Ignore:
Timestamp:
14/06/14 11:20:37 (6 years ago)
Author:
julian.reschke@…
Message:

update to latest version of rfc2629.xslt, regen all HTML

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/21/p1-messaging.html

    r1929 r2726  
    22  PUBLIC "-//W3C//DTD HTML 4.01//EN">
    33<html lang="en">
    4    <head profile="http://www.w3.org/2006/03/hcard http://dublincore.org/documents/2008/08/04/dc-html/">
     4   <head profile="http://dublincore.org/documents/2008/08/04/dc-html/">
    55      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    66      <title>Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing</title><script>
    77var buttonsAdded = false;
    88
    9 function init() {
     9function initFeedback() {
    1010  var fb = document.createElement("div");
    1111  fb.className = "feedback noprint";
     
    2222  toggleButtonsToElementsByName("h3");
    2323  toggleButtonsToElementsByName("h4");
    24  
     24
    2525  buttonsAdded = !buttonsAdded;
    2626}
     
    3535function toggleButton(node) {
    3636  if (! buttonsAdded) {
    37  
     37
    3838    // docname
    3939    var template = "mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&body=<{ref}>:";
     
    5858      ref += "#" + id;
    5959    }
    60    
     60
    6161    // docname
    6262    var docname = "draft-ietf-httpbis-p1-messaging-21";
     
    6565    var section = node.textContent;
    6666    section = section.replace("\u00a0", " ");
    67    
     67
    6868    // build URI from template
    6969    var uri = template.replace("{docname}", encodeURIComponent(docname));
    7070    uri = uri.replace("{section}", encodeURIComponent(section));
    7171    uri = uri.replace("{ref}", encodeURIComponent(ref));
    72  
     72
    7373    var button = document.createElement("a");
    7474    button.className = "fbbutton noprint";
     
    106106body {
    107107  color: black;
    108   font-family: verdana, helvetica, arial, sans-serif;
    109   font-size: 10pt;
     108  font-family: cambria, helvetica, arial, sans-serif;
     109  font-size: 11pt;
    110110  margin-right: 2em;
    111111}
     
    132132}
    133133h1 {
    134   font-size: 14pt;
     134  font-size: 130%;
    135135  line-height: 21pt;
    136136  page-break-after: avoid;
     
    139139  page-break-before: always;
    140140}
    141 h1 a {
    142   color: #333333;
    143 }
    144141h2 {
    145   font-size: 12pt;
     142  font-size: 120%;
    146143  line-height: 15pt;
    147144  page-break-after: avoid;
    148145}
    149 h3, h4, h5, h6 {
    150   font-size: 10pt;
     146h3 {
     147  font-size: 110%;
    151148  page-break-after: avoid;
    152149}
    153 h2 a, h3 a, h4 a, h5 a, h6 a {
     150h4, h5, h6 {
     151  page-break-after: avoid;
     152}
     153h1 a, h2 a, h3 a, h4 a, h5 a, h6 a {
    154154  color: black;
    155155}
     
    208208table.tt {
    209209  vertical-align: top;
     210  border-color: gray;
     211}
     212table.tt th {
     213  border-color: gray;
     214}
     215table.tt td {
     216  border-color: gray;
     217}
     218table.all {
     219  border-style: solid;
     220  border-width: 2px;
    210221}
    211222table.full {
    212   border-style: outset;
    213   border-width: 1px;
    214 }
    215 table.headers {
    216   border-style: outset;
    217   border-width: 1px;
     223  border-style: solid;
     224  border-width: 2px;
    218225}
    219226table.tt td {
    220227  vertical-align: top;
    221228}
     229table.all td {
     230  border-style: solid;
     231  border-width: 1px;
     232}
    222233table.full td {
    223   border-style: inset;
     234  border-style: none solid;
    224235  border-width: 1px;
    225236}
     
    227238  vertical-align: top;
    228239}
     240table.all th {
     241  border-style: solid;
     242  border-width: 1px;
     243}
    229244table.full th {
    230   border-style: inset;
    231   border-width: 1px;
     245  border-style: solid;
     246  border-width: 1px 1px 2px 1px;
    232247}
    233248table.headers th {
    234   border-style: none none inset none;
    235   border-width: 1px;
     249  border-style: none none solid none;
     250  border-width: 2px;
    236251}
    237252table.left {
     
    248263  caption-side: bottom;
    249264  font-weight: bold;
    250   font-size: 9pt;
     265  font-size: 10pt;
    251266  margin-top: .5em;
    252267}
     
