a></h1> 1303 <p id="rfc.section.5.p.1">A request message from a client to a server includes, within the first line of that message, the method to be applied to the 1304 resource, the identifier of the resource, and the protocol version in use. 1305 </p> 1306 <div id="rfc.figure.u.32"></div><pre class="inline"><span id="rfc.iref.g.62"></span> <a href="#request" class="smpl">Request</a> = <a href="#request-line" class="smpl">Request-Line</a> ; <a href="#request-line" title="Request-Line">Section 5.1</a> 1255 1307 *(( <a href="#general.header.fields" class="smpl">general-header</a> ; <a href="#general.header.fields" title="General Header Fields">Section 4.5</a> 1256 1308 / <a href="#abnf.dependencies" class="smpl">request-header</a> ; <a href="#Part2" id="rfc.xref.Part2.7"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>, <a href="p2-semantics.html#request.header.fields" title="Request Header Fields">Section 4</a> … … 1258 1310 <a href="#core.rules" class="smpl">CRLF</a> 1259 1311 [ <a href="#message.body" class="smpl">message-body</a> ] ; <a href="#message.body" title="Message Body">Section 4.3</a> 1260 </pre><h2 id="rfc.section.5.1"><a href="#rfc.section.5.1">5.1</a> <a id="request-line" href="#request-line">Request-Line</a></h2> 1261 <p id="rfc.section.5.1.p.1">The Request-Line begins with a method token, followed by the Request-URI and the protocol version, and ending with CRLF. The 1262 elements are separated by SP characters. No CR or LF is allowed except in the final CRLF sequence. 1263 </p> 1264 <div id="rfc.figure.u.33"></div><pre class="inline"><span id="rfc.iref.g.63"></span> <a href="#request-line" class="smpl">Request-Line</a> = <a href="#method" class="smpl">Method</a> <a href="#core.rules" class="smpl">SP</a> <a href="#request-uri" class="smpl">Request-URI</a> <a href="#core.rules" class="smpl">SP</a> <a href="#http.version" class="smpl">HTTP-Version</a> <a href="#core.rules" class="smpl">CRLF</a> 1265 </pre><h3 id="rfc.section.5.1.1"><a href="#rfc.section.5.1.1">5.1.1</a> <a id="method" href="#method">Method</a></h3> 1266 <p id="rfc.section.5.1.1.p.1">The Method token indicates the method to be performed on the resource identified by the Request-URI. The method is case-sensitive.</p> 1267 <div id="rfc.figure.u.34"></div><pre class="inline"><span id="rfc.iref.g.64"></span><span id="rfc.iref.g.65"></span> <a href="#method" class="smpl">Method</a> = <a href="#rule.token.separators" class="smpl">token</a> 1268 </pre><h3 id="rfc.section.5.1.2"><a href="#rfc.section.5.1.2">5.1.2</a> <a id="request-uri" href="#request-uri">Request-URI</a></h3> 1269 <p id="rfc.section.5.1.2.p.1">The Request-URI is a Uniform Resource Identifier (<a href="#uri" title="Uniform Resource Identifiers">Section 3.2</a>) and identifies the resource upon which to apply the request. 1270 </p> 1271 <div id="rfc.figure.u.35"></div><pre class="inline"><span id="rfc.iref.g.66"></span> <a href="#request-uri" class="smpl">Request-URI</a> = "*" 1312 </pre><div id="request-line"> 1313 <h2 id="rfc.section.5.1"><a href="#rfc.section.5.1">5.1</a> <a href="#request-line">Request-Line</a></h2> 1314 <p id="rfc.section.5.1.p.1">The Request-Line begins with a method token, followed by the Request-URI and the protocol version, and ending with CRLF. The 1315 elements are separated by SP characters. No CR or LF is allowed except in the final CRLF sequence. 1316 </p> 1317 <div id="rfc.figure.u.33"></div><pre class="inline"><span id="rfc.iref.g.63"></span> <a href="#request-line" class="smpl">Request-Line</a> = <a href="#method" class="smpl">Method</a> <a href="#core.rules" class="smpl">SP</a> <a href="#request-uri" class="smpl">Request-URI</a> <a href="#core.rules" class="smpl">SP</a> <a href="#http.version" class="smpl">HTTP-Version</a> <a href="#core.rules" class="smpl">CRLF</a> 1318 </pre><div id="method"> 1319 <h3 id="rfc.section.5.1.1"><a href="#rfc.section.5.1.1">5.1.1</a> <a href="#method">Method</a></h3> 1320 <p id="rfc.section.5.1.1.p.1">The Method token indicates the method to be performed on the resource identified by the Request-URI. The method is case-sensitive.</p> 1321 <div id="rfc.figure.u.34"></div><pre class="inline"><span id="rfc.iref.g.64"></span><span id="rfc.iref.g.65"></span> <a href="#method" class="smpl">Method</a> = <a href="#rule.token.separators" class="smpl">token</a> 1322 </pre></div> 1323 <div id="request-uri"> 1324 <h3 id="rfc.section.5.1.2"><a href="#rfc.section.5.1.2">5.1.2</a> <a href="#request-uri">Request-URI</a></h3> 1325 <p id="rfc.section.5.1.2.p.1">The Request-URI is a Uniform Resource Identifier (<a href="#uri" title="Uniform Resource Identifiers">Section 3.2</a>) and identifies the resource upon which to apply the request. 1326 </p> 1327 <div id="rfc.figure.u.35"></div><pre class="inline"><span id="rfc.iref.g.66"></span> <a href="#request-uri" class="smpl">Request-URI</a> = "*" 1272 1328 / <a href="#uri" class="smpl">absolute-URI</a> 1273 1329 / ( <a href="#uri" class="smpl">path-absolute</a> [ "?" <a href="#uri" class="smpl">query</a> ] ) 1274 1330 / <a href="#uri" class="smpl">authority</a> 1275 1331 </pre><p id="rfc.section.5.1.2.p.3">The four options for Request-URI are dependent on the nature of the request. The asterisk "*" means that the request does 1276 not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily1277 apply to a resource. One example would be1278 </p>1279 <div id="rfc.figure.u.36"></div><pre class="text"> OPTIONS * HTTP/1.11332 not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily 1333 apply to a resource. One example would be 1334 </p> 1335 <div id="rfc.figure.u.36"></div><pre class="text"> OPTIONS * HTTP/1.1 1280 1336 </pre><p id="rfc.section.5.1.2.p.5">The absolute-URI form is <em class="bcp14">REQUIRED</em> when the request is being made to a proxy. The proxy is requested to forward the request or service it from a valid cache, 1281 and return the response. Note that the proxy <em class="bcp14">MAY</em> forward the request on to another proxy or directly to the server specified by the absolute-URI. In order to avoid request1282 loops, a proxy <em class="bcp14">MUST</em> be able to recognize all of its server names, including any aliases, local variations, and the numeric IP address. An example1283 Request-Line would be:1284 </p>1285 <div id="rfc.figure.u.37"></div><pre class="text"> GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.11337 and return the response. Note that the proxy <em class="bcp14">MAY</em> forward the request on to another proxy or directly to the server specified by the absolute-URI. In order to avoid request 1338 loops, a proxy <em class="bcp14">MUST</em> be able to recognize all of its server names, including any aliases, local variations, and the numeric IP address. An example 1339 Request-Line would be: 1340 </p> 1341 <div id="rfc.figure.u.37"></div><pre class="text"> GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1 1286 1342 </pre><p id="rfc.section.5.1.2.p.7">To allow for transition to absolute-URIs in all requests in future versions of HTTP, all HTTP/1.1 servers <em class="bcp14">MUST</em> accept the absolute-URI form in requests, even though HTTP/1.1 clients will only generate them in requests to proxies. 1287 </p>1288 <p id="rfc.section.5.1.2.p.8">The authority form is only used by the CONNECT method (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 8.9</a> of <a href="#Part2" id="rfc.xref.Part2.8"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>).1289 </p>1290 <p id="rfc.section.5.1.2.p.9">The most common form of Request-URI is that used to identify a resource on an origin server or gateway. In this case the absolute1291 path of the URI <em class="bcp14">MUST</em> be transmitted (see <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>, path-absolute) as the Request-URI, and the network location of the URI (authority) <em class="bcp14">MUST</em> be transmitted in a Host header field. For example, a client wishing to retrieve the resource above directly from the origin1292 server would create a TCP connection to port 80 of the host "www.example.org" and send the lines:1293 </p>1294 <div id="rfc.figure.u.38"></div><pre class="text"> GET /pub/WWW/TheProject.html HTTP/1.11343 </p> 1344 <p id="rfc.section.5.1.2.p.8">The authority form is only used by the CONNECT method (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 8.9</a> of <a href="#Part2" id="rfc.xref.Part2.8"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). 1345 </p> 1346 <p id="rfc.section.5.1.2.p.9">The most common form of Request-URI is that used to identify a resource on an origin server or gateway. In this case the absolute 1347 path of the URI <em class="bcp14">MUST</em> be transmitted (see <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>, path-absolute) as the Request-URI, and the network location of the URI (authority) <em class="bcp14">MUST</em> be transmitted in a Host header field. For example, a client wishing to retrieve the resource above directly from the origin 1348 server would create a TCP connection to port 80 of the host "www.example.org" and send the lines: 1349 </p> 1350 <div id="rfc.figure.u.38"></div><pre class="text"> GET /pub/WWW/TheProject.html HTTP/1.1 1295 1351 Host: www.example.org 1296 1352 </pre><p id="rfc.section.5.1.2.p.11">followed by the remainder of the Request. Note that the absolute path cannot be empty; if none is present in the original 1297 URI, it <em class="bcp14">MUST</em> be given as "/" (the server root). 1298 </p> 1299 <p id="rfc.section.5.1.2.p.12">The Request-URI is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>. If the Request-URI is encoded using the "% <a href="#core.rules" class="smpl">HEXDIG</a> <a href="#core.rules" class="smpl">HEXDIG</a>" encoding (<a href="#RFC3986" id="rfc.xref.RFC3986.14"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.4">Section 2.4</a>), the origin server <em class="bcp14">MUST</em> decode the Request-URI in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid Request-URIs with an appropriate status code. 1300 </p> 1301 <p id="rfc.section.5.1.2.p.13">A transparent proxy <em class="bcp14">MUST NOT</em> rewrite the "path-absolute" part of the received Request-URI when forwarding it to the next inbound server, except as noted 1302 above to replace a null path-absolute with "/". 1303 </p> 1304 <p id="rfc.section.5.1.2.p.14"> </p> 1305 <ul class="empty"> 1306 <li> <b>Note:</b> The "no rewrite" rule prevents the proxy from changing the meaning of the request when the origin server is improperly using 1307 a non-reserved URI character for a reserved purpose. Implementors should be aware that some pre-HTTP/1.1 proxies have been 1308 known to rewrite the Request-URI. 1309 </li> 1310 </ul> 1311 <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a> <a id="the.resource.identified.by.a.request" href="#the.resource.identified.by.a.request">The Resource Identified by a Request</a></h2> 1312 <p id="rfc.section.5.2.p.1">The exact resource identified by an Internet request is determined by examining both the Request-URI and the Host header field.</p> 1313 <p id="rfc.section.5.2.p.2">An origin server that does not allow resources to differ by the requested host <em class="bcp14">MAY</em> ignore the Host header field value when determining the resource identified by an HTTP/1.1 request. (But see <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" title="Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses">Appendix C.1.1</a> for other requirements on Host support in HTTP/1.1.) 1314 </p> 1315 <p id="rfc.section.5.2.p.3">An origin server that does differentiate resources based on the host requested (sometimes referred to as virtual hosts or 1316 vanity host names) <em class="bcp14">MUST</em> use the following rules for determining the requested resource on an HTTP/1.1 request: 1317 </p> 1318 <ol> 1319 <li>If Request-URI is an absolute-URI, the host is part of the Request-URI. Any Host header field value in the request <em class="bcp14">MUST</em> be ignored. 1320 </li> 1321 <li>If the Request-URI is not an absolute-URI, and the request includes a Host header field, the host is determined by the Host 1322 header field value. 1323 </li> 1324 <li>If the host as determined by rule 1 or 2 is not a valid host on the server, the response <em class="bcp14">MUST</em> be a 400 (Bad Request) error message. 1325 </li> 1326 </ol> 1327 <p id="rfc.section.5.2.p.4">Recipients of an HTTP/1.0 request that lacks a Host header field <em class="bcp14">MAY</em> attempt to use heuristics (e.g., examination of the URI path for something unique to a particular host) in order to determine 1328 what exact resource is being requested. 1329 </p> 1330 <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a> <a id="response" href="#response">Response</a></h1> 1331 <p id="rfc.section.6.p.1">After receiving and interpreting a request message, a server responds with an HTTP response message.</p> 1332 <div id="rfc.figure.u.39"></div><pre class="inline"><span id="rfc.iref.g.67"></span> <a href="#response" class="smpl">Response</a> = <a href="#status-line" class="smpl">Status-Line</a> ; <a href="#status-line" title="Status-Line">Section 6.1</a> 1353 URI, it <em class="bcp14">MUST</em> be given as "/" (the server root). 1354 </p> 1355 <p id="rfc.section.5.1.2.p.12">The Request-URI is transmitted in the format specified in <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>. If the Request-URI is encoded using the "% <a href="#core.rules" class="smpl">HEXDIG</a> <a href="#core.rules" class="smpl">HEXDIG</a>" encoding (<a href="#RFC3986" id="rfc.xref.RFC3986.14"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-2.4">Section 2.4</a>), the origin server <em class="bcp14">MUST</em> decode the Request-URI in order to properly interpret the request. Servers <em class="bcp14">SHOULD</em> respond to invalid Request-URIs with an appropriate status code. 1356 </p> 1357 <p id="rfc.section.5.1.2.p.13">A transparent proxy <em class="bcp14">MUST NOT</em> rewrite the "path-absolute" part of the received Request-URI when forwarding it to the next inbound server, except as noted 1358 above to replace a null path-absolute with "/". 1359 </p> 1360 <p id="rfc.section.5.1.2.p.14"></p> 1361 <ul class="empty"> 1362 <li><b>Note:</b> The "no rewrite" rule prevents the proxy from changing the meaning of the request when the origin server is improperly using 1363 a non-reserved URI character for a reserved purpose. Implementors should be aware that some pre-HTTP/1.1 proxies have been 1364 known to rewrite the Request-URI. 1365 </li> 1366 </ul> 1367 </div> 1368 </div> 1369 <div id="the.resource.identified.by.a.request"> 1370 <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a> <a href="#the.resource.identified.by.a.request">The Resource Identified by a Request</a></h2> 1371 <p id="rfc.section.5.2.p.1">The exact resource identified by an Internet request is determined by examining both the Request-URI and the Host header field.</p> 1372 <p id="rfc.section.5.2.p.2">An origin server that does not allow resources to differ by the requested host <em class="bcp14">MAY</em> ignore the Host header field value when determining the resource identified by an HTTP/1.1 request. (But see <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" title="Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses">Appendix C.1.1</a> for other requirements on Host support in HTTP/1.1.) 1373 </p> 1374 <p id="rfc.section.5.2.p.3">An origin server that does differentiate resources based on the host requested (sometimes referred to as virtual hosts or 1375 vanity host names) <em class="bcp14">MUST</em> use the following rules for determining the requested resource on an HTTP/1.1 request: 1376 </p> 1377 <ol> 1378 <li>If Request-URI is an absolute-URI, the host is part of the Request-URI. Any Host header field value in the request <em class="bcp14">MUST</em> be ignored. 1379 </li> 1380 <li>If the Request-URI is not an absolute-URI, and the request includes a Host header field, the host is determined by the Host 1381 header field value. 1382 </li> 1383 <li>If the host as determined by rule 1 or 2 is not a valid host on the server, the response <em class="bcp14">MUST</em> be a 400 (Bad Request) error message. 1384 </li> 1385 </ol> 1386 <p id="rfc.section.5.2.p.4">Recipients of an HTTP/1.0 request that lacks a Host header field <em class="bcp14">MAY</em> attempt to use heuristics (e.g., examination of the URI path for something unique to a particular host) in order to determine 1387 what exact resource is being requested. 1388 </p> 1389 </div> 1390 </div> 1391 <div id="response"> 1392 <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a> <a href="#response">Response</a></h1> 1393 <p id="rfc.section.6.p.1">After receiving and interpreting a request message, a server responds with an HTTP response message.</p> 1394 <div id="rfc.figure.u.39"></div><pre class="inline"><span id="rfc.iref.g.67"></span> <a href="#response" class="smpl">Response</a> = <a href="#status-line" class="smpl">Status-Line</a> ; <a href="#status-line" title="Status-Line">Section 6.1</a> 1333 1395 *(( <a href="#general.header.fields" class="smpl">general-header</a> ; <a href="#general.header.fields" title="General Header Fields">Section 4.5</a> 1334 1396 / <a href="#abnf.dependencies" class="smpl">response-header</a> ; <a href="#Part2" id="rfc.xref.Part2.9"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>, <a href="p2-semantics.html#response.header.fields" title="Response Header Fields">Section 6</a> … … 1336 1398 <a href="#core.rules" class="smpl">CRLF</a> 1337 1399 [ <a href="#message.body" class="smpl">message-body</a> ] ; <a href="#message.body" title="Message Body">Section 4.3</a> 1338 </pre><h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a> <a id="status-line" href="#status-line">Status-Line</a></h2> 1339 <p id="rfc.section.6.1.p.1">The first line of a Response message is the Status-Line, consisting of the protocol version followed by a numeric status code 1340 and its associated textual phrase, with each element separated by SP characters. No CR or LF is allowed except in the final 1341 CRLF sequence. 1342 </p> 1343 <div id="rfc.figure.u.40"></div><pre class="inline"><span id="rfc.iref.g.68"></span> <a href="#status-line" class="smpl">Status-Line</a> = <a href="#http.version" class="smpl">HTTP-Version</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.code.and.reason.phrase" class="smpl">Status-Code</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.code.and.reason.phrase" class="smpl">Reason-Phrase</a> <a href="#core.rules" class="smpl">CRLF</a> 1344 </pre><h3 id="rfc.section.6.1.1"><a href="#rfc.section.6.1.1">6.1.1</a> <a id="status.code.and.reason.phrase" href="#status.code.and.reason.phrase">Status Code and Reason Phrase</a></h3> 1345 <p id="rfc.section.6.1.1.p.1">The Status-Code element is a 3-digit integer result code of the attempt to understand and satisfy the request. These codes 1346 are fully defined in <a href="p2-semantics.html#status.codes" title="Status Code Definitions">Section 9</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>. The Reason Phrase exists for the sole purpose of providing a textual description associated with the numeric status code, 1347 out of deference to earlier Internet application protocols that were more frequently used with interactive text clients. A 1348 client <em class="bcp14">SHOULD</em> ignore the content of the Reason Phrase. 1349 </p> 1350 <p id="rfc.section.6.1.1.p.2">The first digit of the Status-Code defines the class of response. The last two digits do not have any categorization role. 1351 There are 5 values for the first digit: 1352 </p> 1353 <ul> 1354 <li>1xx: Informational - Request received, continuing process</li> 1355 <li>2xx: Success - The action was successfully received, understood, and accepted</li> 1356 <li>3xx: Redirection - Further action must be taken in order to complete the request</li> 1357 <li>4xx: Client Error - The request contains bad syntax or cannot be fulfilled</li> 1358 <li>5xx: Server Error - The server failed to fulfill an apparently valid request</li> 1359 </ul> 1360 <div id="rfc.figure.u.41"></div><pre class="inline"><span id="rfc.iref.g.69"></span><span id="rfc.iref.g.70"></span><span id="rfc.iref.g.71"></span> <a href="#status.code.and.reason.phrase" class="smpl">Status-Code</a> = 3<a href="#core.rules" class="smpl">DIGIT</a> 1400 </pre><div id="status-line"> 1401 <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a> <a href="#status-line">Status-Line</a></h2> 1402 <p id="rfc.section.6.1.p.1">The first line of a Response message is the Status-Line, consisting of the protocol version followed by a numeric status code 1403 and its associated textual phrase, with each element separated by SP characters. No CR or LF is allowed except in the final 1404 CRLF sequence. 1405 </p> 1406 <div id="rfc.figure.u.40"></div><pre class="inline"><span id="rfc.iref.g.68"></span> <a href="#status-line" class="smpl">Status-Line</a> = <a href="#http.version" class="smpl">HTTP-Version</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.code.and.reason.phrase" class="smpl">Status-Code</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.code.and.reason.phrase" class="smpl">Reason-Phrase</a> <a href="#core.rules" class="smpl">CRLF</a> 1407 </pre><div id="status.code.and.reason.phrase"> 1408 <h3 id="rfc.section.6.1.1"><a href="#rfc.section.6.1.1">6.1.1</a> <a href="#status.code.and.reason.phrase">Status Code and Reason Phrase</a></h3> 1409 <p id="rfc.section.6.1.1.p.1">The Status-Code element is a 3-digit integer result code of the attempt to understand and satisfy the request. These codes 1410 are fully defined in <a href="p2-semantics.html#status.codes" title="Status Code Definitions">Section 9</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>. The Reason Phrase exists for the sole purpose of providing a textual description associated with the numeric status code, 1411 out of deference to earlier Internet application protocols that were more frequently used with interactive text clients. A 1412 client <em class="bcp14">SHOULD</em> ignore the content of the Reason Phrase. 1413 </p> 1414 <p id="rfc.section.6.1.1.p.2">The first digit of the Status-Code defines the class of response. The last two digits do not have any categorization role. 1415 There are 5 values for the first digit: 1416 </p> 1417 <ul> 1418 <li>1xx: Informational - Request received, continuing process</li> 1419 <li>2xx: Success - The action was successfully received, understood, and accepted</li> 1420 <li>3xx: Redirection - Further action must be taken in order to complete the request</li> 1421 <li>4xx: Client Error - The request contains bad syntax or cannot be fulfilled</li> 1422 <li>5xx: Server Error - The server failed to fulfill an apparently valid request</li> 1423 </ul> 1424 <div id="rfc.figure.u.41"></div><pre class="inline"><span id="rfc.iref.g.69"></span><span id="rfc.iref.g.70"></span><span id="rfc.iref.g.71"></span> <a href="#status.code.and.reason.phrase" class="smpl">Status-Code</a> = 3<a href="#core.rules" class="smpl">DIGIT</a> 1361 1425 <a href="#status.code.and.reason.phrase" class="smpl">Reason-Phrase</a> = *<<a href="#rule.TEXT" class="smpl">TEXT</a>, excluding <a href="#core.rules" class="smpl">CR</a>, <a href="#core.rules" class="smpl">LF</a>> 1362 </pre><h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a> <a id="connections" href="#connections">Connections</a></h1> 1363 <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a> <a id="persistent.connections" href="#persistent.connections">Persistent Connections</a></h2> 1364 <h3 id="rfc.section.7.1.1"><a href="#rfc.section.7.1.1">7.1.1</a> <a id="persistent.purpose" href="#persistent.purpose">Purpose</a></h3> 1365 <p id="rfc.section.7.1.1.p.1">Prior to persistent connections, a separate TCP connection was established to fetch each URL, increasing the load on HTTP 1366 servers and causing congestion on the Internet. The use of inline images and other associated data often require a client 1367 to make multiple requests of the same server in a short amount of time. Analysis of these performance problems and results 1368 from a prototype implementation are available <a href="#Pad1995" id="rfc.xref.Pad1995.1"><cite title="Improving HTTP Latency">[Pad1995]</cite></a> <a href="#Spe" id="rfc.xref.Spe.1"><cite title="Analysis of HTTP Performance Problems">[Spe]</cite></a>. Implementation experience and measurements of actual HTTP/1.1 (<cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2068.2">RFC 2068</cite>) implementations show good results <a href="#Nie1997" id="rfc.xref.Nie1997.1"><cite title="Network Performance Effects of HTTP/1.1, CSS1, and PNG">[Nie1997]</cite></a>. Alternatives have also been explored, for example, T/TCP <a href="#Tou1998" id="rfc.xref.Tou1998.1"><cite title="Analysis of HTTP Performance">[Tou1998]</cite></a>. 1369 </p> 1370 <p id="rfc.section.7.1.1.p.2">Persistent HTTP connections have a number of advantages: </p> 1371 <ul> 1372 <li>By opening and closing fewer TCP connections, CPU time is saved in routers and hosts (clients, servers, proxies, gateways, 1373 tunnels, or caches), and memory used for TCP protocol control blocks can be saved in hosts. 1374 </li> 1375 <li>HTTP requests and responses can be pipelined on a connection. Pipelining allows a client to make multiple requests without 1376 waiting for each response, allowing a single TCP connection to be used much more efficiently, with much lower elapsed time. 1377 </li> 1378 <li>Network congestion is reduced by reducing the number of packets caused by TCP opens, and by allowing TCP sufficient time to 1379 determine the congestion state of the network. 1380 </li> 1381 <li>Latency on subsequent requests is reduced since there is no time spent in TCP's connection opening handshake.</li> 1382 <li>HTTP can evolve more gracefully, since errors can be reported without the penalty of closing the TCP connection. Clients using 1383 future versions of HTTP might optimistically try a new feature, but if communicating with an older server, retry with old 1384 semantics after an error is reported. 