    255270  border-spacing: 1px;
    256271  width: 95%;
    257   font-size: 10pt;
     272  font-size: 11pt;
    258273  color: white;
    259274}
     
    263278td.topnowrap {
    264279  vertical-align: top;
    265   white-space: nowrap; 
     280  white-space: nowrap;
    266281}
    267282table.header td {
     
    288303  line-height: 150%;
    289304  font-weight: bold;
    290   font-size: 10pt;
    291305  margin-left: 0em;
    292306}
     
    294308  line-height: normal;
    295309  font-weight: normal;
    296   font-size: 9pt;
     310  font-size: 10pt;
    297311  margin-left: 0em;
    298312}
     
    302316ul p {
    303317  margin-left: 0em;
     318}
     319.title, .filename, h1, h2, h3, h4 {
     320  font-family: candara, helvetica, arial, sans-serif;
     321}
     322samp, tt, code, pre {
     323  font: consolas, monospace;
    304324}
    305325ul.ind, ul.ind ul {
     
    341361  font-weight: bold;
    342362  text-align: center;
    343   font-size: 9pt;
     363  font-size: 10pt;
    344364}
    345365.filename {
    346366  color: #333333;
     367  font-size: 75%;
    347368  font-weight: bold;
    348   font-size: 12pt;
    349369  line-height: 21pt;
    350370  text-align: center;
     
    353373  font-weight: bold;
    354374}
    355 .hidden {
    356   display: none;
    357 }
    358375.left {
    359376  text-align: left;
     
    363380}
    364381.title {
    365   color: #990000;
    366   font-size: 18pt;
     382  color: green;
     383  font-size: 150%;
    367384  line-height: 18pt;
    368385  font-weight: bold;
     
    370387  margin-top: 36pt;
    371388}
    372 .vcardline {
    373   display: block;
    374 }
    375389.warning {
    376   font-size: 14pt;
     390  font-size: 130%;
    377391  background-color: yellow;
    378392}
     
    402416    display: none;
    403417  }
    404  
     418
    405419  a {
    406420    color: black;
     
    417431    background-color: white;
    418432    vertical-align: top;
    419     font-size: 12pt;
     433    font-size: 110%;
    420434  }
    421435
     
    423437    content: leader('.') target-counter(attr(href), page);
    424438  }
    425  
     439
    426440  ul.ind li li a {
    427441    content: target-counter(attr(href), page);
    428442  }
    429  
     443
    430444  .print2col {
    431445    column-count: 2;
     
    437451@page {
    438452  @top-left {
    439        content: "Internet-Draft"; 
    440   } 
     453       content: "Internet-Draft";
     454  }
    441455  @top-right {
    442        content: "October 2012"; 
    443   } 
     456       content: "October 2012";
     457  }
    444458  @top-center {
    445        content: "HTTP/1.1 Message Syntax and Routing"; 
    446   } 
     459       content: "HTTP/1.1 Message Syntax and Routing";
     460  }
    447461  @bottom-left {
    448        content: "Fielding & Reschke"; 
    449   } 
     462       content: "Fielding & Reschke";
     463  }
    450464  @bottom-center {
    451        content: "Expires April 7, 2013"; 
    452   } 
     465       content: "Expires April 7, 2013";
     466  }
    453467  @bottom-right {
    454        content: "[Page " counter(page) "]"; 
    455   } 
    456 }
    457 
    458 @page:first { 
     468       content: "[Page " counter(page) "]";
     469  }
     470}
     471
     472@page:first {
    459473    @top-left {
    460474      content: normal;
     
    486500      <link rel="Appendix" title="D Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.D">
    487501      <link href="p2-semantics.html" rel="next">
    488       <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.588, 2012-08-25 12:28:24, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
     502      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.640, 2014/06/13 12:42:58, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
    489503      <link rel="schema.dct" href="http://purl.org/dc/terms/">
    490504      <meta name="dct.creator" content="Fielding, R.">
     
    497511      <meta name="description" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document provides an overview of HTTP architecture and its associated terminology, defines the &#34;http&#34; and &#34;https&#34; Uniform Resource Identifier (URI) schemes, defines the HTTP/1.1 message syntax and parsing requirements, and describes general security concerns for implementations.">
    498512   </head>
    499    <body onload="init();">
     513   <body onload="initFeedback();">
    500514      <table class="header">
    501515         <tbody>
     