1385 </li> 1386 </ul> 1387 <p id="rfc.section.7.1.1.p.3">HTTP implementations <em class="bcp14">SHOULD</em> implement persistent connections. 1388 </p> 1389 <h3 id="rfc.section.7.1.2"><a href="#rfc.section.7.1.2">7.1.2</a> <a id="persistent.overall" href="#persistent.overall">Overall Operation</a></h3> 1390 <p id="rfc.section.7.1.2.p.1">A significant difference between HTTP/1.1 and earlier versions of HTTP is that persistent connections are the default behavior 1391 of any HTTP connection. That is, unless otherwise indicated, the client <em class="bcp14">SHOULD</em> assume that the server will maintain a persistent connection, even after error responses from the server. 1392 </p> 1393 <p id="rfc.section.7.1.2.p.2">Persistent connections provide a mechanism by which a client and a server can signal the close of a TCP connection. This signaling 1394 takes place using the Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section 8.1</a>). Once a close has been signaled, the client <em class="bcp14">MUST NOT</em> send any more requests on that connection. 1395 </p> 1396 <h4 id="rfc.section.7.1.2.1"><a href="#rfc.section.7.1.2.1">7.1.2.1</a> <a id="persistent.negotiation" href="#persistent.negotiation">Negotiation</a></h4> 1397 <p id="rfc.section.7.1.2.1.p.1">An HTTP/1.1 server <em class="bcp14">MAY</em> assume that a HTTP/1.1 client intends to maintain a persistent connection unless a Connection header including the connection-token 1398 "close" was sent in the request. If the server chooses to close the connection immediately after sending the response, it <em class="bcp14">SHOULD</em> send a Connection header including the connection-token close. 1399 </p> 1400 <p id="rfc.section.7.1.2.1.p.2">An HTTP/1.1 client <em class="bcp14">MAY</em> expect a connection to remain open, but would decide to keep it open based on whether the response from a server contains 1401 a Connection header with the connection-token close. In case the client does not want to maintain a connection for more than 1402 that request, it <em class="bcp14">SHOULD</em> send a Connection header including the connection-token close. 1403 </p> 1404 <p id="rfc.section.7.1.2.1.p.3">If either the client or the server sends the close token in the Connection header, that request becomes the last one for the 1405 connection. 1406 </p> 1407 <p id="rfc.section.7.1.2.1.p.4">Clients and servers <em class="bcp14">SHOULD NOT</em> assume that a persistent connection is maintained for HTTP versions less than 1.1 unless it is explicitly signaled. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Compatibility with HTTP/1.0 Persistent Connections">Appendix C.2</a> for more information on backward compatibility with HTTP/1.0 clients. 1408 </p> 1409 <p id="rfc.section.7.1.2.1.p.5">In order to remain persistent, all messages on the connection <em class="bcp14">MUST</em> have a self-defined message length (i.e., one not defined by closure of the connection), as described in <a href="#message.length" title="Message Length">Section 4.4</a>. 1410 </p> 1411 <h4 id="rfc.section.7.1.2.2"><a href="#rfc.section.7.1.2.2">7.1.2.2</a> <a id="pipelining" href="#pipelining">Pipelining</a></h4> 1412 <p id="rfc.section.7.1.2.2.p.1">A client that supports persistent connections <em class="bcp14">MAY</em> "pipeline" its requests (i.e., send multiple requests without waiting for each response). A server <em class="bcp14">MUST</em> send its responses to those requests in the same order that the requests were received. 1413 </p> 1414 <p id="rfc.section.7.1.2.2.p.2">Clients which assume persistent connections and pipeline immediately after connection establishment <em class="bcp14">SHOULD</em> be prepared to retry their connection if the first pipelined attempt fails. If a client does such a retry, it <em class="bcp14">MUST NOT</em> pipeline before it knows the connection is persistent. Clients <em class="bcp14">MUST</em> also be prepared to resend their requests if the server closes the connection before sending all of the corresponding responses. 1415 </p> 1416 <p id="rfc.section.7.1.2.2.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent methods or non-idempotent sequences of methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 8.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.11"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to 1417 send a non-idempotent request <em class="bcp14">SHOULD</em> wait to send that request until it has received the response status for the previous request. 1418 </p> 1419 <h3 id="rfc.section.7.1.3"><a href="#rfc.section.7.1.3">7.1.3</a> <a id="persistent.proxy" href="#persistent.proxy">Proxy Servers</a></h3> 1420 <p id="rfc.section.7.1.3.p.1">It is especially important that proxies correctly implement the properties of the Connection header field as specified in <a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section 8.1</a>. 1421 </p> 1422 <p id="rfc.section.7.1.3.p.2">The proxy server <em class="bcp14">MUST</em> signal persistent connections separately with its clients and the origin servers (or other proxy servers) that it connects 1423 to. Each persistent connection applies to only one transport link. 1424 </p> 1425 <p id="rfc.section.7.1.3.p.3">A proxy server <em class="bcp14">MUST NOT</em> establish a HTTP/1.1 persistent connection with an HTTP/1.0 client (but see <a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> for information and discussion of the problems with the Keep-Alive header implemented by many HTTP/1.0 clients). 1426 </p> 1427 <h3 id="rfc.section.7.1.4"><a href="#rfc.section.7.1.4">7.1.4</a> <a id="persistent.practical" href="#persistent.practical">Practical Considerations</a></h3> 1428 <p id="rfc.section.7.1.4.p.1">Servers will usually have some time-out value beyond which they will no longer maintain an inactive connection. Proxy servers 1429 might make this a higher value since it is likely that the client will be making more connections through the same server. 1430 The use of persistent connections places no requirements on the length (or existence) of this time-out for either the client 1431 or the server. 1432 </p> 1433 <p id="rfc.section.7.1.4.p.2">When a client or server wishes to time-out it <em class="bcp14">SHOULD</em> issue a graceful close on the transport connection. Clients and servers <em class="bcp14">SHOULD</em> both constantly watch for the other side of the transport close, and respond to it as appropriate. If a client or server does 1434 not detect the other side's close promptly it could cause unnecessary resource drain on the network. 1435 </p> 1436 <p id="rfc.section.7.1.4.p.3">A client, server, or proxy <em class="bcp14">MAY</em> close the transport connection at any time. For example, a client might have started to send a new request at the same time 1437 that the server has decided to close the "idle" connection. From the server's point of view, the connection is being closed 1438 while it was idle, but from the client's point of view, a request is in progress. 1439 </p> 1440 <p id="rfc.section.7.1.4.p.4">This means that clients, servers, and proxies <em class="bcp14">MUST</em> be able to recover from asynchronous close events. Client software <em class="bcp14">SHOULD</em> reopen the transport connection and retransmit the aborted sequence of requests without user interaction so long as the request 1441 sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 8.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.12"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). Non-idempotent methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding 1442 of the application <em class="bcp14">MAY</em> substitute for user confirmation. The automatic retry <em class="bcp14">SHOULD NOT</em> be repeated if the second sequence of requests fails. 1443 </p> 1444 <p id="rfc.section.7.1.4.p.5">Servers <em class="bcp14">SHOULD</em> always respond to at least one request per connection, if at all possible. Servers <em class="bcp14">SHOULD NOT</em> close a connection in the middle of transmitting a response, unless a network or client failure is suspected. 1445 </p> 1446 <p id="rfc.section.7.1.4.p.6">Clients that use persistent connections <em class="bcp14">SHOULD</em> limit the number of simultaneous connections that they maintain to a given server. A single-user client <em class="bcp14">SHOULD NOT</em> maintain more than 2 connections with any server or proxy. A proxy <em class="bcp14">SHOULD</em> use up to 2*N connections to another server or proxy, where N is the number of simultaneously active users. These guidelines 1447 are intended to improve HTTP response times and avoid congestion. 1448 </p> 1449 <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a> <a id="message.transmission.requirements" href="#message.transmission.requirements">Message Transmission Requirements</a></h2> 1450 <h3 id="rfc.section.7.2.1"><a href="#rfc.section.7.2.1">7.2.1</a> <a id="persistent.flow" href="#persistent.flow">Persistent Connections and Flow Control</a></h3> 1451 <p id="rfc.section.7.2.1.p.1">HTTP/1.1 servers <em class="bcp14">SHOULD</em> maintain persistent connections and use TCP's flow control mechanisms to resolve temporary overloads, rather than terminating 1452 connections with the expectation that clients will retry. The latter technique can exacerbate network congestion. 1453 </p> 1454 <h3 id="rfc.section.7.2.2"><a href="#rfc.section.7.2.2">7.2.2</a> <a id="persistent.monitor" href="#persistent.monitor">Monitoring Connections for Error Status Messages</a></h3> 1455 <p id="rfc.section.7.2.2.p.1">An HTTP/1.1 (or later) client sending a message-body <em class="bcp14">SHOULD</em> monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, 1456 it <em class="bcp14">SHOULD</em> immediately cease transmitting the body. If the body is being sent using a "chunked" encoding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>), a zero length chunk and empty trailer <em class="bcp14">MAY</em> be used to prematurely mark the end of the message. If the body was preceded by a Content-Length header, the client <em class="bcp14">MUST</em> close the connection. 1457 </p> 1458 <h3 id="rfc.section.7.2.3"><a href="#rfc.section.7.2.3">7.2.3</a> <a id="use.of.the.100.status" href="#use.of.the.100.status">Use of the 100 (Continue) Status</a></h3> 1459 <p id="rfc.section.7.2.3.p.1">The purpose of the 100 (Continue) status (see <a href="p2-semantics.html#status.100" title="100 Continue">Section 9.1.1</a> of <a href="#Part2" id="rfc.xref.Part2.13"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) is to allow a client that is sending a request message with a request body to determine if the origin server is willing 1460 to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either 1461 be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking 1462 at the body. 1463 </p> 1464 <p id="rfc.section.7.2.3.p.2">Requirements for HTTP/1.1 clients: </p> 1465 <ul> 1466 <li>If a client will wait for a 100 (Continue) response before sending the request body, it <em class="bcp14">MUST</em> send an Expect request-header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 10.2</a> of <a href="#Part2" id="rfc.xref.Part2.14"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) with the "100-continue" expectation. 1467 </li> 1468 <li>A client <em class="bcp14">MUST NOT</em> send an Expect request-header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 10.2</a> of <a href="#Part2" id="rfc.xref.Part2.15"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) with the "100-continue" expectation if it does not intend to send a request body. 1469 </li> 1470 </ul> 1471 <p id="rfc.section.7.2.3.p.3">Because of the presence of older implementations, the protocol allows ambiguous situations in which a client may send "Expect: 1472 100-continue" without receiving either a 417 (Expectation Failed) status or a 100 (Continue) status. Therefore, when a client 1473 sends this header field to an origin server (possibly via a proxy) from which it has never seen a 100 (Continue) status, the 1474 client <em class="bcp14">SHOULD NOT</em> wait for an indefinite period before sending the request body. 1475 </p> 1476 <p id="rfc.section.7.2.3.p.4">Requirements for HTTP/1.1 origin servers: </p> 1477 <ul> 1478 <li>Upon receiving a request which includes an Expect request-header field with the "100-continue" expectation, an origin server <em class="bcp14">MUST</em> either respond with 100 (Continue) status and continue to read from the input stream, or respond with a final status code. 1479 The origin server <em class="bcp14">MUST NOT</em> wait for the request body before sending the 100 (Continue) response. If it responds with a final status code, it <em class="bcp14">MAY</em> close the transport connection or it <em class="bcp14">MAY</em> continue to read and discard the rest of the request. It <em class="bcp14">MUST NOT</em> perform the requested method if it returns a final status code. 1480 </li> 1481 <li>An origin server <em class="bcp14">SHOULD NOT</em> send a 100 (Continue) response if the request message does not include an Expect request-header field with the "100-continue" 1482 expectation, and <em class="bcp14">MUST NOT</em> send a 100 (Continue) response if such a request comes from an HTTP/1.0 (or earlier) client. There is an exception to this 1483 rule: for compatibility with <a href="#RFC2068" id="rfc.xref.RFC2068.4"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, a server <em class="bcp14">MAY</em> send a 100 (Continue) status in response to an HTTP/1.1 PUT or POST request that does not include an Expect request-header 1484 field with the "100-continue" expectation. This exception, the purpose of which is to minimize any client processing delays 1485 associated with an undeclared wait for 100 (Continue) status, applies only to HTTP/1.1 requests, and not to requests with 1486 any other HTTP-version value. 1487 </li> 1488 <li>An origin server <em class="bcp14">MAY</em> omit a 100 (Continue) response if it has already received some or all of the request body for the corresponding request. 1489 </li> 1490 <li>An origin server that sends a 100 (Continue) response <em class="bcp14">MUST</em> ultimately send a final status code, once the request body is received and processed, unless it terminates the transport connection 1491 prematurely. 1492 </li> 1493 <li>If an origin server receives a request that does not include an Expect request-header field with the "100-continue" expectation, 1494 the request includes a request body, and the server responds with a final status code before reading the entire request body 1495 from the transport connection, then the server <em class="bcp14">SHOULD NOT</em> close the transport connection until it has read the entire request, or until the client closes the connection. Otherwise, 1496 the client might not reliably receive the response message. However, this requirement is not be construed as preventing a 1497 server from defending itself against denial-of-service attacks, or from badly broken client implementations. 1498 </li> 1499 </ul> 1500 <p id="rfc.section.7.2.3.p.5">Requirements for HTTP/1.1 proxies: </p> 1501 <ul> 1502 <li>If a proxy receives a request that includes an Expect request-header field with the "100-continue" expectation, and the proxy 1503 either knows that the next-hop server complies with HTTP/1.1 or higher, or does not know the HTTP version of the next-hop 1504 server, it <em class="bcp14">MUST</em> forward the request, including the Expect header field. 1505 </li> 1506 <li>If the proxy knows that the version of the next-hop server is HTTP/1.0 or lower, it <em class="bcp14">MUST NOT</em> forward the request, and it <em class="bcp14">MUST</em> respond with a 417 (Expectation Failed) status. 1507 </li> 1508 <li>Proxies <em class="bcp14">SHOULD</em> maintain a cache recording the HTTP version numbers received from recently-referenced next-hop servers. 1509 </li> 1510 <li>A proxy <em class="bcp14">MUST NOT</em> forward a 100 (Continue) response if the request message was received from an HTTP/1.0 (or earlier) client and did not include 1511 an Expect request-header field with the "100-continue" expectation. This requirement overrides the general rule for forwarding 1512 of 1xx responses (see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 9.1</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). 1513 </li> 1514 </ul> 1515 <h3 id="rfc.section.7.2.4"><a href="#rfc.section.7.2.4">7.2.4</a> <a id="connection.premature" href="#connection.premature">Client Behavior if Server Prematurely Closes Connection</a></h3> 1516 <p id="rfc.section.7.2.4.p.1">If an HTTP/1.1 client sends a request which includes a request body, but which does not include an Expect request-header field 1517 with the "100-continue" expectation, and if the client is not directly connected to an HTTP/1.1 origin server, and if the 1518 client sees the connection close before receiving any status from the server, the client <em class="bcp14">SHOULD</em> retry the request. If the client does retry this request, it <em class="bcp14">MAY</em> use the following "binary exponential backoff" algorithm to be assured of obtaining a reliable response: 1519 </p> 1520 <ol> 1521 <li>Initiate a new connection to the server</li> 1522 <li>Transmit the request-headers</li> 1523 <li>Initialize a variable R to the estimated round-trip time to the server (e.g., based on the time it took to establish the connection), 1524 or to a constant value of 5 seconds if the round-trip time is not available. 1525 </li> 1526 <li>Compute T = R * (2**N), where N is the number of previous retries of this request.</li> 1527 <li>Wait either for an error response from the server, or for T seconds (whichever comes first)</li> 1528 <li>If no error response is received, after T seconds transmit the body of the request.</li> 1529 <li>If client sees that the connection is closed prematurely, repeat from step 1 until the request is accepted, an error response 1530 is received, or the user becomes impatient and terminates the retry process. 1531 </li> 1532 </ol> 1533 <p id="rfc.section.7.2.4.p.2">If at any point an error status is received, the client </p> 1534 <ul> 1535 <li><em class="bcp14">SHOULD NOT</em> continue and 1536 </li> 1537 <li><em class="bcp14">SHOULD</em> close the connection if it has not completed sending the request message. 1538 </li> 1539 </ul> 1540 <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a> <a id="header.fields" href="#header.fields">Header Field Definitions</a></h1> 1541 <p id="rfc.section.8.p.1">This section defines the syntax and semantics of HTTP/1.1 header fields related to message framing and transport protocols.</p> 1542 <p id="rfc.section.8.p.2">For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who 1543 receives the entity. 1544 </p> 1545 <div id="rfc.iref.c.1"></div> 1546 <div id="rfc.iref.h.3"></div> 1547 <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a> <a id="header.connection" href="#header.connection">Connection</a></h2> 1548 <p id="rfc.section.8.1.p.1">The general-header field "Connection" allows the sender to specify options that are desired for that particular connection 1549 and <em class="bcp14">MUST NOT</em> be communicated by proxies over further connections. 1550 </p> 1551 <p id="rfc.section.8.1.p.2">The Connection header's value has the following grammar:</p> 1552 <div id="rfc.figure.u.42"></div><pre class="inline"><span id="rfc.iref.g.72"></span><span id="rfc.iref.g.73"></span><span id="rfc.iref.g.74"></span> <a href="#header.connection" class="smpl">Connection</a> = "Connection" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.connection" class="smpl">Connection-v</a> 1426 </pre></div> 1427 </div> 1428 </div> 1429 <div id="connections"> 1430 <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a> <a href="#connections">Connections</a></h1> 1431 <div id="persistent.connections"> 1432 <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a> <a href="#persistent.connections">Persistent Connections</a></h2> 1433 <div id="persistent.purpose"> 1434 <h3 id="rfc.section.7.1.1"><a href="#rfc.section.7.1.1">7.1.1</a> <a href="#persistent.purpose">Purpose</a></h3> 1435 <p id="rfc.section.7.1.1.p.1">Prior to persistent connections, a separate TCP connection was established to fetch each URL, increasing the load on HTTP 1436 servers and causing congestion on the Internet. The use of inline images and other associated data often require a client 1437 to make multiple requests of the same server in a short amount of time. Analysis of these performance problems and results 1438 from a prototype implementation are available <a href="#Pad1995" id="rfc.xref.Pad1995.1"><cite title="Improving HTTP Latency">[Pad1995]</cite></a> <a href="#Spe" id="rfc.xref.Spe.1"><cite title="Analysis of HTTP Performance Problems">[Spe]</cite></a>. Implementation experience and measurements of actual HTTP/1.1 (<cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2068.2">RFC 2068</cite>) implementations show good results <a href="#Nie1997" id="rfc.xref.Nie1997.1"><cite title="Network Performance Effects of HTTP/1.1, CSS1, and PNG">[Nie1997]</cite></a>. Alternatives have also been explored, for example, T/TCP <a href="#Tou1998" id="rfc.xref.Tou1998.1"><cite title="Analysis of HTTP Performance">[Tou1998]</cite></a>. 1439 </p> 1440 <p id="rfc.section.7.1.1.p.2">Persistent HTTP connections have a number of advantages: </p> 1441 <ul> 1442 <li>By opening and closing fewer TCP connections, CPU time is saved in routers and hosts (clients, servers, proxies, gateways, 1443 tunnels, or caches), and memory used for TCP protocol control blocks can be saved in hosts. 1444 </li> 1445 <li>HTTP requests and responses can be pipelined on a connection. Pipelining allows a client to make multiple requests without 1446 waiting for each response, allowing a single TCP connection to be used much more efficiently, with much lower elapsed time. 1447 </li> 1448 <li>Network congestion is reduced by reducing the number of packets caused by TCP opens, and by allowing TCP sufficient time to 1449 determine the congestion state of the network. 1450 </li> 1451 <li>Latency on subsequent requests is reduced since there is no time spent in TCP's connection opening handshake.</li> 1452 <li>HTTP can evolve more gracefully, since errors can be reported without the penalty of closing the TCP connection. Clients using 1453 future versions of HTTP might optimistically try a new feature, but if communicating with an older server, retry with old 1454 semantics after an error is reported. 1455 </li> 1456 </ul> 1457 <p id="rfc.section.7.1.1.p.3">HTTP implementations <em class="bcp14">SHOULD</em> implement persistent connections. 1458 </p> 1459 </div> 1460 <div id="persistent.overall"> 1461 <h3 id="rfc.section.7.1.2"><a href="#rfc.section.7.1.2">7.1.2</a> <a href="#persistent.overall">Overall Operation</a></h3> 1462 <p id="rfc.section.7.1.2.p.1">A significant difference between HTTP/1.1 and earlier versions of HTTP is that persistent connections are the default behavior 1463 of any HTTP connection. That is, unless otherwise indicated, the client <em class="bcp14">SHOULD</em> assume that the server will maintain a persistent connection, even after error responses from the server. 1464 </p> 1465 <p id="rfc.section.7.1.2.p.2">Persistent connections provide a mechanism by which a client and a server can signal the close of a TCP connection. This signaling 1466 takes place using the Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section 8.1</a>). Once a close has been signaled, the client <em class="bcp14">MUST NOT</em> send any more requests on that connection. 1467 </p> 1468 <div id="persistent.negotiation"> 1469 <h4 id="rfc.section.7.1.2.1"><a href="#rfc.section.7.1.2.1">7.1.2.1</a> <a href="#persistent.negotiation">Negotiation</a></h4> 1470 <p id="rfc.section.7.1.2.1.p.1">An HTTP/1.1 server <em class="bcp14">MAY</em> assume that a HTTP/1.1 client intends to maintain a persistent connection unless a Connection header including the connection-token 1471 "close" was sent in the request. If the server chooses to close the connection immediately after sending the response, it <em class="bcp14">SHOULD</em> send a Connection header including the connection-token close. 1472 </p> 1473 <p id="rfc.section.7.1.2.1.p.2">An HTTP/1.1 client <em class="bcp14">MAY</em> expect a connection to remain open, but would decide to keep it open based on whether the response from a server contains 1474 a Connection header with the connection-token close. In case the client does not want to maintain a connection for more than 1475 that request, it <em class="bcp14">SHOULD</em> send a Connection header including the connection-token close. 1476 </p> 1477 <p id="rfc.section.7.1.2.1.p.3">If either the client or the server sends the close token in the Connection header, that request becomes the last one for the 1478 connection. 1479 </p> 1480 <p id="rfc.section.7.1.2.1.p.4">Clients and servers <em class="bcp14">SHOULD NOT</em> assume that a persistent connection is maintained for HTTP versions less than 1.1 unless it is explicitly signaled. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Compatibility with HTTP/1.0 Persistent Connections">Appendix C.2</a> for more information on backward compatibility with HTTP/1.0 clients. 1481 </p> 1482 <p id="rfc.section.7.1.2.1.p.5">In order to remain persistent, all messages on the connection <em class="bcp14">MUST</em> have a self-defined message length (i.e., one not defined by closure of the connection), as described in <a href="#message.length" title="Message Length">Section 4.4</a>. 1483 </p> 1484 </div> 1485 <div id="pipelining"> 1486 <h4 id="rfc.section.7.1.2.2"><a href="#rfc.section.7.1.2.2">7.1.2.2</a> <a href="#pipelining">Pipelining</a></h4> 1487 <p id="rfc.section.7.1.2.2.p.1">A client that supports persistent connections <em class="bcp14">MAY</em> "pipeline" its requests (i.e., send multiple requests without waiting for each response). A server <em class="bcp14">MUST</em> send its responses to those requests in the same order that the requests were received. 1488 </p> 1489 <p id="rfc.section.7.1.2.2.p.2">Clients which assume persistent connections and pipeline immediately after connection establishment <em class="bcp14">SHOULD</em> be prepared to retry their connection if the first pipelined attempt fails. If a client does such a retry, it <em class="bcp14">MUST NOT</em> pipeline before it knows the connection is persistent. Clients <em class="bcp14">MUST</em> also be prepared to resend their requests if the server closes the connection before sending all of the corresponding responses. 1490 </p> 1491 <p id="rfc.section.7.1.2.2.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent methods or non-idempotent sequences of methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 8.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.11"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to 1492 send a non-idempotent request <em class="bcp14">SHOULD</em> wait to send that request until it has received the response status for the previous request. 1493 </p> 1494 </div> 1495 </div> 1496 <div id="persistent.proxy"> 1497 <h3 id="rfc.section.7.1.3"><a href="#rfc.section.7.1.3">7.1.3</a> <a href="#persistent.proxy">Proxy Servers</a></h3> 1498 <p id="rfc.section.7.1.3.p.1">It is especially important that proxies correctly implement the properties of the Connection header field as specified in <a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section 8.1</a>. 1499 </p> 1500 <p id="rfc.section.7.1.3.p.2">The proxy server <em class="bcp14">MUST</em> signal persistent connections separately with its clients and the origin servers (or other proxy servers) that it connects 1501 to. Each persistent connection applies to only one transport link. 1502 </p> 1503 <p id="rfc.section.7.1.3.p.3">A proxy server <em class="bcp14">MUST NOT</em> establish a HTTP/1.1 persistent connection with an HTTP/1.0 client (but see <a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> for information and discussion of the problems with the Keep-Alive header implemented by many HTTP/1.0 clients). 1504 </p> 1505 </div> 1506 <div id="persistent.practical"> 1507 <h3 id="rfc.section.7.1.4"><a href="#rfc.section.7.1.4">7.1.4</a> <a href="#persistent.practical">Practical Considerations</a></h3> 1508 <p id="rfc.section.7.1.4.p.1">Servers will usually have some time-out value beyond which they will no longer maintain an inactive connection. Proxy servers 1509 might make this a higher value since it is likely that the client will be making more connections through the same server. 1510 The use of persistent connections places no requirements on the length (or existence) of this time-out for either the client 1511 or the server. 1512 </p> 1513 <p id="rfc.section.7.1.4.p.2">When a client or server wishes to time-out it <em class="bcp14">SHOULD</em> issue a graceful close on the transport connection. Clients and servers <em class="bcp14">SHOULD</em> both constantly watch for the other side of the transport close, and respond to it as appropriate. If a client or server does 1514 not detect the other side's close promptly it could cause unnecessary resource drain on the network. 1515 </p> 1516 <p id="rfc.section.7.1.4.p.3">A client, server, or proxy <em class="bcp14">MAY</em> close the transport connection at any time. For example, a client might have started to send a new request at the same time 1517 that the server has decided to close the "idle" connection. From the server's point of view, the connection is being closed 1518 while it was idle, but from the client's point of view, a request is in progress. 1519 </p> 1520 <p id="rfc.section.7.1.4.p.4">This means that clients, servers, and proxies <em class="bcp14">MUST</em> be able to recover from asynchronous close events. Client software <em class="bcp14">SHOULD</em> reopen the transport connection and retransmit the aborted sequence of requests without user interaction so long as the request 1521 sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 8.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.12"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). Non-idempotent methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding 1522 of the application <em class="bcp14">MAY</em> substitute for user confirmation. The automatic retry <em class="bcp14">SHOULD NOT</em> be repeated if the second sequence of requests fails. 1523 </p> 1524 <p id="rfc.section.7.1.4.p.5">Servers <em class="bcp14">SHOULD</em> always respond to at least one request per connection, if at all possible. Servers <em class="bcp14">SHOULD NOT</em> close a connection in the middle of transmitting a response, unless a network or client failure is suspected. 1525 </p> 1526 <p id="rfc.section.7.1.4.p.6">Clients that use persistent connections <em class="bcp14">SHOULD</em> limit the number of simultaneous connections that they maintain to a given server. A single-user client <em class="bcp14">SHOULD NOT</em> maintain more than 2 connections with any server or proxy. A proxy <em class="bcp14">SHOULD</em> use up to 2*N connections to another server or proxy, where N is the number of simultaneously active users. These guidelines 1527 are intended to improve HTTP response times and avoid congestion. 1528 </p> 1529 </div> 1530 </div> 1531 <div id="message.transmission.requirements"> 1532 <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a> <a href="#message.transmission.requirements">Message Transmission Requirements</a></h2> 1533 <div id="persistent.flow"> 1534 <h3 id="rfc.section.7.2.1"><a href="#rfc.section.7.2.1">7.2.1</a> <a href="#persistent.flow">Persistent Connections and Flow Control</a></h3> 1535 <p id="rfc.section.7.2.1.p.1">HTTP/1.1 servers <em class="bcp14">SHOULD</em> maintain persistent connections and use TCP's flow control mechanisms to resolve temporary overloads, rather than terminating 1536 connections with the expectation that clients will retry. The latter technique can exacerbate network congestion. 1537 </p> 1538 </div> 1539 <div id="persistent.monitor"> 1540 <h3 id="rfc.section.7.2.2"><a href="#rfc.section.7.2.2">7.2.2</a> <a href="#persistent.monitor">Monitoring Connections for Error Status Messages</a></h3> 1541 <p id="rfc.section.7.2.2.p.1">An HTTP/1.1 (or later) client sending a message-body <em class="bcp14">SHOULD</em> monitor the network connection for an error status while it is transmitting the request. If the client sees an error status, 1542 it <em class="bcp14">SHOULD</em> immediately cease transmitting the body. If the body is being sent using a "chunked" encoding (<a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>), a zero length chunk and empty trailer <em class="bcp14">MAY</em> be used to prematurely mark the end of the message. If the body was preceded by a Content-Length header, the client <em class="bcp14">MUST</em> close the connection. 1543 </p> 1544 </div> 1545 <div id="use.of.the.100.status"> 1546 <h3 id="rfc.section.7.2.3"><a href="#rfc.section.7.2.3">7.2.3</a> <a href="#use.of.the.100.status">Use of the 100 (Continue) Status</a></h3> 1547 <p id="rfc.section.7.2.3.p.1">The purpose of the 100 (Continue) status (see <a href="p2-semantics.html#status.100" title="100 Continue">Section 9.1.1</a> of <a href="#Part2" id="rfc.xref.Part2.13"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) is to allow a client that is sending a request message with a request body to determine if the origin server is willing 1548 to accept the request (based on the request headers) before the client sends the request body. In some cases, it might either 1549 be inappropriate or highly inefficient for the client to send the body if the server will reject the message without looking 1550 at the body. 1551 </p> 1552 <p id="rfc.section.7.2.3.p.2">Requirements for HTTP/1.1 clients: </p> 1553 <ul> 1554 <li>If a client will wait for a 100 (Continue) response before sending the request body, it <em class="bcp14">MUST</em> send an Expect request-header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 10.2</a> of <a href="#Part2" id="rfc.xref.Part2.14"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) with the "100-continue" expectation. 1555 </li> 1556 <li>A client <em class="bcp14">MUST NOT</em> send an Expect request-header field (<a href="p2-semantics.html#header.expect" title="Expect">Section 10.2</a> of <a href="#Part2" id="rfc.xref.Part2.15"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>) with the "100-continue" expectation if it does not intend to send a request body. 1557 </li> 1558 </ul> 1559 <p id="rfc.section.7.2.3.p.3">Because of the presence of older implementations, the protocol allows ambiguous situations in which a client may send "Expect: 1560 100-continue" without receiving either a 417 (Expectation Failed) status or a 100 (Continue) status. Therefore, when a client 1561 sends this header field to an origin server (possibly via a proxy) from which it has never seen a 100 (Continue) status, the 1562 client <em class="bcp14">SHOULD NOT</em> wait for an indefinite period before sending the request body. 1563 </p> 1564 <p id="rfc.section.7.2.3.p.4">Requirements for HTTP/1.1 origin servers: </p> 1565 <ul> 1566 <li>Upon receiving a request which includes an Expect request-header field with the "100-continue" expectation, an origin server <em class="bcp14">MUST</em> either respond with 100 (Continue) status and continue to read from the input stream, or respond with a final status code. 1567 The origin server <em class="bcp14">MUST NOT</em> wait for the request body before sending the 100 (Continue) response. If it responds with a final status code, it <em class="bcp14">MAY</em> close the transport connection or it <em class="bcp14">MAY</em> continue to read and discard the rest of the request. It <em class="bcp14">MUST NOT</em> perform the requested method if it returns a final status code. 1568 </li> 1569 <li>An origin server <em class="bcp14">SHOULD NOT</em> send a 100 (Continue) response if the request message does not include an Expect request-header field with the "100-continue" 1570 expectation, and <em class="bcp14">MUST NOT</em> send a 100 (Continue) response if such a request comes from an HTTP/1.0 (or earlier) client. There is an exception to this 1571 rule: for compatibility with <a href="#RFC2068" id="rfc.xref.RFC2068.4"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, a server <em class="bcp14">MAY</em> send a 100 (Continue) status in response to an HTTP/1.1 PUT or POST request that does not include an Expect request-header 1572 field with the "100-continue" expectation. This exception, the purpose of which is to minimize any client processing delays 1573 associated with an undeclared wait for 100 (Continue) status, applies only to HTTP/1.1 requests, and not to requests with 1574 any other HTTP-version value. 1575 </li> 1576 <li>An origin server <em class="bcp14">MAY</em> omit a 100 (Continue) response if it has already received some or all of the request body for the corresponding request. 1577 </li> 1578 <li>An origin server that sends a 100 (Continue) response <em class="bcp14">MUST</em> ultimately send a final status code, once the request body is received and processed, unless it terminates the transport connection 1579 prematurely. 1580 </li> 1581 <li>If an origin server receives a request that does not include an Expect request-header field with the "100-continue" expectation, 1582 the request includes a request body, and the server responds with a final status code before reading the entire request body 1583 from the transport connection, then the server <em class="bcp14">SHOULD NOT</em> close the transport connection until it has read the entire request, or until the client closes the connection. Otherwise, 1584 the client might not reliably receive the response message. However, this requirement is not be construed as preventing a 1585 server from defending itself against denial-of-service attacks, or from badly broken client implementations. 1586 </li> 1587 </ul> 1588 <p id="rfc.section.7.2.3.p.5">Requirements for HTTP/1.1 proxies: </p> 1589 <ul> 1590 <li>If a proxy receives a request that includes an Expect request-header field with the "100-continue" expectation, and the proxy 1591 either knows that the next-hop server complies with HTTP/1.1 or higher, or does not know the HTTP version of the next-hop 1592 server, it <em class="bcp14">MUST</em> forward the request, including the Expect header field. 1593 </li> 1594 <li>If the proxy knows that the version of the next-hop server is HTTP/1.0 or lower, it <em class="bcp14">MUST NOT</em> forward the request, and it <em class="bcp14">MUST</em> respond with a 417 (Expectation Failed) status. 1595 </li> 1596 <li>Proxies <em class="bcp14">SHOULD</em> maintain a cache recording the HTTP version numbers received from recently-referenced next-hop servers. 1597 </li> 1598 <li>A proxy <em class="bcp14">MUST NOT</em> forward a 100 (Continue) response if the request message was received from an HTTP/1.0 (or earlier) client and did not include 1599 an Expect request-header field with the "100-continue" expectation. This requirement overrides the general rule for forwarding 1600 of 1xx responses (see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 9.1</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="HTTP/1.1, part 2: Message Semantics">[Part2]</cite></a>). 1601 </li> 1602 </ul> 1603 </div> 1604 <div id="connection.premature"> 1605 <h3 id="rfc.section.7.2.4"><a href="#rfc.section.7.2.4">7.2.4</a> <a href="#connection.premature">Client Behavior if Server Prematurely Closes Connection</a></h3> 1606 <p id="rfc.section.7.2.4.p.1">If an HTTP/1.1 client sends a request which includes a request body, but which does not include an Expect request-header field 1607 with the "100-continue" expectation, and if the client is not directly connected to an HTTP/1.1 origin server, and if the 1608 client sees the connection close before receiving any status from the server, the client <em class="bcp14">SHOULD</em> retry the request. If the client does retry this request, it <em class="bcp14">MAY</em> use the following "binary exponential backoff" algorithm to be assured of obtaining a reliable response: 1609 </p> 1610 <ol> 1611 <li>Initiate a new connection to the server</li> 1612 <li>Transmit the request-headers</li> 1613 <li>Initialize a variable R to the estimated round-trip time to the server (e.g., based on the time it took to establish the connection), 1614 or to a constant value of 5 seconds if the round-trip time is not available. 1615 </li> 1616 <li>Compute T = R * (2**N), where N is the number of previous retries of this request.</li> 1617 <li>Wait either for an error response from the server, or for T seconds (whichever comes first)</li> 1618 <li>If no error response is received, after T seconds transmit the body of the request.</li> 1619 <li>If client sees that the connection is closed prematurely, repeat from step 1 until the request is accepted, an error response 1620 is received, or the user becomes impatient and terminates the retry process. 1621 </li> 1622 </ol> 1623 <p id="rfc.section.7.2.4.p.2">If at any point an error status is received, the client </p> 1624 <ul> 1625 <li><em class="bcp14">SHOULD NOT</em> continue and 1626 </li> 1627 <li><em class="bcp14">SHOULD</em> close the connection if it has not completed sending the request message. 1628 </li> 1629 </ul> 1630 </div> 1631 </div> 1632 </div> 1633 <div id="header.fields"> 1634 <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a> <a href="#header.fields">Header Field Definitions</a></h1> 1635 <p id="rfc.section.8.p.1">This section defines the syntax and semantics of HTTP/1.1 header fields related to message framing and transport protocols.</p> 1636 <p id="rfc.section.8.p.2">For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who 1637 receives the entity. 1638 </p> 1639 <div id="header.connection"> 1640 <div id="rfc.iref.c.1"></div> 1641 <div id="rfc.iref.h.3"></div> 1642 <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a> <a href="#header.connection">Connection</a></h2> 1643 <p id="rfc.section.8.1.p.1">The general-header field "Connection" allows the sender to specify options that are desired for that particular connection 1644 and <em class="bcp14">MUST NOT</em> be communicated by proxies over further connections. 1645 </p> 1646 <p id="rfc.section.8.1.p.2">The Connection header's value has the following grammar:</p> 1647 <div id="rfc.figure.u.42"></div><pre class="inline"><span id="rfc.iref.g.72"></span><span id="rfc.iref.g.73"></span><span id="rfc.iref.g.74"></span> <a href="#header.connection" class="smpl">Connection</a> = "Connection" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.connection" class="smpl">Connection-v</a> 1553 1648 <a href="#header.connection" class="smpl">Connection-v</a> = 1#<a href="#header.connection" class="smpl">connection-token</a> 1554 1649 <a href="#header.connection" class="smpl">connection-token</a> = <a href="#rule.token.separators" class="smpl">token</a> 1555 1650 </pre><p id="rfc.section.8.1.p.4">HTTP/1.1 proxies <em class="bcp14">MUST</em> parse the Connection header field before a message is forwarded and, for each connection-token in this field, remove any header 1556 field(s) from the message with the same name as the connection-token. Connection options are signaled by the presence of a1557 connection-token in the Connection header field, not by any corresponding additional header field(s), since the additional1558 header field may not be sent if there are no parameters associated with that connection option.1559 </p>1560 <p id="rfc.section.8.1.p.5">Message headers listed in the Connection header <em class="bcp14">MUST NOT</em> include end-to-end headers, such as Cache-Control.1561 </p>1562 <p id="rfc.section.8.1.p.6">HTTP/1.1 defines the "close" connection option for the sender to signal that the connection will be closed after completion1563 of the response. For example,1564 </p>1565 <div id="rfc.figure.u.43"></div><pre class="text"> Connection: close1651 field(s) from the message with the same name as the connection-token. Connection options are signaled by the presence of a 1652 connection-token in the Connection header field, not by any corresponding additional header field(s), since the additional 1653 header field may not be sent if there are no parameters associated with that connection option. 1654 </p> 1655 <p id="rfc.section.8.1.p.5">Message headers listed in the Connection header <em class="bcp14">MUST NOT</em> include end-to-end headers, such as Cache-Control. 1656 </p> 1657 <p id="rfc.section.8.1.p.6">HTTP/1.1 defines the "close" connection option for the sender to signal that the connection will be closed after completion 1658 of the response. For example, 1659 </p> 1660 <div id="rfc.figure.u.43"></div><pre class="text"> Connection: close 1566 1661 </pre><p id="rfc.section.8.1.p.8">in either the request or the response header fields indicates that the connection <em class="bcp14">SHOULD NOT</em> be considered `persistent' (<a href="#persistent.connections" title="Persistent Connections">Section 7.1</a>) after the current request/response is complete. 1567 </p> 1568 <p id="rfc.section.8.1.p.9">An HTTP/1.1 client that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every request message. 1569 </p> 1570 <p id="rfc.section.8.1.p.10">An HTTP/1.1 server that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every response message that does not have a 1xx (informational) status code. 1571 </p> 1572 <p id="rfc.section.8.1.p.11">A system receiving an HTTP/1.0 (or lower-version) message that includes a Connection header <em class="bcp14">MUST</em>, for each connection-token in this field, remove and ignore any header field(s) from the message with the same name as the 1573 connection-token. This protects against mistaken forwarding of such header fields by pre-HTTP/1.1 proxies. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Compatibility with HTTP/1.0 Persistent Connections">Appendix C.2</a>. 1574 </p> 1575 <div id="rfc.iref.c.2"></div> 1576 <div id="rfc.iref.h.4"></div> 1577 <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a> <a id="header.content-length" href="#header.content-length">Content-Length</a></h2> 1578 <p id="rfc.section.8.2.p.1">The entity-header field "Content-Length" indicates the size of the entity-body, in decimal number of OCTETs, sent to the recipient 1579 or, in the case of the HEAD method, the size of the entity-body that would have been sent had the request been a GET. 1580 </p> 1581 <div id="rfc.figure.u.44"></div><pre class="inline"><span id="rfc.iref.g.75"></span><span id="rfc.iref.g.76"></span> <a href="#header.content-length" class="smpl">Content-Length</a> = "Content-Length" ":" <a href="#rule.whitespace" class="smpl">OWS</a> 1*<a href="#header.content-length" class="smpl">Content-Length-v</a> 1662 </p> 1663 <p id="rfc.section.8.1.p.9">An HTTP/1.1 client that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every request message. 1664 </p> 1665 <p id="rfc.section.8.1.p.10">An HTTP/1.1 server that does not support persistent connections <em class="bcp14">MUST</em> include the "close" connection option in every response message that does not have a 1xx (informational) status code. 1666 </p> 1667 <p id="rfc.section.8.1.p.11">A system receiving an HTTP/1.0 (or lower-version) message that includes a Connection header <em class="bcp14">MUST</em>, for each connection-token in this field, remove and ignore any header field(s) from the message with the same name as the 1668 connection-token. This protects against mistaken forwarding of such header fields by pre-HTTP/1.1 proxies. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Compatibility with HTTP/1.0 Persistent Connections">Appendix C.2</a>. 1669 </p> 1670 </div> 1671 <div id="header.content-length"> 1672 <div id="rfc.iref.c.2"></div> 1673 <div id="rfc.iref.h.4"></div> 1674 <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a> <a href="#header.content-length">Content-Length</a></h2> 1675 <p id="rfc.section.8.2.p.1">The entity-header field "Content-Length" indicates the size of the entity-body, in decimal number of OCTETs, sent to the recipient 1676 or, in the case of the HEAD method, the size of the entity-body that would have been sent had the request been a GET. 1677 </p> 1678 <div id="rfc.figure.u.44"></div><pre class="inline"><span id="rfc.iref.g.75"></span><span id="rfc.iref.g.76"></span> <a href="#header.content-length" class="smpl">Content-Length</a> = "Content-Length" ":" <a href="#rule.whitespace" class="smpl">OWS</a> 1*<a href="#header.content-length" class="smpl">Content-Length-v</a> 1582 1679 <a href="#header.content-length" class="smpl">Content-Length-v</a> = 1*<a href="#core.rules" class="smpl">DIGIT</a> 1583 1680 </pre><p id="rfc.section.8.2.p.3">An example is</p> 1584 <div id="rfc.figure.u.45"></div><pre class="text"> Content-Length: 34951681 <div id="rfc.figure.u.45"></div><pre class="text"> Content-Length: 3495 1585 1682 </pre><p id="rfc.section.8.2.p.5">Applications <em class="bcp14">SHOULD</em> use this field to indicate the transfer-length of the message-body, unless this is prohibited by the rules in <a href="#message.length" title="Message Length">Section 4.4</a>. 1586 </p> 1587 <p id="rfc.section.8.2.p.6">Any Content-Length greater than or equal to zero is a valid value. <a href="#message.length" title="Message Length">Section 4.4</a> describes how to determine the length of a message-body if a Content-Length is not given. 1588 </p> 1589 <p id="rfc.section.8.2.p.7">Note that the meaning of this field is significantly different from the corresponding definition in MIME, where it is an optional 1590 field used within the "message/external-body" content-type. In HTTP, it <em class="bcp14">SHOULD</em> be sent whenever the message's length can be determined prior to being transferred, unless this is prohibited by the rules 1591 in <a href="#message.length" title="Message Length">Section 4.4</a>. 1592 </p> 1593 <div id="rfc.iref.d.1"></div> 1594 <div id="rfc.iref.h.5"></div> 1595 <h2 id="rfc.section.8.3"><a href="#rfc.section.8.3">8.3</a> <a id="header.date" href="#header.date">Date</a></h2> 1596 <p id="rfc.section.8.3.p.1">The general-header field "Date" represents the date and time at which the message was originated, having the same semantics 1597 as orig-date in <a href="http://tools.ietf.org/html/rfc5322#section-3.6.1">Section 3.6.1</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.4"><cite title="Internet Message Format">[RFC5322]</cite></a>. The field value is an HTTP-date, as described in <a href="#full.date" title="Full Date">Section 3.3.1</a>; it <em class="bcp14">MUST</em> be sent in rfc1123-date format. 1598 </p> 1599 <div id="rfc.figure.u.46"></div><pre class="inline"><span id="rfc.iref.g.77"></span><span id="rfc.iref.g.78"></span> <a href="#header.date" class="smpl">Date</a> = "Date" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.date" class="smpl">Date-v</a> 1683 </p> 1684 <p id="rfc.section.8.2.p.6">Any Content-Length greater than or equal to zero is a valid value. <a href="#message.length" title="Message Length">Section 4.4</a> describes how to determine the length of a message-body if a Content-Length is not given. 1685 </p> 1686 <p id="rfc.section.8.2.p.7">Note that the meaning of this field is significantly different from the corresponding definition in MIME, where it is an optional 1687 field used within the "message/external-body" content-type. In HTTP, it <em class="bcp14">SHOULD</em> be sent whenever the message's length can be determined prior to being transferred, unless this is prohibited by the rules 1688 in <a href="#message.length" title="Message Length">Section 4.4</a>. 1689 </p> 1690 </div> 1691 <div id="header.date"> 1692 <div id="rfc.iref.d.1"></div> 1693 <div id="rfc.iref.h.5"></div> 1694 <h2 id="rfc.section.8.3"><a href="#rfc.section.8.3">8.3</a> <a href="#header.date">Date</a></h2> 1695 <p id="rfc.section.8.3.p.1">The general-header field "Date" represents the date and time at which the message was originated, having the same semantics 1696 as orig-date in <a href="https://tools.ietf.org/html/rfc5322#section-3.6.1">Section 3.6.1</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.4"><cite title="Internet Message Format">[RFC5322]</cite></a>. The field value is an HTTP-date, as described in <a href="#full.date" title="Full Date">Section 3.3.1</a>; it <em class="bcp14">MUST</em> be sent in rfc1123-date format. 