    509523            </tr>
    510524            <tr>
    511                <td class="left">Obsoletes: <a href="http://tools.ietf.org/html/rfc2145">2145</a>, <a href="http://tools.ietf.org/html/rfc2616">2616</a> (if approved)
     525               <td class="left">Obsoletes: <a href="https://tools.ietf.org/html/rfc2145">2145</a>, <a href="https://tools.ietf.org/html/rfc2616">2616</a> (if approved)
    512526               </td>
    513527               <td class="right">J. Reschke, Editor</td>
    514528            </tr>
    515529            <tr>
    516                <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2817">2817</a> (if approved)
     530               <td class="left">Updates: <a href="https://tools.ietf.org/html/rfc2817">2817</a> (if approved)
    517531               </td>
    518532               <td class="right">greenbytes</td>
     
    529543      </table>
    530544      <p class="title">Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing<br><span class="filename">draft-ietf-httpbis-p1-messaging-21</span></p>
    531       <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1> 
     545      <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1>
    532546      <p>The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information
    533547         systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document provides an overview
    534548         of HTTP architecture and its associated terminology, defines the "http" and "https" Uniform Resource Identifier (URI) schemes,
    535549         defines the HTTP/1.1 message syntax and parsing requirements, and describes general security concerns for implementations.
    536       </p> 
    537       <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1> 
     550      </p>
     551      <h1 id="rfc.note.1"><a href="#rfc.note.1">Editorial Note (To be removed by RFC Editor)</a></h1>
    538552      <p>Discussion of this draft takes place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org), which is archived at &lt;<a href="http://lists.w3.org/Archives/Public/ietf-http-wg/">http://lists.w3.org/Archives/Public/ietf-http-wg/</a>&gt;.
    539       </p> 
     553      </p>
    540554      <p>The current issues list is at &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/report/3">http://tools.ietf.org/wg/httpbis/trac/report/3</a>&gt; and related documents (including fancy diffs) can be found at &lt;<a href="http://tools.ietf.org/wg/httpbis/">http://tools.ietf.org/wg/httpbis/</a>&gt;.
    541       </p> 
     555      </p>
    542556      <p>The changes in this draft are summarized in <a href="#changes.since.20" title="Since draft-ietf-httpbis-p1-messaging-20">Appendix&nbsp;D.22</a>.
    543       </p>
    544       <h1><a id="rfc.status" href="#rfc.status">Status of This Memo</a></h1>
    545       <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
    546       <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute
    547          working documents as Internet-Drafts. The list of current Internet-Drafts is at <a href="http://datatracker.ietf.org/drafts/current/">http://datatracker.ietf.org/drafts/current/</a>.
    548557      </p>
    549       <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other
    550          documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work
    551          in progress”.
    552       </p>
    553       <p>This Internet-Draft will expire on April 7, 2013.</p>
    554       <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    555       <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
    556       <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights
    557          and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License
    558          text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified
    559          BSD License.
    560       </p>
    561       <p>This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November
    562          10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to
    563          allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s)
    564          controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative
    565          works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate
    566          it into languages other than English.
    567       </p>
     558      <div id="rfc.status">
     559         <h1><a href="#rfc.status">Status of This Memo</a></h1>
     560         <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
     561         <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute
     562            working documents as Internet-Drafts. The list of current Internet-Drafts is at <a href="http://datatracker.ietf.org/drafts/current/">http://datatracker.ietf.org/drafts/current/</a>.
     563         </p>
     564         <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other
     565            documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work
     566            in progress”.
     567         </p>
     568         <p>This Internet-Draft will expire on April 7, 2013.</p>
     569      </div>
     570      <div id="rfc.copyrightnotice">
     571         <h1><a href="#rfc.copyrightnotice">Copyright Notice</a></h1>
     572         <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     573         <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights
     574            and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License
     575            text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified
     576            BSD License.
     577         </p>
     578         <p>This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November
     579            10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to
     580            allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s)
     581            controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative
     582            works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate
     583            it into languages other than English.
     584         </p>
     585      </div>
    568586      <hr class="noprint">
    569587      <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
     
    643661               <li><a href="#rfc.section.6.2">6.2</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.connections">Persistent Connections</a><ul>
    644662                     <li><a href="#rfc.section.6.2.1">6.2.1</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.establishment">Establishment</a></li>
    645                      <li><a href="#rfc.section.6.2.2">6.2.2</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.reuse">Reuse</a><ul>
    646                            <li><a href="#rfc.section.6.2.2.1">6.2.2.1</a>&nbsp;&nbsp;&nbsp;<a href="#pipelining">Pipelining</a></li>
    647                            <li><a href="#rfc.section.6.2.2.2">6.2.2.2</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.retrying.requests">Retrying Requests</a></li>
    648                         </ul>
    649                      </li>
     663                     <li><a href="#rfc.section.6.2.2">6.2.2</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.reuse">Reuse</a></li>
    650664                     <li><a href="#rfc.section.6.2.3">6.2.3</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.concurrency">Concurrency</a></li>
    651665                     <li><a href="#rfc.section.6.2.4">6.2.4</a>&nbsp;&nbsp;&nbsp;<a href="#persistent.failures">Failures and Time-outs</a></li>
     