1697 </p> 1698 <div id="rfc.figure.u.46"></div><pre class="inline"><span id="rfc.iref.g.77"></span><span id="rfc.iref.g.78"></span> <a href="#header.date" class="smpl">Date</a> = "Date" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.date" class="smpl">Date-v</a> 1600 1699 <a href="#header.date" class="smpl">Date-v</a> = <a href="#full.date" class="smpl">HTTP-date</a> 1601 1700 </pre><p id="rfc.section.8.3.p.3">An example is</p> 1602 <div id="rfc.figure.u.47"></div><pre class="text"> Date: Tue, 15 Nov 1994 08:12:31 GMT1701 <div id="rfc.figure.u.47"></div><pre class="text"> Date: Tue, 15 Nov 1994 08:12:31 GMT 1603 1702 </pre><p id="rfc.section.8.3.p.5">Origin servers <em class="bcp14">MUST</em> include a Date header field in all responses, except in these cases: 1604 </p> 1605 <ol> 1606 <li>If the response status code is 100 (Continue) or 101 (Switching Protocols), the response <em class="bcp14">MAY</em> include a Date header field, at the server's option. 1607 </li> 1608 <li>If the response status code conveys a server error, e.g. 500 (Internal Server Error) or 503 (Service Unavailable), and it 1609 is inconvenient or impossible to generate a valid Date. 1610 </li> 1611 <li>If the server does not have a clock that can provide a reasonable approximation of the current time, its responses <em class="bcp14">MUST NOT</em> include a Date header field. In this case, the rules in <a href="#clockless.origin.server.operation" title="Clockless Origin Server Operation">Section 8.3.1</a> <em class="bcp14">MUST</em> be followed. 1612 </li> 1613 </ol> 1614 <p id="rfc.section.8.3.p.6">A received message that does not have a Date header field <em class="bcp14">MUST</em> be assigned one by the recipient if the message will be cached by that recipient or gatewayed via a protocol which requires 1615 a Date. An HTTP implementation without a clock <em class="bcp14">MUST NOT</em> cache responses without revalidating them on every use. An HTTP cache, especially a shared cache, <em class="bcp14">SHOULD</em> use a mechanism, such as NTP <a href="#RFC1305" id="rfc.xref.RFC1305.1"><cite title="Network Time Protocol (Version 3) Specification, Implementation">[RFC1305]</cite></a>, to synchronize its clock with a reliable external standard. 1616 </p> 1617 <p id="rfc.section.8.3.p.7">Clients <em class="bcp14">SHOULD</em> only send a Date header field in messages that include an entity-body, as in the case of the PUT and POST requests, and even 1618 then it is optional. A client without a clock <em class="bcp14">MUST NOT</em> send a Date header field in a request. 1619 </p> 1620 <p id="rfc.section.8.3.p.8">The HTTP-date sent in a Date header <em class="bcp14">SHOULD NOT</em> represent a date and time subsequent to the generation of the message. It <em class="bcp14">SHOULD</em> represent the best available approximation of the date and time of message generation, unless the implementation has no means 1621 of generating a reasonably accurate date and time. In theory, the date ought to represent the moment just before the entity 1622 is generated. In practice, the date can be generated at any time during the message origination without affecting its semantic 1623 value. 1624 </p> 1625 <h3 id="rfc.section.8.3.1"><a href="#rfc.section.8.3.1">8.3.1</a> <a id="clockless.origin.server.operation" href="#clockless.origin.server.operation">Clockless Origin Server Operation</a></h3> 1626 <p id="rfc.section.8.3.1.p.1">Some origin server implementations might not have a clock available. An origin server without a clock <em class="bcp14">MUST NOT</em> assign Expires or Last-Modified values to a response, unless these values were associated with the resource by a system or 1627 user with a reliable clock. It <em class="bcp14">MAY</em> assign an Expires value that is known, at or before server configuration time, to be in the past (this allows "pre-expiration" 1628 of responses without storing separate Expires values for each resource). 1629 </p> 1630 <div id="rfc.iref.h.6"></div> 1631 <div id="rfc.iref.h.7"></div> 1632 <h2 id="rfc.section.8.4"><a href="#rfc.section.8.4">8.4</a> <a id="header.host" href="#header.host">Host</a></h2> 1633 <p id="rfc.section.8.4.p.1">The request-header field "Host" specifies the Internet host and port number of the resource being requested, as obtained from 1634 the original URI given by the user or referring resource (generally an HTTP URL, as described in <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>). The Host field value <em class="bcp14">MUST</em> represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or 1635 gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on 1636 a single IP address. 1637 </p> 1638 <div id="rfc.figure.u.48"></div><pre class="inline"><span id="rfc.iref.g.79"></span><span id="rfc.iref.g.80"></span> <a href="#header.host" class="smpl">Host</a> = "Host" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.host" class="smpl">Host-v</a> 1703 </p> 1704 <ol> 1705 <li>If the response status code is 100 (Continue) or 101 (Switching Protocols), the response <em class="bcp14">MAY</em> include a Date header field, at the server's option. 1706 </li> 1707 <li>If the response status code conveys a server error, e.g. 500 (Internal Server Error) or 503 (Service Unavailable), and it 1708 is inconvenient or impossible to generate a valid Date. 1709 </li> 1710 <li>If the server does not have a clock that can provide a reasonable approximation of the current time, its responses <em class="bcp14">MUST NOT</em> include a Date header field. In this case, the rules in <a href="#clockless.origin.server.operation" title="Clockless Origin Server Operation">Section 8.3.1</a> <em class="bcp14">MUST</em> be followed. 1711 </li> 1712 </ol> 1713 <p id="rfc.section.8.3.p.6">A received message that does not have a Date header field <em class="bcp14">MUST</em> be assigned one by the recipient if the message will be cached by that recipient or gatewayed via a protocol which requires 1714 a Date. An HTTP implementation without a clock <em class="bcp14">MUST NOT</em> cache responses without revalidating them on every use. An HTTP cache, especially a shared cache, <em class="bcp14">SHOULD</em> use a mechanism, such as NTP <a href="#RFC1305" id="rfc.xref.RFC1305.1"><cite title="Network Time Protocol (Version 3) Specification, Implementation">[RFC1305]</cite></a>, to synchronize its clock with a reliable external standard. 1715 </p> 1716 <p id="rfc.section.8.3.p.7">Clients <em class="bcp14">SHOULD</em> only send a Date header field in messages that include an entity-body, as in the case of the PUT and POST requests, and even 1717 then it is optional. A client without a clock <em class="bcp14">MUST NOT</em> send a Date header field in a request. 1718 </p> 1719 <p id="rfc.section.8.3.p.8">The HTTP-date sent in a Date header <em class="bcp14">SHOULD NOT</em> represent a date and time subsequent to the generation of the message. It <em class="bcp14">SHOULD</em> represent the best available approximation of the date and time of message generation, unless the implementation has no means 1720 of generating a reasonably accurate date and time. In theory, the date ought to represent the moment just before the entity 1721 is generated. In practice, the date can be generated at any time during the message origination without affecting its semantic 1722 value. 1723 </p> 1724 <div id="clockless.origin.server.operation"> 1725 <h3 id="rfc.section.8.3.1"><a href="#rfc.section.8.3.1">8.3.1</a> <a href="#clockless.origin.server.operation">Clockless Origin Server Operation</a></h3> 1726 <p id="rfc.section.8.3.1.p.1">Some origin server implementations might not have a clock available. An origin server without a clock <em class="bcp14">MUST NOT</em> assign Expires or Last-Modified values to a response, unless these values were associated with the resource by a system or 1727 user with a reliable clock. It <em class="bcp14">MAY</em> assign an Expires value that is known, at or before server configuration time, to be in the past (this allows "pre-expiration" 1728 of responses without storing separate Expires values for each resource). 1729 </p> 1730 </div> 1731 </div> 1732 <div id="header.host"> 1733 <div id="rfc.iref.h.6"></div> 1734 <div id="rfc.iref.h.7"></div> 1735 <h2 id="rfc.section.8.4"><a href="#rfc.section.8.4">8.4</a> <a href="#header.host">Host</a></h2> 1736 <p id="rfc.section.8.4.p.1">The request-header field "Host" specifies the Internet host and port number of the resource being requested, as obtained from 1737 the original URI given by the user or referring resource (generally an HTTP URL, as described in <a href="#http.uri" title="http URI scheme">Section 3.2.1</a>). The Host field value <em class="bcp14">MUST</em> represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or 1738 gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on 1739 a single IP address. 1740 </p> 1741 <div id="rfc.figure.u.48"></div><pre class="inline"><span id="rfc.iref.g.79"></span><span id="rfc.iref.g.80"></span> <a href="#header.host" class="smpl">Host</a> = "Host" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.host" class="smpl">Host-v</a> 1639 1742 <a href="#header.host" class="smpl">Host-v</a> = <a href="#uri" class="smpl">uri-host</a> [ ":" <a href="#uri" class="smpl">port</a> ] ; <a href="#http.uri" title="http URI scheme">Section 3.2.1</a> 1640 1743 </pre><p id="rfc.section.8.4.p.3">A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP 1641 URL). For example, a request on the origin server for <http://www.example.org/pub/WWW/> would properly include:1642 </p>1643 <div id="rfc.figure.u.49"></div><pre class="text"> GET /pub/WWW/ HTTP/1.11744 URL). For example, a request on the origin server for <http://www.example.org/pub/WWW/> would properly include: 1745 </p> 1746 <div id="rfc.figure.u.49"></div><pre class="text"> GET /pub/WWW/ HTTP/1.1 1644 1747 Host: www.example.org 1645 1748 </pre><p id="rfc.section.8.4.p.5">A client <em class="bcp14">MUST</em> include a Host header field in all HTTP/1.1 request messages. If the requested URI does not include an Internet host name 1646 for the service being requested, then the Host header field <em class="bcp14">MUST</em> be given with an empty value. An HTTP/1.1 proxy <em class="bcp14">MUST</em> ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being 1647 requested by the proxy. All Internet-based HTTP/1.1 servers <em class="bcp14">MUST</em> respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field. 1648 </p> 1649 <p id="rfc.section.8.4.p.6">See Sections <a href="#the.resource.identified.by.a.request" title="The Resource Identified by a Request">5.2</a> and <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" title="Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses">C.1.1</a> for other requirements relating to Host. 1650 </p> 1651 <div id="rfc.iref.t.1"></div> 1652 <div id="rfc.iref.h.8"></div> 1653 <h2 id="rfc.section.8.5"><a href="#rfc.section.8.5">8.5</a> <a id="header.te" href="#header.te">TE</a></h2> 1654 <p id="rfc.section.8.5.p.1">The request-header field "TE" indicates what extension transfer-codings it is willing to accept in the response and whether 1655 or not it is willing to accept trailer fields in a chunked transfer-coding. Its value may consist of the keyword "trailers" 1656 and/or a comma-separated list of extension transfer-coding names with optional accept parameters (as described in <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>). 1657 </p> 1658 <div id="rfc.figure.u.50"></div><pre class="inline"><span id="rfc.iref.g.81"></span><span id="rfc.iref.g.82"></span><span id="rfc.iref.g.83"></span> <a href="#header.te" class="smpl">TE</a> = "TE" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.te" class="smpl">TE-v</a> 1749 for the service being requested, then the Host header field <em class="bcp14">MUST</em> be given with an empty value. An HTTP/1.1 proxy <em class="bcp14">MUST</em> ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being 1750 requested by the proxy. All Internet-based HTTP/1.1 servers <em class="bcp14">MUST</em> respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field. 1751 </p> 1752 <p id="rfc.section.8.4.p.6">See Sections <a href="#the.resource.identified.by.a.request" title="The Resource Identified by a Request">5.2</a> and <a href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" title="Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses">C.1.1</a> for other requirements relating to Host. 1753 </p> 1754 </div> 1755 <div id="header.te"> 1756 <div id="rfc.iref.t.1"></div> 1757 <div id="rfc.iref.h.8"></div> 1758 <h2 id="rfc.section.8.5"><a href="#rfc.section.8.5">8.5</a> <a href="#header.te">TE</a></h2> 1759 <p id="rfc.section.8.5.p.1">The request-header field "TE" indicates what extension transfer-codings it is willing to accept in the response and whether 1760 or not it is willing to accept trailer fields in a chunked transfer-coding. Its value may consist of the keyword "trailers" 1761 and/or a comma-separated list of extension transfer-coding names with optional accept parameters (as described in <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>). 1762 </p> 1763 <div id="rfc.figure.u.50"></div><pre class="inline"><span id="rfc.iref.g.81"></span><span id="rfc.iref.g.82"></span><span id="rfc.iref.g.83"></span> <a href="#header.te" class="smpl">TE</a> = "TE" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.te" class="smpl">TE-v</a> 1659 1764 <a href="#header.te" class="smpl">TE-v</a> = #<a href="#header.te" class="smpl">t-codings</a> 1660 1765 <a href="#header.te" class="smpl">t-codings</a> = "trailers" / ( <a href="#transfer.codings" class="smpl">transfer-extension</a> [ <a href="#abnf.dependencies" class="smpl">accept-params</a> ] ) 1661 1766 </pre><p id="rfc.section.8.5.p.3">The presence of the keyword "trailers" indicates that the client is willing to accept trailer fields in a chunked transfer-coding, 1662 as defined in <a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a>. This keyword is reserved for use with transfer-coding values even though it does not itself represent a transfer-coding.1663 </p>1664 <p id="rfc.section.8.5.p.4">Examples of its use are:</p>1665 <div id="rfc.figure.u.51"></div><pre class="text"> TE: deflate1767 as defined in <a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a>. This keyword is reserved for use with transfer-coding values even though it does not itself represent a transfer-coding. 1768 </p> 1769 <p id="rfc.section.8.5.p.4">Examples of its use are:</p> 1770 <div id="rfc.figure.u.51"></div><pre class="text"> TE: deflate 1666 1771 TE: 1667 1772 TE: trailers, deflate;q=0.5 1668 1773 </pre><p id="rfc.section.8.5.p.6">The TE header field only applies to the immediate connection. Therefore, the keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.4" title="Connection">Section 8.1</a>) whenever TE is present in an HTTP/1.1 message. 1669 </p> 1670 <p id="rfc.section.8.5.p.7">A server tests whether a transfer-coding is acceptable, according to a TE field, using these rules: </p> 1671 <ol> 1672 <li> 1673 <p>The "chunked" transfer-coding is always acceptable. If the keyword "trailers" is listed, the client indicates that it is willing 1674 to accept trailer fields in the chunked response on behalf of itself and any downstream clients. The implication is that, 1675 if given, the client is stating that either all downstream clients are willing to accept trailer fields in the forwarded response, 1676 or that it will attempt to buffer the response on behalf of downstream recipients. 1677 </p> 1678 <p> <b>Note:</b> HTTP/1.1 does not define any means to limit the size of a chunked response such that a client can be assured of buffering 1679 the entire response. 1680 </p> 1681 </li> 1682 <li> 1683 <p>If the transfer-coding being tested is one of the transfer-codings listed in the TE field, then it is acceptable unless it 1684 is accompanied by a qvalue of 0. (As defined in <a href="p3-payload.html#quality.values" title="Quality Values">Section 3.4</a> of <a href="#Part3" id="rfc.xref.Part3.12"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>, a qvalue of 0 means "not acceptable.") 1685 </p> 1686 </li> 1687 <li> 1688 <p>If multiple transfer-codings are acceptable, then the acceptable transfer-coding with the highest non-zero qvalue is preferred. 1689 The "chunked" transfer-coding always has a qvalue of 1. 1690 </p> 1691 </li> 1692 </ol> 1693 <p id="rfc.section.8.5.p.8">If the TE field-value is empty or if no TE field is present, the only transfer-coding is "chunked". A message with no transfer-coding 1694 is always acceptable. 1695 </p> 1696 <div id="rfc.iref.t.2"></div> 1697 <div id="rfc.iref.h.9"></div> 1698 <h2 id="rfc.section.8.6"><a href="#rfc.section.8.6">8.6</a> <a id="header.trailer" href="#header.trailer">Trailer</a></h2> 1699 <p id="rfc.section.8.6.p.1">The general field "Trailer" indicates that the given set of header fields is present in the trailer of a message encoded with 1700 chunked transfer-coding. 1701 </p> 1702 <div id="rfc.figure.u.52"></div><pre class="inline"><span id="rfc.iref.g.84"></span><span id="rfc.iref.g.85"></span> <a href="#header.trailer" class="smpl">Trailer</a> = "Trailer" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.trailer" class="smpl">Trailer-v</a> 1774 </p> 1775 <p id="rfc.section.8.5.p.7">A server tests whether a transfer-coding is acceptable, according to a TE field, using these rules: </p> 1776 <ol> 1777 <li> 1778 <p>The "chunked" transfer-coding is always acceptable. If the keyword "trailers" is listed, the client indicates that it is willing 1779 to accept trailer fields in the chunked response on behalf of itself and any downstream clients. The implication is that, 1780 if given, the client is stating that either all downstream clients are willing to accept trailer fields in the forwarded response, 1781 or that it will attempt to buffer the response on behalf of downstream recipients. 1782 </p> 1783 <p><b>Note:</b> HTTP/1.1 does not define any means to limit the size of a chunked response such that a client can be assured of buffering 1784 the entire response. 1785 </p> 1786 </li> 1787 <li> 1788 <p>If the transfer-coding being tested is one of the transfer-codings listed in the TE field, then it is acceptable unless it 1789 is accompanied by a qvalue of 0. (As defined in <a href="p3-payload.html#quality.values" title="Quality Values">Section 3.4</a> of <a href="#Part3" id="rfc.xref.Part3.12"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>, a qvalue of 0 means "not acceptable.") 1790 </p> 1791 </li> 1792 <li> 1793 <p>If multiple transfer-codings are acceptable, then the acceptable transfer-coding with the highest non-zero qvalue is preferred. 1794 The "chunked" transfer-coding always has a qvalue of 1. 1795 </p> 1796 </li> 1797 </ol> 1798 <p id="rfc.section.8.5.p.8">If the TE field-value is empty or if no TE field is present, the only transfer-coding is "chunked". A message with no transfer-coding 1799 is always acceptable. 1800 </p> 1801 </div> 1802 <div id="header.trailer"> 1803 <div id="rfc.iref.t.2"></div> 1804 <div id="rfc.iref.h.9"></div> 1805 <h2 id="rfc.section.8.6"><a href="#rfc.section.8.6">8.6</a> <a href="#header.trailer">Trailer</a></h2> 1806 <p id="rfc.section.8.6.p.1">The general field "Trailer" indicates that the given set of header fields is present in the trailer of a message encoded with 1807 chunked transfer-coding. 1808 </p> 1809 <div id="rfc.figure.u.52"></div><pre class="inline"><span id="rfc.iref.g.84"></span><span id="rfc.iref.g.85"></span> <a href="#header.trailer" class="smpl">Trailer</a> = "Trailer" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.trailer" class="smpl">Trailer-v</a> 1703 1810 <a href="#header.trailer" class="smpl">Trailer-v</a> = 1#<a href="#message.headers" class="smpl">field-name</a> 1704 1811 </pre><p id="rfc.section.8.6.p.3">An HTTP/1.1 message <em class="bcp14">SHOULD</em> include a Trailer header field in a message using chunked transfer-coding with a non-empty trailer. Doing so allows the recipient 1705 to know which header fields to expect in the trailer. 1706 </p> 1707 <p id="rfc.section.8.6.p.4">If no Trailer header field is present, the trailer <em class="bcp14">SHOULD NOT</em> include any header fields. See <a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a> for restrictions on the use of trailer fields in a "chunked" transfer-coding. 1708 </p> 1709 <p id="rfc.section.8.6.p.5">Message header fields listed in the Trailer header field <em class="bcp14">MUST NOT</em> include the following header fields: 1710 </p> 1711 <ul> 1712 <li>Transfer-Encoding</li> 1713 <li>Content-Length</li> 1714 <li>Trailer</li> 1715 </ul> 1716 <div id="rfc.iref.t.3"></div> 1717 <div id="rfc.iref.h.10"></div> 1718 <h2 id="rfc.section.8.7"><a href="#rfc.section.8.7">8.7</a> <a id="header.transfer-encoding" href="#header.transfer-encoding">Transfer-Encoding</a></h2> 1719 <p id="rfc.section.8.7.p.1">The general-header "Transfer-Encoding" field indicates what (if any) type of transformation has been applied to the message 1720 body in order to safely transfer it between the sender and the recipient. This differs from the content-coding in that the 1721 transfer-coding is a property of the message, not of the entity. 1722 </p> 1723 <div id="rfc.figure.u.53"></div><pre class="inline"><span id="rfc.iref.g.86"></span><span id="rfc.iref.g.87"></span> <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> = "Transfer-Encoding" ":" <a href="#rule.whitespace" class="smpl">OWS</a> 1812 to know which header fields to expect in the trailer. 1813 </p> 1814 <p id="rfc.section.8.6.p.4">If no Trailer header field is present, the trailer <em class="bcp14">SHOULD NOT</em> include any header fields. See <a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a> for restrictions on the use of trailer fields in a "chunked" transfer-coding. 1815 </p> 1816 <p id="rfc.section.8.6.p.5">Message header fields listed in the Trailer header field <em class="bcp14">MUST NOT</em> include the following header fields: 1817 </p> 1818 <ul> 1819 <li>Transfer-Encoding</li> 1820 <li>Content-Length</li> 1821 <li>Trailer</li> 1822 </ul> 1823 </div> 1824 <div id="header.transfer-encoding"> 1825 <div id="rfc.iref.t.3"></div> 1826 <div id="rfc.iref.h.10"></div> 1827 <h2 id="rfc.section.8.7"><a href="#rfc.section.8.7">8.7</a> <a href="#header.transfer-encoding">Transfer-Encoding</a></h2> 1828 <p id="rfc.section.8.7.p.1">The general-header "Transfer-Encoding" field indicates what (if any) type of transformation has been applied to the message 1829 body in order to safely transfer it between the sender and the recipient. This differs from the content-coding in that the 1830 transfer-coding is a property of the message, not of the entity. 1831 </p> 1832 <div id="rfc.figure.u.53"></div><pre class="inline"><span id="rfc.iref.g.86"></span><span id="rfc.iref.g.87"></span> <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> = "Transfer-Encoding" ":" <a href="#rule.whitespace" class="smpl">OWS</a> 1724 1833 <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding-v</a> 1725 1834 <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding-v</a> = 1#<a href="#transfer.codings" class="smpl">transfer-coding</a> 1726 1835 </pre><p id="rfc.section.8.7.p.3">Transfer-codings are defined in <a href="#transfer.codings" title="Transfer Codings">Section 3.4</a>. An example is: 1727 </p>1728 <div id="rfc.figure.u.54"></div><pre class="text"> Transfer-Encoding: chunked1836 </p> 1837 <div id="rfc.figure.u.54"></div><pre class="text"> Transfer-Encoding: chunked 1729 1838 </pre><p id="rfc.section.8.7.p.5">If multiple encodings have been applied to an entity, the transfer-codings <em class="bcp14">MUST</em> be listed in the order in which they were applied. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other entity-header fields not defined by this specification. 1730 </p> 1731 <p id="rfc.section.8.7.p.6">Many older HTTP/1.0 applications do not understand the Transfer-Encoding header.</p> 1732 <div id="rfc.iref.u.3"></div> 1733 <div id="rfc.iref.h.11"></div> 1734 <h2 id="rfc.section.8.8"><a href="#rfc.section.8.8">8.8</a> <a id="header.upgrade" href="#header.upgrade">Upgrade</a></h2> 1735 <p id="rfc.section.8.8.p.1">The general-header "Upgrade" allows the client to specify what additional communication protocols it supports and would like 1736 to use if the server finds it appropriate to switch protocols. The server <em class="bcp14">MUST</em> use the Upgrade header field within a 101 (Switching Protocols) response to indicate which protocol(s) are being switched. 1737 </p> 1738 <div id="rfc.figure.u.55"></div><pre class="inline"><span id="rfc.iref.g.88"></span><span id="rfc.iref.g.89"></span> <a href="#header.upgrade" class="smpl">Upgrade</a> = "Upgrade" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.upgrade" class="smpl">Upgrade-v</a> 1839 </p> 1840 <p id="rfc.section.8.7.p.6">Many older HTTP/1.0 applications do not understand the Transfer-Encoding header.</p> 1841 </div> 1842 <div id="header.upgrade"> 1843 <div id="rfc.iref.u.3"></div> 1844 <div id="rfc.iref.h.11"></div> 1845 <h2 id="rfc.section.8.8"><a href="#rfc.section.8.8">8.8</a> <a href="#header.upgrade">Upgrade</a></h2> 1846 <p id="rfc.section.8.8.p.1">The general-header "Upgrade" allows the client to specify what additional communication protocols it supports and would like 1847 to use if the server finds it appropriate to switch protocols. The server <em class="bcp14">MUST</em> use the Upgrade header field within a 101 (Switching Protocols) response to indicate which protocol(s) are being switched. 1848 </p> 1849 <div id="rfc.figure.u.55"></div><pre class="inline"><span id="rfc.iref.g.88"></span><span id="rfc.iref.g.89"></span> <a href="#header.upgrade" class="smpl">Upgrade</a> = "Upgrade" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.upgrade" class="smpl">Upgrade-v</a> 1739 1850 <a href="#header.upgrade" class="smpl">Upgrade-v</a> = 1#<a href="#product.tokens" class="smpl">product</a> 1740 1851 </pre><p id="rfc.section.8.8.p.3">For example,</p> 1741 <div id="rfc.figure.u.56"></div><pre class="text"> Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x111852 <div id="rfc.figure.u.56"></div><pre class="text"> Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11 1742 1853 </pre><p id="rfc.section.8.8.p.5">The Upgrade header field is intended to provide a simple mechanism for transition from HTTP/1.1 to some other, incompatible 1743 protocol. It does so by allowing the client to advertise its desire to use another protocol, such as a later version of HTTP 1744 with a higher major version number, even though the current request has been made using HTTP/1.1. This eases the difficult 1745 transition between incompatible protocols by allowing the client to initiate a request in the more commonly supported protocol 1746 while indicating to the server that it would like to use a "better" protocol if available (where "better" is determined by 1747 the server, possibly according to the nature of the method and/or resource being requested). 1748 </p> 1749 <p id="rfc.section.8.8.p.6">The Upgrade header field only applies to switching application-layer protocols upon the existing transport-layer connection. 1750 Upgrade cannot be used to insist on a protocol change; its acceptance and use by the server is optional. The capabilities 1751 and nature of the application-layer communication after the protocol change is entirely dependent upon the new protocol chosen, 1752 although the first action after changing the protocol <em class="bcp14">MUST</em> be a response to the initial HTTP request containing the Upgrade header field. 1753 </p> 1754 <p id="rfc.section.8.8.p.7">The Upgrade header field only applies to the immediate connection. Therefore, the upgrade keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section 8.1</a>) whenever Upgrade is present in an HTTP/1.1 message. 1755 </p> 1756 <p id="rfc.section.8.8.p.8">The Upgrade header field cannot be used to indicate a switch to a protocol on a different connection. For that purpose, it 1757 is more appropriate to use a 301, 302, 303, or 305 redirection response. 1758 </p> 1759 <p id="rfc.section.8.8.p.9">This specification only defines the protocol name "HTTP" for use by the family of Hypertext Transfer Protocols, as defined 1760 by the HTTP version rules of <a href="#http.version" title="HTTP Version">Section 3.1</a> and future updates to this specification. Any token can be used as a protocol name; however, it will only be useful if both 1761 the client and server associate the name with the same protocol. 1762 </p> 1763 <div id="rfc.iref.v.1"></div> 1764 <div id="rfc.iref.h.12"></div> 1765 <h2 id="rfc.section.8.9"><a href="#rfc.section.8.9">8.9</a> <a id="header.via" href="#header.via">Via</a></h2> 1766 <p id="rfc.section.8.9.p.1">The general-header field "Via" <em class="bcp14">MUST</em> be used by gateways and proxies to indicate the intermediate protocols and recipients between the user agent and the server 1767 on requests, and between the origin server and the client on responses. It is analogous to the "Received" field defined in <a href="http://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.5"><cite title="Internet Message Format">[RFC5322]</cite></a> and is intended to be used for tracking message forwards, avoiding request loops, and identifying the protocol capabilities 1768 of all senders along the request/response chain. 1769 </p> 1770 <div id="rfc.figure.u.57"></div><pre class="inline"><span id="rfc.iref.g.90"></span><span id="rfc.iref.g.91"></span><span id="rfc.iref.g.92"></span><span id="rfc.iref.g.93"></span><span id="rfc.iref.g.94"></span><span id="rfc.iref.g.95"></span><span id="rfc.iref.g.96"></span> <a href="#header.via" class="smpl">Via</a> = "Via" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.via" class="smpl">Via-v</a> 1854 protocol. It does so by allowing the client to advertise its desire to use another protocol, such as a later version of HTTP 1855 with a higher major version number, even though the current request has been made using HTTP/1.1. This eases the difficult 1856 transition between incompatible protocols by allowing the client to initiate a request in the more commonly supported protocol 1857 while indicating to the server that it would like to use a "better" protocol if available (where "better" is determined by 1858 the server, possibly according to the nature of the method and/or resource being requested). 1859 </p> 1860 <p id="rfc.section.8.8.p.6">The Upgrade header field only applies to switching application-layer protocols upon the existing transport-layer connection. 1861 Upgrade cannot be used to insist on a protocol change; its acceptance and use by the server is optional. The capabilities 1862 and nature of the application-layer communication after the protocol change is entirely dependent upon the new protocol chosen, 1863 although the first action after changing the protocol <em class="bcp14">MUST</em> be a response to the initial HTTP request containing the Upgrade header field. 1864 </p> 1865 <p id="rfc.section.8.8.p.7">The Upgrade header field only applies to the immediate connection. Therefore, the upgrade keyword <em class="bcp14">MUST</em> be supplied within a Connection header field (<a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section 8.1</a>) whenever Upgrade is present in an HTTP/1.1 message. 1866 </p> 1867 <p id="rfc.section.8.8.p.8">The Upgrade header field cannot be used to indicate a switch to a protocol on a different connection. For that purpose, it 1868 is more appropriate to use a 301, 302, 303, or 305 redirection response. 1869 </p> 1870 <p id="rfc.section.8.8.p.9">This specification only defines the protocol name "HTTP" for use by the family of Hypertext Transfer Protocols, as defined 1871 by the HTTP version rules of <a href="#http.version" title="HTTP Version">Section 3.1</a> and future updates to this specification. Any token can be used as a protocol name; however, it will only be useful if both 1872 the client and server associate the name with the same protocol. 1873 </p> 1874 </div> 1875 <div id="header.via"> 1876 <div id="rfc.iref.v.1"></div> 1877 <div id="rfc.iref.h.12"></div> 1878 <h2 id="rfc.section.8.9"><a href="#rfc.section.8.9">8.9</a> <a href="#header.via">Via</a></h2> 1879 <p id="rfc.section.8.9.p.1">The general-header field "Via" <em class="bcp14">MUST</em> be used by gateways and proxies to indicate the intermediate protocols and recipients between the user agent and the server 1880 on requests, and between the origin server and the client on responses. It is analogous to the "Received" field defined in <a href="https://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.5"><cite title="Internet Message Format">[RFC5322]</cite></a> and is intended to be used for tracking message forwards, avoiding request loops, and identifying the protocol capabilities 1881 of all senders along the request/response chain. 1882 </p> 1883 <div id="rfc.figure.u.57"></div><pre class="inline"><span id="rfc.iref.g.90"></span><span id="rfc.iref.g.91"></span><span id="rfc.iref.g.92"></span><span id="rfc.iref.g.93"></span><span id="rfc.iref.g.94"></span><span id="rfc.iref.g.95"></span><span id="rfc.iref.g.96"></span> <a href="#header.via" class="smpl">Via</a> = "Via" ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.via" class="smpl">Via-v</a> 1771 1884 <a href="#header.via" class="smpl">Via-v</a> = 1#( <a href="#header.via" class="smpl">received-protocol</a> <a href="#rule.whitespace" class="smpl">RWS</a> <a href="#header.via" class="smpl">received-by</a> 1772 1885 [ <a href="#rule.whitespace" class="smpl">RWS</a> <a href="#rule.comment" class="smpl">comment</a> ] ) … … 1777 1890 <a href="#header.via" class="smpl">pseudonym</a> = <a href="#rule.token.separators" class="smpl">token</a> 1778 1891 </pre><p id="rfc.section.8.9.p.3">The received-protocol indicates the protocol version of the message received by the server or client along each segment of 1779 the request/response chain. The received-protocol version is appended to the Via field value when the message is forwarded1780 so that information about the protocol capabilities of upstream applications remains visible to all recipients.1781 </p>1782 <p id="rfc.section.8.9.p.4">The protocol-name is optional if and only if it would be "HTTP". The received-by field is normally the host and optional port1783 number of a recipient server or client that subsequently forwarded the message. However, if the real host is considered to1784 be sensitive information, it <em class="bcp14">MAY</em> be replaced by a pseudonym. If the port is not given, it <em class="bcp14">MAY</em> be assumed to be the default port of the received-protocol.1785 </p>1786 <p id="rfc.section.8.9.p.5">Multiple Via field values represents each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.1787 </p>1788 <p id="rfc.section.8.9.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of the recipient proxy or gateway, analogous to the User-Agent and1789 Server header fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.1790 </p>1791 <p id="rfc.section.8.9.p.7">For example, a request message could be sent from an HTTP/1.0 user agent to an internal proxy code-named "fred", which uses1792 HTTP/1.1 to forward the request to a public proxy at p.example.net, which completes the request by forwarding it to the origin1793 server at www.example.com. The request received by www.example.com would then have the following Via header field:1794 </p>1795 <div id="rfc.figure.u.58"></div><pre class="text"> Via: 1.0 fred, 1.1 p.example.net (Apache/1.1)1892 the request/response chain. The received-protocol version is appended to the Via field value when the message is forwarded 1893 so that information about the protocol capabilities of upstream applications remains visible to all recipients. 1894 </p> 1895 <p id="rfc.section.8.9.p.4">The protocol-name is optional if and only if it would be "HTTP". The received-by field is normally the host and optional port 1896 number of a recipient server or client that subsequently forwarded the message. However, if the real host is considered to 1897 be sensitive information, it <em class="bcp14">MAY</em> be replaced by a pseudonym. If the port is not given, it <em class="bcp14">MAY</em> be assumed to be the default port of the received-protocol. 1898 </p> 1899 <p id="rfc.section.8.9.p.5">Multiple Via field values represents each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications. 1900 </p> 1901 <p id="rfc.section.8.9.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of the recipient proxy or gateway, analogous to the User-Agent and 1902 Server header fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message. 1903 </p> 1904 <p id="rfc.section.8.9.p.7">For example, a request message could be sent from an HTTP/1.0 user agent to an internal proxy code-named "fred", which uses 1905 HTTP/1.1 to forward the request to a public proxy at p.example.net, which completes the request by forwarding it to the origin 1906 server at www.example.com. The request received by www.example.com would then have the following Via header field: 1907 </p> 1908 <div id="rfc.figure.u.58"></div><pre class="text"> Via: 1.0 fred, 1.1 p.example.net (Apache/1.1) 1796 1909 </pre><p id="rfc.section.8.9.p.9">Proxies and gateways used as a portal through a network firewall <em class="bcp14">SHOULD NOT</em>, by default, forward the names and ports of hosts within the firewall region. This information <em class="bcp14">SHOULD</em> only be propagated if explicitly enabled. If not enabled, the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host. 1797 </p>1798 <p id="rfc.section.8.9.p.10">For organizations that have strong privacy requirements for hiding internal structures, a proxy <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries with identical received-protocol values into a single such entry.1799 For example,1800 </p>1801 <div id="rfc.figure.u.59"></div><pre class="text"> Via: 1.0 ricky, 1.1 ethel, 1.1 fred, 1.0 lucy1910 </p> 1911 <p id="rfc.section.8.9.p.10">For organizations that have strong privacy requirements for hiding internal structures, a proxy <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries with identical received-protocol values into a single such entry. 1912 For example, 1913 </p> 1914 <div id="rfc.figure.u.59"></div><pre class="text"> Via: 1.0 ricky, 1.1 ethel, 1.1 fred, 1.0 lucy 1802 1915 </pre><p id="rfc.section.8.9.p.12">could be collapsed to</p> 1803 <div id="rfc.figure.u.60"></div><pre class="text"> Via: 1.0 ricky, 1.1 mertz, 1.0 lucy1916 <div id="rfc.figure.u.60"></div><pre class="text"> Via: 1.0 ricky, 1.1 mertz, 1.0 lucy 1804 1917 </pre><p id="rfc.section.8.9.p.14">Applications <em class="bcp14">SHOULD NOT</em> combine multiple entries unless they are all under the same organizational control and the hosts have already been replaced 1805 by pseudonyms. Applications <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values. 1806 </p> 1807 <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a> <a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1> 1808 <h2 id="rfc.section.9.1"><a href="#rfc.section.9.1">9.1</a> <a id="message.header.registration" href="#message.header.registration">Message Header Registration</a></h2> 1809 <p id="rfc.section.9.1.p.1">The Message Header Registry located at <<a href="http://www.iana.org/assignments/message-headers/message-header-index.html">http://www.iana.org/assignments/message-headers/message-header-index.html</a>> should be updated with the permanent registrations below (see <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a>): 1810 </p> 1811 <div id="rfc.table.1"> 1812 <div id="iana.header.registration.table"></div> 1813 <table class="tt full left" cellpadding="3" cellspacing="0"> 1814 <thead> 1815 <tr> 1816 <th>Header Field Name</th> 1817 <th>Protocol</th> 1818 <th>Status</th> 1819 <th>Reference</th> 1820 </tr> 1821 </thead> 1822 <tbody> 1823 <tr> 1824 <td class="left">Connection</td> 1825 <td class="left">http</td> 1826 <td class="left">standard</td> 1827 <td class="left"> <a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section 8.1</a> 1828 </td> 1829 </tr> 1830 <tr> 1831 <td class="left">Content-Length</td> 1832 <td class="left">http</td> 1833 <td class="left">standard</td> 1834 <td class="left"> <a href="#header.content-length" id="rfc.xref.header.content-length.2" title="Content-Length">Section 8.2</a> 1835 </td> 1836 </tr> 1837 <tr> 1838 <td class="left">Date</td> 1839 <td class="left">http</td> 1840 <td class="left">standard</td> 1841 <td class="left"> <a href="#header.date" id="rfc.xref.header.date.2" title="Date">Section 8.3</a> 1842 </td> 1843 </tr> 1844 <tr> 1845 <td class="left">Host</td> 1846 <td class="left">http</td> 1847 <td class="left">standard</td> 1848 <td class="left"> <a href="#header.host" id="rfc.xref.header.host.1" title="Host">Section 8.4</a> 1849 </td> 1850 </tr> 1851 <tr> 1852 <td class="left">TE</td> 1853 <td class="left">http</td> 1854 <td class="left">standard</td> 1855 <td class="left"> <a href="#header.te" id="rfc.xref.header.te.3" title="TE">Section 8.5</a> 1856 </td> 1857 </tr> 1858 <tr> 1859 <td class="left">Trailer</td> 1860 <td class="left">http</td> 1861 <td class="left">standard</td> 1862 <td class="left"> <a href="#header.trailer" id="rfc.xref.header.trailer.3" title="Trailer">Section 8.6</a> 1863 </td> 1864 </tr> 1865 <tr> 1866 <td class="left">Transfer-Encoding</td> 1867 <td class="left">http</td> 1868 <td class="left">standard</td> 1869 <td class="left"> <a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.5" title="Transfer-Encoding">Section 8.7</a> 1870 </td> 1871 </tr> 1872 <tr> 1873 <td class="left">Upgrade</td> 1874 <td class="left">http</td> 1875 <td class="left">standard</td> 1876 <td class="left"> <a href="#header.upgrade" id="rfc.xref.header.upgrade.2" title="Upgrade">Section 8.8</a> 1877 </td> 1878 </tr> 1879 <tr> 1880 <td class="left">Via</td> 1881 <td class="left">http</td> 1882 <td class="left">standard</td> 1883 <td class="left"> <a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section 8.9</a> 1884 </td> 1885 </tr> 1886 </tbody> 1887 </table> 1918 by pseudonyms. Applications <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values. 1919 </p> 1920 </div> 1888 1921 </div> 1889 <p id="rfc.section.9.1.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 1890 <h2 id="rfc.section.9.2"><a href="#rfc.section.9.2">9.2</a> <a id="uri.scheme.registration" href="#uri.scheme.registration">URI Scheme Registration</a></h2> 1891 <p id="rfc.section.9.2.p.1">The entry for the "http" URI Scheme in the registry located at <<a href="http://www.iana.org/assignments/uri-schemes.html">http://www.iana.org/assignments/uri-schemes.html</a>> should be updated to point to <a href="#http.uri" title="http URI scheme">Section 3.2.1</a> of this document (see <a href="#RFC4395" id="rfc.xref.RFC4395.1"><cite title="Guidelines and Registration Procedures for New URI Schemes">[RFC4395]</cite></a>). 1892 </p> 1893 <h2 id="rfc.section.9.3"><a href="#rfc.section.9.3">9.3</a> <a id="internet.media.type.http" href="#internet.media.type.http">Internet Media Type Registrations</a></h2> 1894 <p id="rfc.section.9.3.p.1">This document serves as the specification for the Internet media types "message/http" and "application/http". The following 1895 is to be registered with IANA (see <a href="#RFC4288" id="rfc.xref.RFC4288.1"><cite title="Media Type Specifications and Registration Procedures">[RFC4288]</cite></a>). 1896 </p> 1897 <div id="rfc.iref.m.1"></div> 1898 <div id="rfc.iref.m.2"></div> 1899 <h3 id="rfc.section.9.3.1"><a href="#rfc.section.9.3.1">9.3.1</a> <a id="internet.media.type.message.http" href="#internet.media.type.message.http">Internet Media Type message/http</a></h3> 1900 <p id="rfc.section.9.3.1.p.1">The message/http type can be used to enclose a single HTTP request or response message, provided that it obeys the MIME restrictions 1901 for all "message" types regarding line length and encodings. 1902 </p> 1903 <p id="rfc.section.9.3.1.p.2"> </p> 1904 <dl> 1905 <dt>Type name:</dt> 1906 <dd>message</dd> 1907 <dt>Subtype name:</dt> 1908 <dd>http</dd> 1909 <dt>Required parameters:</dt> 1910 <dd>none</dd> 1911 <dt>Optional parameters:</dt> 1912 <dd>version, msgtype 1913 <dl> 1914 <dt>version:</dt> 1915 <dd>The HTTP-Version number of the enclosed message (e.g., "1.1"). If not present, the version can be determined from the first 1916 line of the body. 1917 </dd> 1918 <dt>msgtype:</dt> 1919 <dd>The message type -- "request" or "response". If not present, the type can be determined from the first line of the body.</dd> 1920 </dl> 1921 </dd> 1922 <dt>Encoding considerations:</dt> 1923 <dd>only "7bit", "8bit", or "binary" are permitted</dd> 1924 <dt>Security considerations:</dt> 1925 <dd>none</dd> 1926 <dt>Interoperability considerations:</dt> 1927 <dd>none</dd> 1928 <dt>Published specification:</dt> 1929 <dd>This specification (see <a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section 9.3.1</a>). 1930 </dd> 1931 <dt>Applications that use this media type:</dt> 1932 <dt>Additional information:</dt> 1933 <dd> 1934 <dl> 1935 <dt>Magic number(s):</dt> 1936 <dd>none</dd> 1937 <dt>File extension(s):</dt> 1938 <dd>none</dd> 1939 <dt>Macintosh file type code(s):</dt> 1940 <dd>none</dd> 1941 </dl> 1942 </dd> 1943 <dt>Person and email address to contact for further information:</dt> 1944 <dd>See Authors Section.</dd> 1945 <dt>Intended usage:</dt> 1946 <dd>COMMON</dd> 1947 <dt>Restrictions on usage:</dt> 1948 <dd>none</dd> 1949 <dt>Author/Change controller:</dt> 1950 <dd>IESG</dd> 1951 </dl> 1952 <div id="rfc.iref.m.3"></div> 1953 <div id="rfc.iref.a.1"></div> 1954 <h3 id="rfc.section.9.3.2"><a href="#rfc.section.9.3.2">9.3.2</a> <a id="internet.media.type.application.http" href="#internet.media.type.application.http">Internet Media Type application/http</a></h3> 1955 <p id="rfc.section.9.3.2.p.1">The application/http type can be used to enclose a pipeline of one or more HTTP request or response messages (not intermixed).</p> 1956 <p id="rfc.section.9.3.2.p.2"> </p> 1957 <dl> 1958 <dt>Type name:</dt> 1959 <dd>application</dd> 1960 <dt>Subtype name:</dt> 1961 <dd>http</dd> 1962 <dt>Required parameters:</dt> 1963 <dd>none</dd> 1964 <dt>Optional parameters:</dt> 1965 <dd>version, msgtype 1966 <dl> 1967 <dt>version:</dt> 1968 <dd>The HTTP-Version number of the enclosed messages (e.g., "1.1"). If not present, the version can be determined from the first 1969 line of the body. 1970 </dd> 1971 <dt>msgtype:</dt> 1972 <dd>The message type -- "request" or "response". If not present, the type can be determined from the first line of the body.</dd> 1973 </dl> 1974 </dd> 1975 <dt>Encoding considerations:</dt> 1976 <dd>HTTP messages enclosed by this type are in "binary" format; use of an appropriate Content-Transfer-Encoding is required when 1977 transmitted via E-mail. 1978 </dd> 1979 <dt>Security considerations:</dt> 1980 <dd>none</dd> 1981 <dt>Interoperability considerations:</dt> 1982 <dd>none</dd> 1983 <dt>Published specification:</dt> 1984 <dd>This specification (see <a href="#internet.media.type.application.http" title="Internet Media Type application/http">Section 9.3.2</a>). 1985 </dd> 1986 <dt>Applications that use this media type:</dt> 1987 <dt>Additional information:</dt> 1988 <dd> 1989 <dl> 1990 <dt>Magic number(s):</dt> 1991 <dd>none</dd> 1992 <dt>File extension(s):</dt> 1993 <dd>none</dd> 1994 <dt>Macintosh file type code(s):</dt> 1995 <dd>none</dd> 1996 </dl> 1997 </dd> 1998 <dt>Person and email address to contact for further information:</dt> 1999 <dd>See Authors Section.</dd> 2000 <dt>Intended usage:</dt> 2001 <dd>COMMON</dd> 2002 <dt>Restrictions on usage:</dt> 2003 <dd>none</dd> 2004 <dt>Author/Change controller:</dt> 2005 <dd>IESG</dd> 2006 </dl> 2007 <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a> <a id="security.considerations" href="#security.considerations">Security Considerations</a></h1> 2008 <p id="rfc.section.10.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 2009 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 2010 make some suggestions for reducing security risks. 2011 </p> 2012 <h2 id="rfc.section.10.1"><a href="#rfc.section.10.1">10.1</a> <a id="personal.information" href="#personal.information">Personal Information</a></h2> 2013 <p id="rfc.section.10.1.p.1">HTTP clients are often privy to large amounts of personal information (e.g. the user's name, location, mail address, passwords, 2014 encryption keys, etc.), and <em class="bcp14">SHOULD</em> be very careful to prevent unintentional leakage of this information. We very strongly recommend that a convenient interface 2015 be provided for the user to control dissemination of such information, and that designers and implementors be particularly 2016 careful in this area. History shows that errors in this area often create serious security and/or privacy problems and generate 2017 highly adverse publicity for the implementor's company. 2018 </p> 2019 <h2 id="rfc.section.10.2"><a href="#rfc.section.10.2">10.2</a> <a id="abuse.of.server.log.information" href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2> 2020 <p id="rfc.section.10.2.p.1">A server is in the position to save personal data about a user's requests which might identify their reading patterns or subjects 2021 of interest. This information is clearly confidential in nature and its handling can be constrained by law in certain countries. 2022 People using HTTP to provide data are responsible for ensuring that such material is not distributed without the permission 2023 of any individuals that are identifiable by the published results. 2024 </p> 2025 <h2 id="rfc.section.10.3"><a href="#rfc.section.10.3">10.3</a> <a id="attack.pathname" href="#attack.pathname">Attacks Based On File and Path Names</a></h2> 2026 <p id="rfc.section.10.3.p.1">Implementations of HTTP origin servers <em class="bcp14">SHOULD</em> be careful to restrict the documents returned by HTTP requests to be only those that were intended by the server administrators. 2027 If an HTTP server translates HTTP URIs directly into file system calls, the server <em class="bcp14">MUST</em> take special care not to serve files that were not intended to be delivered to HTTP clients. For example, UNIX, Microsoft 2028 Windows, and other operating systems use ".." as a path component to indicate a directory level above the current one. On 2029 such a system, an HTTP server <em class="bcp14">MUST</em> disallow any such construct in the Request-URI if it would otherwise allow access to a resource outside those intended to 2030 be accessible via the HTTP server. Similarly, files intended for reference only internally to the server (such as access control 2031 files, configuration files, and script code) <em class="bcp14">MUST</em> be protected from inappropriate retrieval, since they might contain sensitive information. Experience has shown that minor 2032 bugs in such HTTP server implementations have turned into security risks. 2033 </p> 2034 <h2 id="rfc.section.10.4"><a href="#rfc.section.10.4">10.4</a> <a id="dns.spoofing" href="#dns.spoofing">DNS Spoofing</a></h2> 2035 <p id="rfc.section.10.4.p.1">Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the 2036 deliberate mis-association of IP addresses and DNS names. Clients need to be cautious in assuming the continuing validity 2037 of an IP number/DNS name association. 2038 </p> 2039 <p id="rfc.section.10.4.p.2">In particular, HTTP clients <em class="bcp14">SHOULD</em> rely on their name resolver for confirmation of an IP number/DNS name association, rather than caching the result of previous 2040 host name lookups. Many platforms already can cache host name lookups locally when appropriate, and they <em class="bcp14">SHOULD</em> be configured to do so. It is proper for these lookups to be cached, however, only when the TTL (Time To Live) information 2041 reported by the name server makes it likely that the cached information will remain useful. 2042 </p> 2043 <p id="rfc.section.10.4.p.3">If HTTP clients cache the results of host name lookups in order to achieve a performance improvement, they <em class="bcp14">MUST</em> observe the TTL information reported by DNS. 2044 </p> 2045 <p id="rfc.section.10.4.p.4">If HTTP clients do not observe this rule, they could be spoofed when a previously-accessed server's IP address changes. As 2046 network renumbering is expected to become increasingly common <a href="#RFC1900" id="rfc.xref.RFC1900.2"><cite title="Renumbering Needs Work">[RFC1900]</cite></a>, the possibility of this form of attack will grow. Observing this requirement thus reduces this potential security vulnerability. 2047 </p> 2048 <p id="rfc.section.10.4.p.5">This requirement also improves the load-balancing behavior of clients for replicated servers using the same DNS name and reduces 2049 the likelihood of a user's experiencing failure in accessing sites which use that strategy. 2050 </p> 2051 <h2 id="rfc.section.10.5"><a href="#rfc.section.10.5">10.5</a> <a id="attack.proxies" href="#attack.proxies">Proxies and Caching</a></h2> 2052 <p id="rfc.section.10.5.p.1">By their very nature, HTTP proxies are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks. Compromise 2053 of the systems on which the proxies run can result in serious security and privacy problems. Proxies have access to security-related 2054 information, personal information about individual users and organizations, and proprietary information belonging to users 2055 and content providers. A compromised proxy, or a proxy implemented or configured without regard to security and privacy considerations, 2056 might be used in the commission of a wide range of potential attacks. 2057 </p> 2058 <p id="rfc.section.10.5.p.2">Proxy operators should protect the systems on which proxies run as they would protect any system that contains or transports 2059 sensitive information. In particular, log information gathered at proxies often contains highly sensitive personal information, 2060 and/or information about organizations. Log information should be carefully guarded, and appropriate guidelines for use developed 2061 and followed. (<a href="#abuse.of.server.log.information" title="Abuse of Server Log Information">Section 10.2</a>). 2062 </p> 2063 <p id="rfc.section.10.5.p.3">Proxy implementors should consider the privacy and security implications of their design and coding decisions, and of the 2064 configuration options they provide to proxy operators (especially the default configuration). 2065 </p> 2066 <p id="rfc.section.10.5.p.4">Users of a proxy need to be aware that they are no trustworthier than the people who run the proxy; HTTP itself cannot solve 2067 this problem. 2068 </p> 2069 <p id="rfc.section.10.5.p.5">The judicious use of cryptography, when appropriate, may suffice to protect against a broad range of security and privacy 2070 attacks. Such cryptography is beyond the scope of the HTTP/1.1 specification. 2071 </p> 2072 <h2 id="rfc.section.10.6"><a href="#rfc.section.10.6">10.6</a> <a id="attack.DoS" href="#attack.DoS">Denial of Service Attacks on Proxies</a></h2> 2073 <p id="rfc.section.10.6.p.1">They exist. They are hard to defend against. Research continues. Beware.</p> 2074 <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a> <a id="ack" href="#ack">Acknowledgments</a></h1> 2075 <p id="rfc.section.11.p.1">HTTP has evolved considerably over the years. It has benefited from a large and active developer community--the many people 2076 who have participated on the www-talk mailing list--and it is that community which has been most responsible for the success 2077 of HTTP and of the World-Wide Web in general. Marc Andreessen, Robert Cailliau, Daniel W. Connolly, Bob Denny, John Franks, 2078 Jean-Francois Groff, Phillip M. Hallam-Baker, Hakon W. Lie, Ari Luotonen, Rob McCool, Lou Montulli, Dave Raggett, Tony Sanders, 2079 and Marc VanHeyningen deserve special recognition for their efforts in defining early aspects of the protocol. 2080 </p> 2081 <p id="rfc.section.11.p.2">This document has benefited greatly from the comments of all those participating in the HTTP-WG. In addition to those already 2082 mentioned, the following individuals have contributed to this specification: 2083 </p> 2084 <p id="rfc.section.11.p.3">Gary Adams, Harald Tveit Alvestrand, Keith Ball, Brian Behlendorf, Paul Burchard, Maurizio Codogno, Mike Cowlishaw, Roman 2085 Czyborra, Michael A. Dolan, Daniel DuBois, David J. Fiander, Alan Freier, Marc Hedlund, Greg Herlihy, Koen Holtman, Alex Hopmann, 2086 Bob Jernigan, Shel Kaphan, Rohit Khare, John Klensin, Martijn Koster, Alexei Kosut, David M. Kristol, Daniel LaLiberte, Ben 2087 Laurie, Paul J. Leach, Albert Lunde, John C. Mallery, Jean-Philippe Martin-Flatin, Mitra, David Morris, Gavin Nicol, Ross 2088 Patterson, Bill Perry, Jeffrey Perry, Scott Powers, Owen Rees, Luigi Rizzo, David Robinson, Marc Salomon, Rich Salz, Allan 2089 M. Schiffman, Jim Seidman, Chuck Shotton, Eric W. Sink, Simon E. Spero, Richard N. Taylor, Robert S. Thau, Bill (BearHeart) 2090 Weinman, Francois Yergeau, Mary Ellen Zurko, Josh Cohen. 2091 </p> 2092 <p id="rfc.section.11.p.4">Thanks to the "cave men" of Palo Alto. You know who you are.</p> 2093 <p id="rfc.section.11.p.5">Jim Gettys (the editor of <a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>) wishes particularly to thank Roy Fielding, the editor of <a href="#RFC2068" id="rfc.xref.RFC2068.5"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, along with John Klensin, Jeff Mogul, Paul Leach, Dave Kristol, Koen Holtman, John Franks, Josh Cohen, Alex Hopmann, Scott 2094 Lawrence, and Larry Masinter for their help. And thanks go particularly to Jeff Mogul and Scott Lawrence for performing the 2095 "MUST/MAY/SHOULD" audit. 2096 </p> 2097 <p id="rfc.section.11.p.6">The Apache Group, Anselm Baird-Smith, author of Jigsaw, and Henrik Frystyk implemented RFC 2068 early, and we wish to thank 2098 them for the discovery of many of the problems that this document attempts to rectify. 2099 </p> 2100 <p id="rfc.section.11.p.7">This specification makes heavy use of the augmented BNF and generic constructs defined by David H. Crocker for <a href="#RFC5234" id="rfc.xref.RFC5234.4"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>. Similarly, it reuses many of the definitions provided by Nathaniel Borenstein and Ned Freed for MIME <a href="#RFC2045" id="rfc.xref.RFC2045.3"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>. We hope that their inclusion in this specification will help reduce past confusion over the relationship between HTTP and 2101 Internet mail message formats. 2102 </p> 1922 <div id="IANA.considerations"> 1923 <h1 id="rfc.section.9"><a href="#rfc.section.9">9.</a> <a href="#IANA.considerations">IANA Considerations</a></h1> 1924 <div id="message.header.registration"> 1925 <h2 id="rfc.section.9.1"><a href="#rfc.section.9.1">9.1</a> <a href="#message.header.registration">Message Header Registration</a></h2> 1926 <p id="rfc.section.9.1.p.1">The Message Header Registry located at <<a href="http://www.iana.org/assignments/message-headers/message-header-index.html">http://www.iana.org/assignments/message-headers/message-header-index.html</a>> should be updated with the permanent registrations below (see <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a>): 1927 </p> 1928 <div id="rfc.table.1"> 1929 <div id="iana.header.registration.table"></div> 1930 <table class="tt full left" cellpadding="3" cellspacing="0"> 1931 <thead> 1932 <tr> 1933 <th>Header Field Name</th> 1934 <th>Protocol</th> 1935 <th>Status</th> 1936 <th>Reference</th> 1937 </tr> 1938 </thead> 1939 <tbody> 1940 <tr> 1941 <td class="left">Connection</td> 1942 <td class="left">http</td> 1943 <td class="left">standard</td> 1944 <td class="left"><a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section 8.1</a> 1945 </td> 1946 </tr> 1947 <tr> 1948 <td class="left">Content-Length</td> 1949 <td class="left">http</td> 1950 <td class="left">standard</td> 1951 <td class="left"><a href="#header.content-length" id="rfc.xref.header.content-length.2" title="Content-Length">Section 8.2</a> 1952 </td> 1953 </tr> 1954 <tr> 1955 <td class="left">Date</td> 1956 <td class="left">http</td> 1957 <td class="left">standard</td> 1958 <td class="left"><a href="#header.date" id="rfc.xref.header.date.2" title="Date">Section 8.3</a> 1959 </td> 1960 </tr> 1961 <tr> 1962 <td class="left">Host</td> 1963 <td class="left">http</td> 1964 <td class="left">standard</td> 1965 <td class="left"><a href="#header.host" id="rfc.xref.header.host.1" title="Host">Section 8.4</a> 1966 </td> 1967 </tr> 1968 <tr> 1969 <td class="left">TE</td> 1970 <td class="left">http</td> 1971 <td class="left">standard</td> 1972 <td class="left"><a href="#header.te" id="rfc.xref.header.te.3" title="TE">Section 8.5</a> 1973 </td> 1974 </tr> 1975 <tr> 1976 <td class="left">Trailer</td> 1977 <td class="left">http</td> 1978 <td class="left">standard</td> 1979 <td class="left"><a href="#header.trailer" id="rfc.xref.header.trailer.3" title="Trailer">Section 8.6</a> 1980 </td> 1981 </tr> 1982 <tr> 1983 <td class="left">Transfer-Encoding</td> 1984 <td class="left">http</td> 1985 <td class="left">standard</td> 1986 <td class="left"><a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.5" title="Transfer-Encoding">Section 8.7</a> 1987 </td> 1988 </tr> 1989 <tr> 1990 <td class="left">Upgrade</td> 1991 <td class="left">http</td> 1992 <td class="left">standard</td> 1993 <td class="left"><a href="#header.upgrade" id="rfc.xref.header.upgrade.2" title="Upgrade">Section 8.8</a> 1994 </td> 1995 </tr> 1996 <tr> 1997 <td class="left">Via</td> 1998 <td class="left">http</td> 1999 <td class="left">standard</td> 2000 <td class="left"><a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section 8.9</a> 2001 </td> 2002 </tr> 2003 </tbody> 2004 </table> 2005 </div> 2006 <p id="rfc.section.9.1.p.2">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p> 2007 </div> 2008 <div id="uri.scheme.registration"> 2009 <h2 id="rfc.section.9.2"><a href="#rfc.section.9.2">9.2</a> <a href="#uri.scheme.registration">URI Scheme Registration</a></h2> 2010 <p id="rfc.section.9.2.p.1">The entry for the "http" URI Scheme in the registry located at <<a href="http://www.iana.org/assignments/uri-schemes.html">http://www.iana.org/assignments/uri-schemes.html</a>> should be updated to point to <a href="#http.uri" title="http URI scheme">Section 3.2.1</a> of this document (see <a href="#RFC4395" id="rfc.xref.RFC4395.1"><cite title="Guidelines and Registration Procedures for New URI Schemes">[RFC4395]</cite></a>). 2011 </p> 2012 </div> 2013 <div id="internet.media.type.http"> 2014 <h2 id="rfc.section.9.3"><a href="#rfc.section.9.3">9.3</a> <a href="#internet.media.type.http">Internet Media Type Registrations</a></h2> 2015 <p id="rfc.section.9.3.p.1">This document serves as the specification for the Internet media types "message/http" and "application/http". The following 2016 is to be registered with IANA (see <a href="#RFC4288" id="rfc.xref.RFC4288.1"><cite title="Media Type Specifications and Registration Procedures">[RFC4288]</cite></a>). 2017 </p> 2018 <div id="internet.media.type.message.http"> 2019 <div id="rfc.iref.m.1"></div> 2020 <div id="rfc.iref.m.2"></div> 2021 <h3 id="rfc.section.9.3.1"><a href="#rfc.section.9.3.1">9.3.1</a> <a href="#internet.media.type.message.http">Internet Media Type message/http</a></h3> 2022 <p id="rfc.section.9.3.1.p.1">The message/http type can be used to enclose a single HTTP request or response message, provided that it obeys the MIME restrictions 2023 for all "message" types regarding line length and encodings. 2024 </p> 2025 <p id="rfc.section.9.3.1.p.2"></p> 2026 <dl> 2027 <dt>Type name:</dt> 2028 <dd>message</dd> 2029 <dt>Subtype name:</dt> 2030 <dd>http</dd> 2031 <dt>Required parameters:</dt> 2032 <dd>none</dd> 2033 <dt>Optional parameters:</dt> 2034 <dd>version, msgtype 2035 <dl> 2036 <dt>version:</dt> 2037 <dd>The HTTP-Version number of the enclosed message (e.g., "1.1"). If not present, the version can be determined from the first 2038 line of the body. 2039 </dd> 2040 <dt>msgtype:</dt> 2041 <dd>The message type -- "request" or "response". If not present, the type can be determined from the first line of the body.</dd> 2042 </dl> 2043 </dd> 2044 <dt>Encoding considerations:</dt> 2045 <dd>only "7bit", "8bit", or "binary" are permitted</dd> 2046 <dt>Security considerations:</dt> 2047 <dd>none</dd> 2048 <dt>Interoperability considerations:</dt> 2049 <dd>none</dd> 2050 <dt>Published specification:</dt> 2051 <dd>This specification (see <a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section 9.3.1</a>). 2052 </dd> 2053 <dt>Applications that use this media type:</dt> 2054 <dt>Additional information:</dt> 2055 <dd> 2056 <dl> 2057 <dt>Magic number(s):</dt> 2058 <dd>none</dd> 2059 <dt>File extension(s):</dt> 2060 <dd>none</dd> 2061 <dt>Macintosh file type code(s):</dt> 2062 <dd>none</dd> 2063 </dl> 2064 </dd> 2065 <dt>Person and email address to contact for further information:</dt> 2066 <dd>See Authors Section.</dd> 2067 <dt>Intended usage:</dt> 2068 <dd>COMMON</dd> 2069 <dt>Restrictions on usage:</dt> 2070 <dd>none</dd> 2071 <dt>Author/Change controller:</dt> 2072 <dd>IESG</dd> 2073 </dl> 2074 </div> 2075 <div id="internet.media.type.application.http"> 2076 <div id="rfc.iref.m.3"></div> 2077 <div id="rfc.iref.a.1"></div> 2078 <h3 id="rfc.section.9.3.2"><a href="#rfc.section.9.3.2">9.3.2</a> <a href="#internet.media.type.application.http">Internet Media Type application/http</a></h3> 2079 <p id="rfc.section.9.3.2.p.1">The application/http type can be used to enclose a pipeline of one or more HTTP request or response messages (not intermixed).</p> 2080 <p id="rfc.section.9.3.2.p.2"></p> 2081 <dl> 2082 <dt>Type name:</dt> 2083 <dd>application</dd> 2084 <dt>Subtype name:</dt> 2085 <dd>http</dd> 2086 <dt>Required parameters:</dt> 2087 <dd>none</dd> 2088 <dt>Optional parameters:</dt> 2089 <dd>version, msgtype 2090 <dl> 2091 <dt>version:</dt> 2092 <dd>The HTTP-Version number of the enclosed messages (e.g., "1.1"). If not present, the version can be determined from the first 2093 line of the body. 2094 </dd> 2095 <dt>msgtype:</dt> 2096 <dd>The message type -- "request" or "response". If not present, the type can be determined from the first line of the body.</dd> 2097 </dl> 2098 </dd> 2099 <dt>Encoding considerations:</dt> 2100 <dd>HTTP messages enclosed by this type are in "binary" format; use of an appropriate Content-Transfer-Encoding is required when 2101 transmitted via E-mail. 2102 </dd> 2103 <dt>Security considerations:</dt> 2104 <dd>none</dd> 2105 <dt>Interoperability considerations:</dt> 2106 <dd>none</dd> 2107 <dt>Published specification:</dt> 2108 <dd>This specification (see <a href="#internet.media.type.application.http" title="Internet Media Type application/http">Section 9.3.2</a>). 2109 </dd> 2110 <dt>Applications that use this media type:</dt> 2111 <dt>Additional information:</dt> 2112 <dd> 2113 <dl> 2114 <dt>Magic number(s):</dt> 2115 <dd>none</dd> 2116 <dt>File extension(s):</dt> 2117 <dd>none</dd> 2118 <dt>Macintosh file type code(s):</dt> 2119 <dd>none</dd> 2120 </dl> 2121 </dd> 2122 <dt>Person and email address to contact for further information:</dt> 2123 <dd>See Authors Section.</dd> 2124 <dt>Intended usage:</dt> 2125 <dd>COMMON</dd> 2126 <dt>Restrictions on usage:</dt> 2127 <dd>none</dd> 2128 <dt>Author/Change controller:</dt> 2129 <dd>IESG</dd> 2130 </dl> 2131 </div> 2132 </div> 2133 </div> 2134 <div id="security.considerations"> 2135 <h1 id="rfc.section.10"><a href="#rfc.section.10">10.</a> <a href="#security.considerations">Security Considerations</a></h1> 2136 <p id="rfc.section.10.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1 2137 as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does 2138 make some suggestions for reducing security risks. 2139 </p> 2140 <div id="personal.information"> 2141 <h2 id="rfc.section.10.1"><a href="#rfc.section.10.1">10.1</a> <a href="#personal.information">Personal Information</a></h2> 2142 <p id="rfc.section.10.1.p.1">HTTP clients are often privy to large amounts of personal information (e.g. the user's name, location, mail address, passwords, 2143 encryption keys, etc.), and <em class="bcp14">SHOULD</em> be very careful to prevent unintentional leakage of this information. We very strongly recommend that a convenient interface 2144 be provided for the user to control dissemination of such information, and that designers and implementors be particularly 2145 careful in this area. History shows that errors in this area often create serious security and/or privacy problems and generate 2146 highly adverse publicity for the implementor's company. 2147 </p> 2148 </div> 2149 <div id="abuse.of.server.log.information"> 2150 <h2 id="rfc.section.10.2"><a href="#rfc.section.10.2">10.2</a> <a href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2> 2151 <p id="rfc.section.10.2.p.1">A server is in the position to save personal data about a user's requests which might identify their reading patterns or subjects 2152 of interest. This information is clearly confidential in nature and its handling can be constrained by law in certain countries. 2153 People using HTTP to provide data are responsible for ensuring that such material is not distributed without the permission 2154 of any individuals that are identifiable by the published results. 2155 </p> 2156 </div> 2157 <div id="attack.pathname"> 2158 <h2 id="rfc.section.10.3"><a href="#rfc.section.10.3">10.3</a> <a href="#attack.pathname">Attacks Based On File and Path Names</a></h2> 2159 <p id="rfc.section.10.3.p.1">Implementations of HTTP origin servers <em class="bcp14">SHOULD</em> be careful to restrict the documents returned by HTTP requests to be only those that were intended by the server administrators. 2160 If an HTTP server translates HTTP URIs directly into file system calls, the server <em class="bcp14">MUST</em> take special care not to serve files that were not intended to be delivered to HTTP clients. For example, UNIX, Microsoft 2161 Windows, and other operating systems use ".." as a path component to indicate a directory level above the current one. On 2162 such a system, an HTTP server <em class="bcp14">MUST</em> disallow any such construct in the Request-URI if it would otherwise allow access to a resource outside those intended to 2163 be accessible via the HTTP server. Similarly, files intended for reference only internally to the server (such as access control 2164 files, configuration files, and script code) <em class="bcp14">MUST</em> be protected from inappropriate retrieval, since they might contain sensitive information. Experience has shown that minor 2165 bugs in such HTTP server implementations have turned into security risks. 2166 </p> 2167 </div> 2168 <div id="dns.spoofing"> 2169 <h2 id="rfc.section.10.4"><a href="#rfc.section.10.4">10.4</a> <a href="#dns.spoofing">DNS Spoofing</a></h2> 2170 <p id="rfc.section.10.4.p.1">Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the 2171 deliberate mis-association of IP addresses and DNS names. Clients need to be cautious in assuming the continuing validity 2172 of an IP number/DNS name association. 2173 </p> 2174 <p id="rfc.section.10.4.p.2">In particular, HTTP clients <em class="bcp14">SHOULD</em> rely on their name resolver for confirmation of an IP number/DNS name association, rather than caching the result of previous 2175 host name lookups. Many platforms already can cache host name lookups locally when appropriate, and they <em class="bcp14">SHOULD</em> be configured to do so. It is proper for these lookups to be cached, however, only when the TTL (Time To Live) information 2176 reported by the name server makes it likely that the cached information will remain useful. 2177 </p> 2178 <p id="rfc.section.10.4.p.3">If HTTP clients cache the results of host name lookups in order to achieve a performance improvement, they <em class="bcp14">MUST</em> observe the TTL information reported by DNS. 2179 </p> 2180 <p id="rfc.section.10.4.p.4">If HTTP clients do not observe this rule, they could be spoofed when a previously-accessed server's IP address changes. As 2181 network renumbering is expected to become increasingly common <a href="#RFC1900" id="rfc.xref.RFC1900.2"><cite title="Renumbering Needs Work">[RFC1900]</cite></a>, the possibility of this form of attack will grow. Observing this requirement thus reduces this potential security vulnerability. 2182 </p> 2183 <p id="rfc.section.10.4.p.5">This requirement also improves the load-balancing behavior of clients for replicated servers using the same DNS name and reduces 2184 the likelihood of a user's experiencing failure in accessing sites which use that strategy. 2185 </p> 2186 </div> 2187 <div id="attack.proxies"> 2188 <h2 id="rfc.section.10.5"><a href="#rfc.section.10.5">10.5</a> <a href="#attack.proxies">Proxies and Caching</a></h2> 2189 <p id="rfc.section.10.5.p.1">By their very nature, HTTP proxies are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks. Compromise 2190 of the systems on which the proxies run can result in serious security and privacy problems. Proxies have access to security-related 2191 information, personal information about individual users and organizations, and proprietary information belonging to users 2192 and content providers. A compromised proxy, or a proxy implemented or configured without regard to security and privacy considerations, 2193 might be used in the commission of a wide range of potential attacks. 2194 </p> 2195 <p id="rfc.section.10.5.p.2">Proxy operators should protect the systems on which proxies run as they would protect any system that contains or transports 2196 sensitive information. In particular, log information gathered at proxies often contains highly sensitive personal information, 2197 and/or information about organizations. Log information should be carefully guarded, and appropriate guidelines for use developed 2198 and followed. (<a href="#abuse.of.server.log.information" title="Abuse of Server Log Information">Section 10.2</a>). 2199 </p> 2200 <p id="rfc.section.10.5.p.3">Proxy implementors should consider the privacy and security implications of their design and coding decisions, and of the 2201 configuration options they provide to proxy operators (especially the default configuration). 2202 </p> 2203 <p id="rfc.section.10.5.p.4">Users of a proxy need to be aware that they are no trustworthier than the people who run the proxy; HTTP itself cannot solve 2204 this problem. 2205 </p> 2206 <p id="rfc.section.10.5.p.5">The judicious use of cryptography, when appropriate, may suffice to protect against a broad range of security and privacy 2207 attacks. Such cryptography is beyond the scope of the HTTP/1.1 specification. 2208 </p> 2209 </div> 2210 <div id="attack.DoS"> 2211 <h2 id="rfc.section.10.6"><a href="#rfc.section.10.6">10.6</a> <a href="#attack.DoS">Denial of Service Attacks on Proxies</a></h2> 2212 <p id="rfc.section.10.6.p.1">They exist. They are hard to defend against. Research continues. Beware.</p> 2213 </div> 2214 </div> 2215 <div id="ack"> 2216 <h1 id="rfc.section.11"><a href="#rfc.section.11">11.</a> <a href="#ack">Acknowledgments</a></h1> 2217 <p id="rfc.section.11.p.1">HTTP has evolved considerably over the years. It has benefited from a large and active developer community--the many people 2218 who have participated on the www-talk mailing list--and it is that community which has been most responsible for the success 2219 of HTTP and of the World-Wide Web in general. Marc Andreessen, Robert Cailliau, Daniel W. Connolly, Bob Denny, John Franks, 2220 Jean-Francois Groff, Phillip M. Hallam-Baker, Hakon W. Lie, Ari Luotonen, Rob McCool, Lou Montulli, Dave Raggett, Tony Sanders, 2221 and Marc VanHeyningen deserve special recognition for their efforts in defining early aspects of the protocol. 2222 </p> 2223 <p id="rfc.section.11.p.2">This document has benefited greatly from the comments of all those participating in the HTTP-WG. In addition to those already 2224 mentioned, the following individuals have contributed to this specification: 2225 </p> 2226 <p id="rfc.section.11.p.3">Gary Adams, Harald Tveit Alvestrand, Keith Ball, Brian Behlendorf, Paul Burchard, Maurizio Codogno, Mike Cowlishaw, Roman 2227 Czyborra, Michael A. Dolan, Daniel DuBois, David J. Fiander, Alan Freier, Marc Hedlund, Greg Herlihy, Koen Holtman, Alex Hopmann, 2228 Bob Jernigan, Shel Kaphan, Rohit Khare, John Klensin, Martijn Koster, Alexei Kosut, David M. Kristol, Daniel LaLiberte, Ben 2229 Laurie, Paul J. Leach, Albert Lunde, John C. Mallery, Jean-Philippe Martin-Flatin, Mitra, David Morris, Gavin Nicol, Ross 2230 Patterson, Bill Perry, Jeffrey Perry, Scott Powers, Owen Rees, Luigi Rizzo, David Robinson, Marc Salomon, Rich Salz, Allan 2231 M. Schiffman, Jim Seidman, Chuck Shotton, Eric W. Sink, Simon E. Spero, Richard N. Taylor, Robert S. Thau, Bill (BearHeart) 2232 Weinman, Francois Yergeau, Mary Ellen Zurko, Josh Cohen. 2233 </p> 2234 <p id="rfc.section.11.p.4">Thanks to the "cave men" of Palo Alto. You know who you are.</p> 2235 <p id="rfc.section.11.p.5">Jim Gettys (the editor of <a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>) wishes particularly to thank Roy Fielding, the editor of <a href="#RFC2068" id="rfc.xref.RFC2068.5"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, along with John Klensin, Jeff Mogul, Paul Leach, Dave Kristol, Koen Holtman, John Franks, Josh Cohen, Alex Hopmann, Scott 2236 Lawrence, and Larry Masinter for their help. And thanks go particularly to Jeff Mogul and Scott Lawrence for performing the 2237 "MUST/MAY/SHOULD" audit. 2238 </p> 2239 <p id="rfc.section.11.p.6">The Apache Group, Anselm Baird-Smith, author of Jigsaw, and Henrik Frystyk implemented RFC 2068 early, and we wish to thank 2240 them for the discovery of many of the problems that this document attempts to rectify. 2241 </p> 2242 <p id="rfc.section.11.p.7">This specification makes heavy use of the augmented BNF and generic constructs defined by David H. Crocker for <a href="#RFC5234" id="rfc.xref.RFC5234.4"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>. Similarly, it reuses many of the definitions provided by Nathaniel Borenstein and Ned Freed for MIME <a href="#RFC2045" id="rfc.xref.RFC2045.3"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>. We hope that their inclusion in this specification will help reduce past confusion over the relationship between HTTP and 2243 Internet mail message formats. 2244 </p> 2245 </div> 2103 2246 <h1 id="rfc.references"><a id="rfc.section.12" href="#rfc.section.12">12.</a> References 2104 2247 </h1> 2105 2248 <h2 id="rfc.references.1"><a href="#rfc.section.12.1" id="rfc.section.12.1">12.1</a> Normative References 2106 2249 </h2> 2107 <table> 2250 <table> 2108 2251 <tr> 2109 2252 <td class="reference"><b id="ISO-8859-1">[ISO-8859-1]</b></td> … … 2112 2255 <tr> 2113 2256 <td class="reference"><b id="Part2">[Part2]</b></td> 2114 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http ://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-05">HTTP/1.1, part 2: Message Semantics</a>”, Internet-Draft draft-ietf-httpbis-p2-semantics-05 (work in progress), November 2008.2257 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="https://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-05">HTTP/1.1, part 2: Message Semantics</a>”, Internet-Draft draft-ietf-httpbis-p2-semantics-05 (work in progress), November 2008. 2115 2258 </td> 2116 2259 </tr> 2117 2260 <tr> 2118 2261 <td class="reference"><b id="Part3">[Part3]</b></td> 2119 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http ://tools.ietf.org/html/draft-ietf-httpbis-p3-payload-05">HTTP/1.1, part 3: Message Payload and Content Negotiation</a>”, Internet-Draft draft-ietf-httpbis-p3-payload-05 (work in progress), November 2008.2262 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="https://tools.ietf.org/html/draft-ietf-httpbis-p3-payload-05">HTTP/1.1, part 3: Message Payload and Content Negotiation</a>”, Internet-Draft draft-ietf-httpbis-p3-payload-05 (work in progress), November 2008. 2120 2263 </td> 2121 2264 </tr> 2122 2265 <tr> 2123 2266 <td class="reference"><b id="Part5">[Part5]</b></td> 2124 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http ://tools.ietf.org/html/draft-ietf-httpbis-p5-range-05">HTTP/1.1, part 5: Range Requests and Partial Responses</a>”, Internet-Draft draft-ietf-httpbis-p5-range-05 (work in progress), November 2008.2267 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="https://tools.ietf.org/html/draft-ietf-httpbis-p5-range-05">HTTP/1.1, part 5: Range Requests and Partial Responses</a>”, Internet-Draft draft-ietf-httpbis-p5-range-05 (work in progress), November 2008. 2125 2268 </td> 2126 2269 </tr> 2127 2270 <tr> 2128 2271 <td class="reference"><b id="Part6">[Part6]</b></td> 2129 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="http ://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-05">HTTP/1.1, part 6: Caching</a>”, Internet-Draft draft-ietf-httpbis-p6-cache-05 (work in progress), November 2008.2272 <td class="top"><a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R., Ed.</a>, <a href="mailto:jg@laptop.org" title="One Laptop per Child">Gettys, J.</a>, <a href="mailto:JeffMogul@acm.org" title="Hewlett-Packard Company">Mogul, J.</a>, <a href="mailto:henrikn@microsoft.com" title="Microsoft Corporation">Frystyk, H.</a>, <a href="mailto:LMM@acm.org" title="Adobe Systems, Incorporated">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, <a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:ylafon@w3.org" title="World Wide Web Consortium">Lafon, Y., Ed.</a>, and <a href="mailto:julian.reschke@greenbytes.de" title="greenbytes GmbH">J. Reschke, Ed.</a>, “<a href="https://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-05">HTTP/1.1, part 6: Caching</a>”, Internet-Draft draft-ietf-httpbis-p6-cache-05 (work in progress), November 2008. 2130 2273 </td> 2131 2274 </tr> 2132 2275 <tr> 2133 2276 <td class="reference"><b id="RFC2045">[RFC2045]</b></td> 2134 <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="http ://tools.ietf.org/html/rfc2045">Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</a>”, RFC 2045, November 1996.2277 <td class="top"><a href="mailto:ned@innosoft.com" title="Innosoft International, Inc.">Freed, N.</a> and <a href="mailto:nsb@nsb.fv.com" title="First Virtual Holdings">N. Borenstein</a>, “<a href="https://tools.ietf.org/html/rfc2045">Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies</a>”, RFC 2045, November 1996. 2135 2278 </td> 2136 2279 </tr> 2137 2280 <tr> 2138 2281 <td class="reference"><b id="RFC2047">[RFC2047]</b></td> 2139 <td class="top"><a href="mailto:moore@cs.utk.edu" title="University of Tennessee">Moore, K.</a>, “<a href="http ://tools.ietf.org/html/rfc2047">MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text</a>”, RFC 2047, November 1996.2282 <td class="top"><a href="mailto:moore@cs.utk.edu" title="University of Tennessee">Moore, K.</a>, “<a href="https://tools.ietf.org/html/rfc2047">MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text</a>”, RFC 2047, November 1996. 2140 2283 </td> 2141 2284 </tr> 2142 2285 <tr> 2143 2286 <td class="reference"><b id="RFC2119">[RFC2119]</b></td> 2144 <td class="top"><a href="mailto:sob@harvard.edu" title="Harvard University">Bradner, S.</a>, “<a href="http ://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>”, BCP 14, RFC 2119, March 1997.2287 <td class="top"><a href="mailto:sob@harvard.edu" title="Harvard University">Bradner, S.</a>, “<a href="https://tools.ietf.org/html/rfc2119">Key words for use in RFCs to Indicate Requirement Levels</a>”, BCP 14, RFC 2119, March 1997. 2145 2288 </td> 2146 2289 </tr> 2147 2290 <tr> 2148 2291 <td class="reference"><b id="RFC3986">[RFC3986]</b></td> 2149 <td class="top"><a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems Incorporated">L. Masinter</a>, “<a href="http ://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>”, RFC 3986, STD 66, January 2005.2292 <td class="top"><a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems Incorporated">L. Masinter</a>, “<a href="https://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>”, RFC 3986, STD 66, January 2005. 2150 2293 </td> 2151 2294 </tr> 2152 2295 <tr> 2153 2296 <td class="reference"><b id="RFC5234">[RFC5234]</b></td> 2154 <td class="top"><a href="mailto:dcrocker@bbiw.net" title="Brandenburg InternetWorking">Crocker, D., Ed.</a> and <a href="mailto:paul.overell@thus.net" title="THUS plc.">P. Overell</a>, “<a href="http ://tools.ietf.org/html/rfc5234">Augmented BNF for Syntax Specifications: ABNF</a>”, STD 68, RFC 5234, January 2008.2297 <td class="top"><a href="mailto:dcrocker@bbiw.net" title="Brandenburg InternetWorking">Crocker, D., Ed.</a> and <a href="mailto:paul.overell@thus.net" title="THUS plc.">P. Overell</a>, “<a href="https://tools.ietf.org/html/rfc5234">Augmented BNF for Syntax Specifications: ABNF</a>”, STD 68, RFC 5234, January 2008. 2155 2298 </td> 2156 2299 </tr> … … 2162 2305 <h2 id="rfc.references.2"><a href="#rfc.section.12.2" id="rfc.section.12.2">12.2</a> Informative References 2163 2306 </h2> 2164 <table> 2307 <table> 2165 2308 <tr> 2166 2309 <td class="reference"><b id="Kri2001">[Kri2001]</b></td> … … 2181 2324 <tr> 2182 2325 <td class="reference"><b id="RFC1123">[RFC1123]</b></td> 2183 <td class="top"><a href="mailto:Braden@ISI.EDU" title="University of Southern California (USC), Information Sciences Institute">Braden, R.</a>, “<a href="http ://tools.ietf.org/html/rfc1123">Requirements for Internet Hosts - Application and Support</a>”, STD 3, RFC 1123, October 1989.2326 <td class="top"><a href="mailto:Braden@ISI.EDU" title="University of Southern California (USC), Information Sciences Institute">Braden, R.</a>, “<a href="https://tools.ietf.org/html/rfc1123">Requirements for Internet Hosts - Application and Support</a>”, STD 3, RFC 1123, October 1989. 2184 2327 </td> 2185 2328 </tr> 2186 2329 <tr> 2187 2330 <td class="reference"><b id="RFC1305">[RFC1305]</b></td> 2188 <td class="top"><a href="mailto:mills@udel.edu" title="University of Delaware, Electrical Engineering Department">Mills, D.</a>, “<a href="http ://tools.ietf.org/html/rfc1305">Network Time Protocol (Version 3) Specification, Implementation</a>”, RFC 1305, March 1992.2331 <td class="top"><a href="mailto:mills@udel.edu" title="University of Delaware, Electrical Engineering Department">Mills, D.</a>, “<a href="https://tools.ietf.org/html/rfc1305">Network Time Protocol (Version 3) Specification, Implementation</a>”, RFC 1305, March 1992. 2189 2332 </td> 2190 2333 </tr> 2191 2334 <tr> 2192 2335 <td class="reference"><b id="RFC1436">[RFC1436]</b></td> 2193 <td class="top"><a href="mailto:fxa@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Anklesaria, F.</a>, <a href="mailto:mpm@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">McCahill, M.</a>, <a href="mailto:lindner@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Lindner, P.</a>, <a href="mailto:dmj@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Johnson, D.</a>, <a href="mailto:daniel@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Torrey, D.</a>, and <a href="mailto:alberti@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">B. Alberti</a>, “<a href="http ://tools.ietf.org/html/rfc1436">The Internet Gopher Protocol (a distributed document search and retrieval protocol)</a>”, RFC 1436, March 1993.2336 <td class="top"><a href="mailto:fxa@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Anklesaria, F.</a>, <a href="mailto:mpm@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">McCahill, M.</a>, <a href="mailto:lindner@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Lindner, P.</a>, <a href="mailto:dmj@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Johnson, D.</a>, <a href="mailto:daniel@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">Torrey, D.</a>, and <a href="mailto:alberti@boombox.micro.umn.edu" title="University of Minnesota, Computer and Information Services">B. Alberti</a>, “<a href="https://tools.ietf.org/html/rfc1436">The Internet Gopher Protocol (a distributed document search and retrieval protocol)</a>”, RFC 1436, March 1993. 2194 2337 </td> 2195 2338 </tr> 2196 2339 <tr> 2197 2340 <td class="reference"><b id="RFC1900">[RFC1900]</b></td> 2198 <td class="top"><a href="mailto:brian@dxcoms.cern.ch" title="CERN, Computing and Networks Division">Carpenter, B.</a> and <a href="mailto:yakov@cisco.com" title="cisco Systems">Y. Rekhter</a>, “<a href="http ://tools.ietf.org/html/rfc1900">Renumbering Needs Work</a>”, RFC 1900, February 1996.2341 <td class="top"><a href="mailto:brian@dxcoms.cern.ch" title="CERN, Computing and Networks Division">Carpenter, B.</a> and <a href="mailto:yakov@cisco.com" title="cisco Systems">Y. Rekhter</a>, “<a href="https://tools.ietf.org/html/rfc1900">Renumbering Needs Work</a>”, RFC 1900, February 1996. 2199 2342 </td> 2200 2343 </tr> 2201 2344 <tr> 2202 2345 <td class="reference"><b id="RFC1945">[RFC1945]</b></td> 2203 <td class="top"><a href="mailto:timbl@w3.org" title="MIT, Laboratory for Computer Science">Berners-Lee, T.</a>, <a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, and <a href="mailto:frystyk@w3.org" title="W3 Consortium, MIT Laboratory for Computer Science">H. Nielsen</a>, “<a href="http ://tools.ietf.org/html/rfc1945">Hypertext Transfer Protocol -- HTTP/1.0</a>”, RFC 1945, May 1996.2346 <td class="top"><a href="mailto:timbl@w3.org" title="MIT, Laboratory for Computer Science">Berners-Lee, T.</a>, <a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, and <a href="mailto:frystyk@w3.org" title="W3 Consortium, MIT Laboratory for Computer Science">H. Nielsen</a>, “<a href="https://tools.ietf.org/html/rfc1945">Hypertext Transfer Protocol -- HTTP/1.0</a>”, RFC 1945, May 1996. 2204 2347 </td> 2205 2348 </tr> 2206 2349 <tr> 2207 2350 <td class="reference"><b id="RFC2068">[RFC2068]</b></td> 2208 <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="MIT Laboratory for Computer Science">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Digital Equipment Corporation, Western Research Laboratory">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Nielsen, H.</a>, and <a href="mailto:timbl@w3.org" title="MIT Laboratory for Computer Science">T. Berners-Lee</a>, “<a href="http ://tools.ietf.org/html/rfc2068">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC 2068, January 1997.2351 <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine, Department of Information and Computer Science">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="MIT Laboratory for Computer Science">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Digital Equipment Corporation, Western Research Laboratory">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Nielsen, H.</a>, and <a href="mailto:timbl@w3.org" title="MIT Laboratory for Computer Science">T. Berners-Lee</a>, “<a href="https://tools.ietf.org/html/rfc2068">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC 2068, January 1997. 2209 2352 </td> 2210 2353 </tr> 2211 2354 <tr> 2212 2355 <td class="reference"><b id="RFC2109">[RFC2109]</b></td> 2213 <td class="top"><a href="mailto:dmk@bell-labs.com" title="Bell Laboratories, Lucent Technologies">Kristol, D.</a> and <a href="mailto:montulli@netscape.com" title="Netscape Communications Corp.">L. Montulli</a>, “<a href="http ://tools.ietf.org/html/rfc2109">HTTP State Management Mechanism</a>”, RFC 2109, February 1997.2356 <td class="top"><a href="mailto:dmk@bell-labs.com" title="Bell Laboratories, Lucent Technologies">Kristol, D.</a> and <a href="mailto:montulli@netscape.com" title="Netscape Communications Corp.">L. Montulli</a>, “<a href="https://tools.ietf.org/html/rfc2109">HTTP State Management Mechanism</a>”, RFC 2109, February 1997. 2214 2357 </td> 2215 2358 </tr> 2216 2359 <tr> 2217 2360 <td class="reference"><b id="RFC2145">[RFC2145]</b></td> 2218 <td class="top"><a href="mailto:mogul@wrl.dec.com" title="Western Research Laboratory">Mogul, J.</a>, <a href="mailto:fielding@ics.uci.edu" title="Department of Information and Computer Science">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="MIT Laboratory for Computer Science">Gettys, J.</a>, and <a href="mailto:frystyk@w3.org" title="W3 Consortium">H. Nielsen</a>, “<a href="http ://tools.ietf.org/html/rfc2145">Use and Interpretation of HTTP Version Numbers</a>”, RFC 2145, May 1997.2361 <td class="top"><a href="mailto:mogul@wrl.dec.com" title="Western Research Laboratory">Mogul, J.</a>, <a href="mailto:fielding@ics.uci.edu" title="Department of Information and Computer Science">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="MIT Laboratory for Computer Science">Gettys, J.</a>, and <a href="mailto:frystyk@w3.org" title="W3 Consortium">H. Nielsen</a>, “<a href="https://tools.ietf.org/html/rfc2145">Use and Interpretation of HTTP Version Numbers</a>”, RFC 2145, May 1997. 2219 2362 </td> 2220 2363 </tr> 2221 2364 <tr> 2222 2365 <td class="reference"><b id="RFC2616">[RFC2616]</b></td> 2223 <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="W3C">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Compaq Computer Corporation">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Frystyk, H.</a>, <a href="mailto:masinter@parc.xerox.com" title="Xerox Corporation">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, and <a href="mailto:timbl@w3.org" title="W3C">T. Berners-Lee</a>, “<a href="http ://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC 2616, June 1999.2366 <td class="top"><a href="mailto:fielding@ics.uci.edu" title="University of California, Irvine">Fielding, R.</a>, <a href="mailto:jg@w3.org" title="W3C">Gettys, J.</a>, <a href="mailto:mogul@wrl.dec.com" title="Compaq Computer Corporation">Mogul, J.</a>, <a href="mailto:frystyk@w3.org" title="MIT Laboratory for Computer Science">Frystyk, H.</a>, <a href="mailto:masinter@parc.xerox.com" title="Xerox Corporation">Masinter, L.</a>, <a href="mailto:paulle@microsoft.com" title="Microsoft Corporation">Leach, P.</a>, and <a href="mailto:timbl@w3.org" title="W3C">T. Berners-Lee</a>, “<a href="https://tools.ietf.org/html/rfc2616">Hypertext Transfer Protocol -- HTTP/1.1</a>”, RFC 2616, June 1999. 2224 2367 </td> 2225 2368 </tr> 2226 2369 <tr> 2227 2370 <td class="reference"><b id="RFC2818">[RFC2818]</b></td> 2228 <td class="top"><a href="mailto:ekr@rtfm.com" title="RTFM, Inc.">Rescorla, E.</a>, “<a href="http ://tools.ietf.org/html/rfc2818">HTTP Over TLS</a>”, RFC 2818, May 2000.2371 <td class="top"><a href="mailto:ekr@rtfm.com" title="RTFM, Inc.">Rescorla, E.</a>, “<a href="https://tools.ietf.org/html/rfc2818">HTTP Over TLS</a>”, RFC 2818, May 2000. 2229 2372 </td> 2230 2373 </tr> 2231 2374 <tr> 2232 2375 <td class="reference"><b id="RFC2965">[RFC2965]</b></td> 2233 <td class="top"><a href="mailto:dmk@bell-labs.com" title="Bell Laboratories, Lucent Technologies">Kristol, D.</a> and <a href="mailto:lou@montulli.org" title="Epinions.com, Inc.">L. Montulli</a>, “<a href="http ://tools.ietf.org/html/rfc2965">HTTP State Management Mechanism</a>”, RFC 2965, October 2000.2376 <td class="top"><a href="mailto:dmk@bell-labs.com" title="Bell Laboratories, Lucent Technologies">Kristol, D.</a> and <a href="mailto:lou@montulli.org" title="Epinions.com, Inc.">L. Montulli</a>, “<a href="https://tools.ietf.org/html/rfc2965">HTTP State Management Mechanism</a>”, RFC 2965, October 2000. 2234 2377 </td> 2235 2378 </tr> 2236 2379 <tr> 2237 2380 <td class="reference"><b id="RFC3864">[RFC3864]</b></td> 2238 <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="http ://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP 90, RFC 3864, September 2004.2381 <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="https://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP 90, RFC 3864, September 2004. 2239 2382 </td> 2240 2383 </tr> 2241 2384 <tr> 2242 2385 <td class="reference"><b id="RFC3977">[RFC3977]</b></td> 2243 <td class="top"><a href="mailto:clive@demon.net" title="THUS plc">Feather, C.</a>, “<a href="http ://tools.ietf.org/html/rfc3977">Network News Transfer Protocol (NNTP)</a>”, RFC 3977, October 2006.2386 <td class="top"><a href="mailto:clive@demon.net" title="THUS plc">Feather, C.</a>, “<a href="https://tools.ietf.org/html/rfc3977">Network News Transfer Protocol (NNTP)</a>”, RFC 3977, October 2006. 2244 2387 </td> 2245 2388 </tr> 2246 2389 <tr> 2247 2390 <td class="reference"><b id="RFC4288">[RFC4288]</b></td> 2248 <td class="top"><a href="mailto:ned.freed@mrochek.com" title="Sun Microsystems">Freed, N.</a> and <a href="mailto:klensin+ietf@jck.com">J. Klensin</a>, “<a href="http ://tools.ietf.org/html/rfc4288">Media Type Specifications and Registration Procedures</a>”, BCP 13, RFC 4288, December 2005.2391 <td class="top"><a href="mailto:ned.freed@mrochek.com" title="Sun Microsystems">Freed, N.</a> and <a href="mailto:klensin+ietf@jck.com">J. Klensin</a>, “<a href="https://tools.ietf.org/html/rfc4288">Media Type Specifications and Registration Procedures</a>”, BCP 13, RFC 4288, December 2005. 2249 2392 </td> 2250 2393 </tr> 2251 2394 <tr> 2252 2395 <td class="reference"><b id="RFC4395">[RFC4395]</b></td> 2253 <td class="top"><a href="mailto:tony+urireg@maillennium.att.com" title="AT&T Laboratories">Hansen, T.</a>, <a href="mailto:hardie@qualcomm.com" title="Qualcomm, Inc.">Hardie, T.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems">L. Masinter</a>, “<a href="http ://tools.ietf.org/html/rfc4395">Guidelines and Registration Procedures for New URI Schemes</a>”, BCP 115, RFC 4395, February 2006.2396 <td class="top"><a href="mailto:tony+urireg@maillennium.att.com" title="AT&T Laboratories">Hansen, T.</a>, <a href="mailto:hardie@qualcomm.com" title="Qualcomm, Inc.">Hardie, T.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems">L. Masinter</a>, “<a href="https://tools.ietf.org/html/rfc4395">Guidelines and Registration Procedures for New URI Schemes</a>”, BCP 115, RFC 4395, February 2006. 2254 2397 </td> 2255 2398 </tr> 2256 2399 <tr> 2257 2400 <td class="reference"><b id="RFC5322">[RFC5322]</b></td> 2258 <td class="top">Resnick, P., “<a href="http ://tools.ietf.org/html/rfc5322">Internet Message Format</a>”, RFC 5322, October 2008.2401 <td class="top">Resnick, P., “<a href="https://tools.ietf.org/html/rfc5322">Internet Message Format</a>”, RFC 5322, October 2008. 2259 2402 </td> 2260 2403 </tr> 2261 2404 <tr> 2262 2405 <td class="reference"><b id="RFC822">[RFC822]</b></td> 2263 <td class="top"><a href="mailto:DCrocker@UDel-Relay" title="University of Delaware, Dept. of Electrical Engineering">Crocker, D.</a>, “<a href="http ://tools.ietf.org/html/rfc822">Standard for the format of ARPA Internet text messages</a>”, STD 11, RFC 822, August 1982.2406 <td class="top"><a href="mailto:DCrocker@UDel-Relay" title="University of Delaware, Dept. of Electrical Engineering">Crocker, D.</a>, “<a href="https://tools.ietf.org/html/rfc822">Standard for the format of ARPA Internet text messages</a>”, STD 11, RFC 822, August 1982. 2264 2407 </td> 2265 2408 </tr> 2266 2409 <tr> 2267 2410 <td class="reference"><b id="RFC959">[RFC959]</b></td> 2268 <td class="top">Postel, J. and J. Reynolds, “<a href="http ://tools.ietf.org/html/rfc959">File Transfer Protocol</a>”, STD 9, RFC 959, October 1985.2411 <td class="top">Postel, J. and J. Reynolds, “<a href="https://tools.ietf.org/html/rfc959">File Transfer Protocol</a>”, STD 9, RFC 959, October 1985. 2269 2412 </td> 2270 2413 </tr> … … 2284 2427 </tr> 2285 2428 </table> 2286 <div class="avoidbreak"> 2287 <h1 id="rfc.authors"><a href="#rfc.authors">Authors' Addresses</a></h1> 2288 <address class="vcard"><span class="vcardline"><span class="fn">Roy T. Fielding</span> 2289 (editor) 2290 <span class="n hidden"><span class="family-name">Fielding</span><span class="given-name">Roy T.</span></span></span><span class="org vcardline">Day Software</span><span class="adr"><span class="street-address vcardline">23 Corporate Plaza DR, Suite 280</span><span class="vcardline"><span class="locality">Newport Beach</span>, <span class="region">CA</span> <span class="postal-code">92660</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline tel">Phone: <a href="tel:+1-949-706-5300"><span class="value">+1-949-706-5300</span></a></span><span class="vcardline tel"><span class="type">Fax</span>: <a href="fax:+1-949-706-5305"><span class="value">+1-949-706-5305</span></a></span><span class="vcardline">EMail: <a href="mailto:fielding@gbiv.com"><span class="email">fielding@gbiv.com</span></a></span><span class="vcardline">URI: <a href="http://roy.gbiv.com/" class="url">http://roy.gbiv.com/</a></span></address> 2291 <address class="vcard"><span class="vcardline"><span class="fn">Jim Gettys</span><span class="n hidden"><span class="family-name">Gettys</span><span class="given-name">Jim</span></span></span><span class="org vcardline">One Laptop per Child</span><span class="adr"><span class="street-address vcardline">21 Oak Knoll Road</span><span class="vcardline"><span class="locality">Carlisle</span>, <span class="region">MA</span> <span class="postal-code">01741</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">EMail: <a href="mailto:jg@laptop.org"><span class="email">jg@laptop.org</span></a></span><span class="vcardline">URI: <a href="http://www.laptop.org/" class="url">http://www.laptop.org/</a></span></address> 2292 <address class="vcard"><span class="vcardline"><span class="fn">Jeffrey C. Mogul</span><span class="n hidden"><span class="family-name">Mogul</span><span class="given-name">Jeffrey C.</span></span></span><span class="org vcardline">Hewlett-Packard Company</span><span class="adr"><span class="street-address vcardline">HP Labs, Large Scale Systems Group</span><span class="street-address vcardline">1501 Page Mill Road, MS 1177</span><span class="vcardline"><span class="locality">Palo Alto</span>, <span class="region">CA</span> <span class="postal-code">94304</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">EMail: <a href="mailto:JeffMogul@acm.org"><span class="email">JeffMogul@acm.org</span></a></span></address> 2293 <address class="vcard"><span class="vcardline"><span class="fn">Henrik Frystyk Nielsen</span><span class="n hidden"><span class="family-name">Frystyk</span></span></span><span class="org vcardline">Microsoft Corporation</span><span class="adr"><span class="street-address vcardline">1 Microsoft Way</span><span class="vcardline"><span class="locality">Redmond</span>, <span class="region">WA</span> <span class="postal-code">98052</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">EMail: <a href="mailto:henrikn@microsoft.com"><span class="email">henrikn@microsoft.com</span></a></span></address> 2294 <address class="vcard"><span class="vcardline"><span class="fn">Larry Masinter</span><span class="n hidden"><span class="family-name">Masinter</span><span class="given-name">Larry</span></span></span><span class="org vcardline">Adobe Systems, Incorporated</span><span class="adr"><span class="street-address vcardline">345 Park Ave</span><span class="vcardline"><span class="locality">San Jose</span>, <span class="region">CA</span> <span class="postal-code">95110</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">EMail: <a href="mailto:LMM@acm.org"><span class="email">LMM@acm.org</span></a></span><span class="vcardline">URI: <a href="http://larry.masinter.net/" class="url">http://larry.masinter.net/</a></span></address> 2295 <address class="vcard"><span class="vcardline"><span class="fn">Paul J. Leach</span><span class="n hidden"><span class="family-name">Leach</span><span class="given-name">Paul J.</span></span></span><span class="org vcardline">Microsoft Corporation</span><span class="adr"><span class="street-address vcardline">1 Microsoft Way</span><span class="vcardline"><span class="locality">Redmond</span>, <span class="region">WA</span> <span class="postal-code">98052</span></span></span><span class="vcardline">EMail: <a href="mailto:paulle@microsoft.com"><span class="email">paulle@microsoft.com</span></a></span></address> 2296 <address class="vcard"><span class="vcardline"><span class="fn">Tim Berners-Lee</span><span class="n hidden"><span class="family-name">Berners-Lee</span><span class="given-name">Tim</span></span></span><span class="org vcardline">World Wide Web Consortium</span><span class="adr"><span class="street-address vcardline">MIT Computer Science and Artificial Intelligence Laboratory</span><span class="street-address vcardline">The Stata Center, Building 32</span><span class="street-address vcardline">32 Vassar Street</span><span class="vcardline"><span class="locality">Cambridge</span>, <span class="region">MA</span> <span class="postal-code">02139</span></span><span class="country-name vcardline">USA</span></span><span class="vcardline">EMail: <a href="mailto:timbl@w3.org"><span class="email">timbl@w3.org</span></a></span><span class="vcardline">URI: <a href="http://www.w3.org/People/Berners-Lee/" class="url">http://www.w3.org/People/Berners-Lee/</a></span></address> 2297 <address class="vcard"><span class="vcardline"><span class="fn">Yves Lafon</span> 2298 (editor) 2299 <span class="n hidden"><span class="family-name">Lafon</span><span class="given-name">Yves</span></span></span><span class="org vcardline">World Wide Web Consortium</span><span class="adr"><span class="street-address vcardline">W3C / ERCIM</span><span class="street-address vcardline">2004, rte des Lucioles</span><span class="vcardline"><span class="locality">Sophia-Antipolis</span>, <span class="region">AM</span> <span class="postal-code">06902</span></span><span class="country-name vcardline">France</span></span><span class="vcardline">EMail: <a href="mailto:ylafon@w3.org"><span class="email">ylafon@w3.org</span></a></span><span class="vcardline">URI: <a href="http://www.raubacapeu.net/people/yves/" class="url">http://www.raubacapeu.net/people/yves/</a></span></address> 2300 <address class="vcard"><span class="vcardline"><span class="fn">Julian F. Reschke</span> 2301 (editor) 2302 <span class="n hidden"><span class="family-name">Reschke</span><span class="given-name">Julian F.</span></span></span><span class="org vcardline">greenbytes GmbH</span><span class="adr"><span class="street-address vcardline">Hafenweg 16</span><span class="vcardline"><span class="locality">Muenster</span>, <span class="region">NW</span> <span class="postal-code">48155</span></span><span class="country-name vcardline">Germany</span></span><span class="vcardline tel">Phone: <a href="tel:+492512807760"><span class="value">+49 251 2807760</span></a></span><span class="vcardline tel"><span class="type">Fax</span>: <a href="fax:+492512807761"><span class="value">+49 251 2807761</span></a></span><span class="vcardline">EMail: <a href="mailto:julian.reschke@greenbytes.de"><span class="email">julian.reschke@greenbytes.de</span></a></span><span class="vcardline">URI: <a href="http://greenbytes.de/tech/webdav/" class="url">http://greenbytes.de/tech/webdav/</a></span></address> 2429 <div id="tolerant.applications"> 2430 <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a> <a href="#tolerant.applications">Tolerant Applications</a></h1> 2431 <p id="rfc.section.A.p.1">Although this document specifies the requirements for the generation of HTTP/1.1 messages, not all applications will be correct 2432 in their implementation. We therefore recommend that operational applications be tolerant of deviations whenever those deviations 2433 can be interpreted unambiguously. 2434 </p> 2435 <p id="rfc.section.A.p.2">Clients <em class="bcp14">SHOULD</em> be tolerant in parsing the Status-Line and servers tolerant when parsing the Request-Line. In particular, they <em class="bcp14">SHOULD</em> accept any amount of SP or HTAB characters between fields, even though only a single SP is required. 2436 </p> 2437 <p id="rfc.section.A.p.3">The line terminator for message-header fields is the sequence CRLF. However, we recommend that applications, when parsing 2438 such headers, recognize a single LF as a line terminator and ignore the leading CR. 2439 </p> 2440 <p id="rfc.section.A.p.4">The character set of an entity-body <em class="bcp14">SHOULD</em> be labeled as the lowest common denominator of the character codes used within that body, with the exception that not labeling 2441 the entity is preferred over labeling the entity with the labels US-ASCII or ISO-8859-1. See <a href="#Part3" id="rfc.xref.Part3.13"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 2442 </p> 2443 <p id="rfc.section.A.p.5">Additional rules for requirements on parsing and encoding of dates and other potential problems with date encodings include:</p> 2444 <p id="rfc.section.A.p.6"></p> 2445 <ul> 2446 <li>HTTP/1.1 clients and caches <em class="bcp14">SHOULD</em> assume that an RFC-850 date which appears to be more than 50 years in the future is in fact in the past (this helps solve 2447 the "year 2000" problem). 2448 </li> 2449 <li>An HTTP/1.1 implementation <em class="bcp14">MAY</em> internally represent a parsed Expires date as earlier than the proper value, but <em class="bcp14">MUST NOT</em> internally represent a parsed Expires date as later than the proper value. 2450 </li> 2451 <li>All expiration-related calculations <em class="bcp14">MUST</em> be done in GMT. The local time zone <em class="bcp14">MUST NOT</em> influence the calculation or comparison of an age or expiration time. 2452 </li> 2453 <li>If an HTTP header incorrectly carries a date value with a time zone other than GMT, it <em class="bcp14">MUST</em> be converted into GMT using the most conservative possible conversion. 2454 </li> 2455 </ul> 2303 2456 </div> 2304 <h1 id="rfc.section.A" class="np"><a href="#rfc.section.A">A.</a> <a id="tolerant.applications" href="#tolerant.applications">Tolerant Applications</a></h1> 2305 <p id="rfc.section.A.p.1">Although this document specifies the requirements for the generation of HTTP/1.1 messages, not all applications will be correct 2306 in their implementation. We therefore recommend that operational applications be tolerant of deviations whenever those deviations 2307 can be interpreted unambiguously. 2308 </p> 2309 <p id="rfc.section.A.p.2">Clients <em class="bcp14">SHOULD</em> be tolerant in parsing the Status-Line and servers tolerant when parsing the Request-Line. In particular, they <em class="bcp14">SHOULD</em> accept any amount of SP or HTAB characters between fields, even though only a single SP is required. 2310 </p> 2311 <p id="rfc.section.A.p.3">The line terminator for message-header fields is the sequence CRLF. However, we recommend that applications, when parsing 2312 such headers, recognize a single LF as a line terminator and ignore the leading CR. 2313 </p> 2314 <p id="rfc.section.A.p.4">The character set of an entity-body <em class="bcp14">SHOULD</em> be labeled as the lowest common denominator of the character codes used within that body, with the exception that not labeling 2315 the entity is preferred over labeling the entity with the labels US-ASCII or ISO-8859-1. See <a href="#Part3" id="rfc.xref.Part3.13"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 2316 </p> 2317 <p id="rfc.section.A.p.5">Additional rules for requirements on parsing and encoding of dates and other potential problems with date encodings include:</p> 2318 <p id="rfc.section.A.p.6"> </p> 2319 <ul> 2320 <li>HTTP/1.1 clients and caches <em class="bcp14">SHOULD</em> assume that an RFC-850 date which appears to be more than 50 years in the future is in fact in the past (this helps solve 2321 the "year 2000" problem). 2322 </li> 2323 <li>An HTTP/1.1 implementation <em class="bcp14">MAY</em> internally represent a parsed Expires date as earlier than the proper value, but <em class="bcp14">MUST NOT</em> internally represent a parsed Expires date as later than the proper value. 2324 </li> 2325 <li>All expiration-related calculations <em class="bcp14">MUST</em> be done in GMT. The local time zone <em class="bcp14">MUST NOT</em> influence the calculation or comparison of an age or expiration time. 2326 </li> 2327 <li>If an HTTP header incorrectly carries a date value with a time zone other than GMT, it <em class="bcp14">MUST</em> be converted into GMT using the most conservative possible conversion. 2328 </li> 2329 </ul> 2330 <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a> <a id="conversion.of.date.formats" href="#conversion.of.date.formats">Conversion of Date Formats</a></h1> 2331 <p id="rfc.section.B.p.1">HTTP/1.1 uses a restricted set of date formats (<a href="#full.date" title="Full Date">Section 3.3.1</a>) to simplify the process of date comparison. Proxies and gateways from other protocols <em class="bcp14">SHOULD</em> ensure that any Date header field present in a message conforms to one of the HTTP/1.1 formats and rewrite the date if necessary. 2332 </p> 2333 <h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a> <a id="compatibility" href="#compatibility">Compatibility with Previous Versions</a></h1> 2334 <p id="rfc.section.C.p.1">HTTP has been in use by the World-Wide Web global information initiative since 1990. The first version of HTTP, later referred 2335 to as HTTP/0.9, was a simple protocol for hypertext data transfer across the Internet with only a single method and no metadata. 2336 HTTP/1.0, as defined by <a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a>, added a range of request methods and MIME-like messaging that could include metadata about the data transferred and modifiers 2337 on the request/response semantics. However, HTTP/1.0 did not sufficiently take into consideration the effects of hierarchical 2338 proxies, caching, the need for persistent connections, or name-based virtual hosts. The proliferation of incompletely-implemented 2339 applications calling themselves "HTTP/1.0" further necessitated a protocol version change in order for two communicating applications 2340 to determine each other's true capabilities. 2341 </p> 2342 <p id="rfc.section.C.p.2">HTTP/1.1 remains compatible with HTTP/1.0 by including more stringent requirements that enable reliable implementations, adding 2343 only those new features that will either be safely ignored by an HTTP/1.0 recipient or only sent when communicating with a 2344 party advertising compliance with HTTP/1.1. 2345 </p> 2346 <p id="rfc.section.C.p.3">It is beyond the scope of a protocol specification to mandate compliance with previous versions. HTTP/1.1 was deliberately 2347 designed, however, to make supporting previous versions easy. It is worth noting that, at the time of composing this specification 2348 (1996), we would expect commercial HTTP/1.1 servers to: 2349 </p> 2350 <ul> 2351 <li>recognize the format of the Request-Line for HTTP/0.9, 1.0, and 1.1 requests;</li> 2352 <li>understand any valid request in the format of HTTP/0.9, 1.0, or 1.1;</li> 2353 <li>respond appropriately with a message in the same major version used by the client.</li> 2354 </ul> 2355 <p id="rfc.section.C.p.4">And we would expect HTTP/1.1 clients to: </p> 2356 <ul> 2357 <li>recognize the format of the Status-Line for HTTP/1.0 and 1.1 responses;</li> 2358 <li>understand any valid response in the format of HTTP/0.9, 1.0, or 1.1.</li> 2359 </ul> 2360 <p id="rfc.section.C.p.5">For most implementations of HTTP/1.0, each connection is established by the client prior to the request and closed by the 2361 server after sending the response. Some implementations implement the Keep-Alive version of persistent connections described 2362 in <a href="http://tools.ietf.org/html/rfc2068#section-19.7.1">Section 19.7.1</a> of <a href="#RFC2068" id="rfc.xref.RFC2068.6"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>. 2363 </p> 2364 <h2 id="rfc.section.C.1"><a href="#rfc.section.C.1">C.1</a> <a id="changes.from.1.0" href="#changes.from.1.0">Changes from HTTP/1.0</a></h2> 2365 <p id="rfc.section.C.1.p.1">This section summarizes major differences between versions HTTP/1.0 and HTTP/1.1.</p> 2366 <h3 id="rfc.section.C.1.1"><a href="#rfc.section.C.1.1">C.1.1</a> <a id="changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses" href="#changes.to.simplify.multi-homed.web.servers.and.conserve.ip.addresses">Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses</a></h3> 2367 <p id="rfc.section.C.1.1.p.1">The requirements that clients and servers support the Host request-header, report an error if the Host request-header (<a href="#header.host" id="rfc.xref.header.host.2" title="Host">Section 8.4</a>) is missing from an HTTP/1.1 request, and accept absolute URIs (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>) are among the most important changes defined by this specification. 2368 </p> 2369 <p id="rfc.section.C.1.1.p.2">Older HTTP/1.0 clients assumed a one-to-one relationship of IP addresses and servers; there was no other established mechanism 2370 for distinguishing the intended server of a request than the IP address to which that request was directed. The changes outlined 2371 above will allow the Internet, once older HTTP clients are no longer common, to support multiple Web sites from a single IP 2372 address, greatly simplifying large operational Web servers, where allocation of many IP addresses to a single host has created 2373 serious problems. The Internet will also be able to recover the IP addresses that have been allocated for the sole purpose 2374 of allowing special-purpose domain names to be used in root-level HTTP URLs. Given the rate of growth of the Web, and the 2375 number of servers already deployed, it is extremely important that all implementations of HTTP (including updates to existing 2376 HTTP/1.0 applications) correctly implement these requirements: 2377 </p> 2378 <ul> 2379 <li>Both clients and servers <em class="bcp14">MUST</em> support the Host request-header. 2380 </li> 2381 <li>A client that sends an HTTP/1.1 request <em class="bcp14">MUST</em> send a Host header. 2382 </li> 2383 <li>Servers <em class="bcp14">MUST</em> report a 400 (Bad Request) error if an HTTP/1.1 request does not include a Host request-header. 2384 </li> 2385 <li>Servers <em class="bcp14">MUST</em> accept absolute URIs. 2386 </li> 2387 </ul> 2388 <h2 id="rfc.section.C.2"><a href="#rfc.section.C.2">C.2</a> <a id="compatibility.with.http.1.0.persistent.connections" href="#compatibility.with.http.1.0.persistent.connections">Compatibility with HTTP/1.0 Persistent Connections</a></h2> 2389 <p id="rfc.section.C.2.p.1">Some clients and servers might wish to be compatible with some previous implementations of persistent connections in HTTP/1.0 2390 clients and servers. Persistent connections in HTTP/1.0 are explicitly negotiated as they are not the default behavior. HTTP/1.0 2391 experimental implementations of persistent connections are faulty, and the new facilities in HTTP/1.1 are designed to rectify 2392 these problems. The problem was that some existing 1.0 clients may be sending Keep-Alive to a proxy server that doesn't understand 2393 Connection, which would then erroneously forward it to the next inbound server, which would establish the Keep-Alive connection 2394 and result in a hung HTTP/1.0 proxy waiting for the close on the response. The result is that HTTP/1.0 clients must be prevented 2395 from using Keep-Alive when talking to proxies. 2396 </p> 2397 <p id="rfc.section.C.2.p.2">However, talking to proxies is the most important use of persistent connections, so that prohibition is clearly unacceptable. 2398 Therefore, we need some other mechanism for indicating a persistent connection is desired, which is safe to use even when 2399 talking to an old proxy that ignores Connection. Persistent connections are the default for HTTP/1.1 messages; we introduce 2400 a new keyword (Connection: close) for declaring non-persistence. See <a href="#header.connection" id="rfc.xref.header.connection.7" title="Connection">Section 8.1</a>. 2401 </p> 2402 <p id="rfc.section.C.2.p.3">The original HTTP/1.0 form of persistent connections (the Connection: Keep-Alive and Keep-Alive header) is documented in <a href="#RFC2068" id="rfc.xref.RFC2068.7"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>. 2403 </p> 2404 <h2 id="rfc.section.C.3"><a href="#rfc.section.C.3">C.3</a> <a id="changes.from.rfc.2068" href="#changes.from.rfc.2068">Changes from RFC 2068</a></h2> 2405 <p id="rfc.section.C.3.p.1">This specification has been carefully audited to correct and disambiguate key word usage; RFC 2068 had many problems in respect 2406 to the conventions laid out in <a href="#RFC2119" id="rfc.xref.RFC2119.2"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>. 2407 </p> 2408 <p id="rfc.section.C.3.p.2">Transfer-coding and message lengths all interact in ways that required fixing exactly when chunked encoding is used (to allow 2409 for transfer encoding that may not be self delimiting); it was important to straighten out exactly how message lengths are 2410 computed. (Sections <a href="#transfer.codings" title="Transfer Codings">3.4</a>, <a href="#message.length" title="Message Length">4.4</a>, <a href="#header.content-length" id="rfc.xref.header.content-length.3" title="Content-Length">8.2</a>, see also <a href="#Part3" id="rfc.xref.Part3.14"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>, <a href="#Part5" id="rfc.xref.Part5.1"><cite title="HTTP/1.1, part 5: Range Requests and Partial Responses">[Part5]</cite></a> and <a href="#Part6" id="rfc.xref.Part6.8"><cite title="HTTP/1.1, part 6: Caching">[Part6]</cite></a>) 2411 </p> 2412 <p id="rfc.section.C.3.p.3">The use and interpretation of HTTP version numbers has been clarified by <a href="#RFC2145" id="rfc.xref.RFC2145.3"><cite title="Use and Interpretation of HTTP Version Numbers">[RFC2145]</cite></a>. Require proxies to upgrade requests to highest protocol version they support to deal with problems discovered in HTTP/1.0 2413 implementations (<a href="#http.version" title="HTTP Version">Section 3.1</a>) 2414 </p> 2415 <p id="rfc.section.C.3.p.4">Transfer-coding had significant problems, particularly with interactions with chunked encoding. The solution is that transfer-codings 2416 become as full fledged as content-codings. This involves adding an IANA registry for transfer-codings (separate from content 2417 codings), a new header field (TE) and enabling trailer headers in the future. Transfer encoding is a major performance benefit, 2418 so it was worth fixing <a href="#Nie1997" id="rfc.xref.Nie1997.2"><cite title="Network Performance Effects of HTTP/1.1, CSS1, and PNG">[Nie1997]</cite></a>. TE also solves another, obscure, downward interoperability problem that could have occurred due to interactions between 2419 authentication trailers, chunked encoding and HTTP/1.0 clients.(Section <a href="#transfer.codings" title="Transfer Codings">3.4</a>, <a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">3.4.1</a>, and <a href="#header.te" id="rfc.xref.header.te.4" title="TE">8.5</a>) 2420 </p> 2421 <h2 id="rfc.section.C.4"><a href="#rfc.section.C.4">C.4</a> <a id="changes.from.rfc.2616" href="#changes.from.rfc.2616">Changes from RFC 2616</a></h2> 2422 <p id="rfc.section.C.4.p.1">Rules about implicit linear white space between certain grammar productions have been removed; now it's only allowed when 2423 specifically pointed out in the ABNF. The CHAR rule does not allow the NUL character anymore (this affects the comment and 2424 quoted-string rules). Furthermore, the quoted-pair rule does not allow escaping NUL, CR or LF anymore. (<a href="#basic.rules" title="Basic Rules">Section 2.2</a>) 2425 </p> 2426 <p id="rfc.section.C.4.p.2">Clarify that HTTP-Version is case sensitive. (<a href="#http.version" title="HTTP Version">Section 3.1</a>) 2427 </p> 2428 <p id="rfc.section.C.4.p.3">Remove reference to non-existant identity transfer-coding value tokens. (Sections <a href="#transfer.codings" title="Transfer Codings">3.4</a> and <a href="#message.length" title="Message Length">4.4</a>) 2429 </p> 2430 <p id="rfc.section.C.4.p.4">Clarification that the chunk length does not include the count of the octets in the chunk header and trailer. (<a href="#chunked.transfer.encoding" title="Chunked Transfer Coding">Section 3.4.1</a>) 2431 </p> 2432 <p id="rfc.section.C.4.p.5">Update use of abs_path production from RFC1808 to the path-absolute + query components of RFC3986. (<a href="#request-uri" title="Request-URI">Section 5.1.2</a>) 2433 </p> 2434 <p id="rfc.section.C.4.p.6">Clarify exactly when close connection options must be sent. (<a href="#header.connection" id="rfc.xref.header.connection.8" title="Connection">Section 8.1</a>) 2435 </p> 2436 <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a> <a id="terminology" href="#terminology">Terminology</a></h1> 2437 <p id="rfc.section.D.p.1">This specification uses a number of terms to refer to the roles played by participants in, and objects of, the HTTP communication.</p> 2438 <p id="rfc.section.D.p.2"> <span id="rfc.iref.c.3"></span> <dfn>connection</dfn> 2439 </p> 2440 <ul class="empty"> 2441 <li>A transport layer virtual circuit established between two programs for the purpose of communication.</li> 2442 </ul> 2443 <p id="rfc.section.D.p.3"> <span id="rfc.iref.m.4"></span> <dfn>message</dfn> 2444 </p> 2445 <ul class="empty"> 2446 <li>The basic unit of HTTP communication, consisting of a structured sequence of octets matching the syntax defined in <a href="#http.message" title="HTTP Message">Section 4</a> and transmitted via the connection. 2447 </li> 2448 </ul> 2449 <p id="rfc.section.D.p.4"> <span id="rfc.iref.r.1"></span> <dfn>request</dfn> 2450 </p> 2451 <ul class="empty"> 2452 <li>An HTTP request message, as defined in <a href="#request" title="Request">Section 5</a>. 2453 </li> 2454 </ul> 2455 <p id="rfc.section.D.p.5"> <span id="rfc.iref.r.2"></span> <dfn>response</dfn> 2456 </p> 2457 <ul class="empty"> 2458 <li>An HTTP response message, as defined in <a href="#response" title="Response">Section 6</a>. 2459 </li> 2460 </ul> 2461 <p id="rfc.section.D.p.6"> <span id="rfc.iref.r.3"></span> <dfn>resource</dfn> 2462 </p> 2463 <ul class="empty"> 2464 <li>A network data object or service that can be identified by a URI, as defined in <a href="#uri" title="Uniform Resource Identifiers">Section 3.2</a>. Resources may be available in multiple representations (e.g. multiple languages, data formats, size, and resolutions) or 2465 vary in other ways. 2466 </li> 2467 </ul> 2468 <p id="rfc.section.D.p.7"> <span id="rfc.iref.e.1"></span> <dfn>entity</dfn> 2469 </p> 2470 <ul class="empty"> 2471 <li>The information transferred as the payload of a request or response. An entity consists of metainformation in the form of 2472 entity-header fields and content in the form of an entity-body, as described in <a href="p3-payload.html#entity" title="Entity">Section 4</a> of <a href="#Part3" id="rfc.xref.Part3.15"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. 2473 </li> 2474 </ul> 2475 <p id="rfc.section.D.p.8"> <span id="rfc.iref.r.4"></span> <dfn>representation</dfn> 2476 </p> 2477 <ul class="empty"> 2478 <li>An entity included with a response that is subject to content negotiation, as described in <a href="p3-payload.html#content.negotiation" title="Content Negotiation">Section 5</a> of <a href="#Part3" id="rfc.xref.Part3.16"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. There may exist multiple representations associated with a particular response status. 2479 </li> 2480 </ul> 2481 <p id="rfc.section.D.p.9"> <span id="rfc.iref.c.4"></span> <dfn>content negotiation</dfn> 2482 </p> 2483 <ul class="empty"> 2484 <li>The mechanism for selecting the appropriate representation when servicing a request, as described in <a href="p3-payload.html#content.negotiation" title="Content Negotiation">Section 5</a> of <a href="#Part3" id="rfc.xref.Part3.17"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>. The representation of entities in any response can be negotiated (including error responses). 2485 </li> 2486 </ul> 2487 <p id="rfc.section.D.p.10"> <span id="rfc.iref.v.2"></span> <dfn>variant</dfn> 2488 </p> 2489 <ul class="empty"> 2490 <li>A resource may have one, or more than one, representation(s) associated with it at any given instant. Each of these representations 2491 is termed a `variant'. Use of the term `variant' does not necessarily imply that the resource is subject to content negotiation. 2492 </li> 2493 </ul> 2494 <p id="rfc.section.D.p.11"> <span id="rfc.iref.c.5"></span> <dfn>client</dfn> 2495 </p> 2496 <ul class="empty"> 2497 <li>A program that establishes connections for the purpose of sending requests.</li> 2498 </ul> 2499 <p id="rfc.section.D.p.12"> <span id="rfc.iref.u.4"></span> <dfn>user agent</dfn> 2500 </p> 2501 <ul class="empty"> 2502 <li>The client which initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end user 2503 tools. 2504 </li> 2505 </ul> 2506 <p id="rfc.section.D.p.13"> <span id="rfc.iref.s.1"></span> <dfn>server</dfn> 2507 </p> 2508 <ul class="empty"> 2509 <li>An application program that accepts connections in order to service requests by sending back responses. Any given program 2510 may be capable of being both a client and a server; our use of these terms refers only to the role being performed by the 2511 program for a particular connection, rather than to the program's capabilities in general. Likewise, any server may act as 2512 an origin server, proxy, gateway, or tunnel, switching behavior based on the nature of each request. 2513 </li> 2514 </ul> 2515 <p id="rfc.section.D.p.14"> <span id="rfc.iref.o.1"></span> <dfn>origin server</dfn> 2516 </p> 2517 <ul class="empty"> 2518 <li>The server on which a given resource resides or is to be created.</li> 2519 </ul> 2520 <p id="rfc.section.D.p.15"> <span id="rfc.iref.p.1"></span> <dfn>proxy</dfn> 2521 </p> 2522 <ul class="empty"> 2523 <li>An intermediary program which acts as both a server and a client for the purpose of making requests on behalf of other clients. 2524 Requests are serviced internally or by passing them on, with possible translation, to other servers. A proxy <em class="bcp14">MUST</em> implement both the client and server requirements of this specification. A "transparent proxy" is a proxy that does not modify 2525 the request or response beyond what is required for proxy authentication and identification. A "non-transparent proxy" is 2526 a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation 2527</