    685699            </ul>
    686700         </li>
    687          <li><a href="#rfc.authors">Authors' Addresses</a></li>
    688701         <li><a href="#rfc.section.A">A.</a>&nbsp;&nbsp;&nbsp;<a href="#compatibility">HTTP Version History</a><ul>
    689702               <li><a href="#rfc.section.A.1">A.1</a>&nbsp;&nbsp;&nbsp;<a href="#changes.from.1.0">Changes from HTTP/1.0</a><ul>
     
    724737         </li>
    725738         <li><a href="#rfc.index">Index</a></li>
     739         <li><a href="#rfc.authors">Authors' Addresses</a></li>
    726740      </ul>
    727       <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a>&nbsp;<a id="introduction" href="#introduction">Introduction</a></h1>
    728       <p id="rfc.section.1.p.1">The Hypertext Transfer Protocol (HTTP) is an application-level request/response protocol that uses extensible semantics and
    729          MIME-like message payloads for flexible interaction with network-based hypertext information systems. This document is the
    730          first in a series of documents that collectively form the HTTP/1.1 specification:
    731       </p>
    732       <ul class="empty">
    733          <li>RFC xxx1: Message Syntax and Routing</li>
    734          <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content" id="rfc.xref.Part2.1">RFC xxx2</cite>: Semantics and Content
    735          </li>
    736          <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests" id="rfc.xref.Part4.1">RFC xxx3</cite>: Conditional Requests
    737          </li>
    738          <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests" id="rfc.xref.Part5.1">RFC xxx4</cite>: Range Requests
    739          </li>
    740          <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching" id="rfc.xref.Part6.1">RFC xxx5</cite>: Caching
    741          </li>
    742          <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication" id="rfc.xref.Part7.1">RFC xxx6</cite>: Authentication
    743          </li>
    744       </ul>
    745       <p id="rfc.section.1.p.2">This HTTP/1.1 specification obsoletes and moves to historic status <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2616.1">RFC 2616</cite>, its predecessor <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2068.1">RFC 2068</cite>, <cite title="Use and Interpretation of HTTP Version Numbers" id="rfc.xref.RFC2145.1">RFC 2145</cite> (on HTTP versioning), and <cite title="Upgrading to TLS Within HTTP/1.1" id="rfc.xref.RFC2817.1">RFC 2817</cite> (on using CONNECT for TLS upgrades).
    746       </p>
    747       <p id="rfc.section.1.p.3">HTTP is a generic interface protocol for information systems. It is designed to hide the details of how a service is implemented
    748          by presenting a uniform interface to clients that is independent of the types of resources provided. Likewise, servers do
    749          not need to be aware of each client's purpose: an HTTP request can be considered in isolation rather than being associated
    750          with a specific type of client or a predetermined sequence of application steps. The result is a protocol that can be used
    751          effectively in many different contexts and for which implementations can evolve independently over time.
    752       </p>
    753       <p id="rfc.section.1.p.4">HTTP is also designed for use as an intermediation protocol for translating communication to and from non-HTTP information
    754          systems. HTTP proxies and gateways can provide access to alternative information services by translating their diverse protocols
    755          into a hypertext format that can be viewed and manipulated by clients in the same way as HTTP services.
    756       </p>
    757       <p id="rfc.section.1.p.5">One consequence of HTTP flexibility is that the protocol cannot be defined in terms of what occurs behind the interface. Instead,
    758          we are limited to defining the syntax of communication, the intent of received communication, and the expected behavior of
    759          recipients. If the communication is considered in isolation, then successful actions ought to be reflected in corresponding
    760          changes to the observable interface provided by servers. However, since multiple clients might act in parallel and perhaps
    761          at cross-purposes, we cannot require that such changes be observable beyond the scope of a single response.
    762       </p>
    763       <p id="rfc.section.1.p.6">This document describes the architectural elements that are used or referred to in HTTP, defines the "http" and "https" URI
    764          schemes, describes overall network operation and connection management, and defines HTTP message framing and forwarding requirements.
    765          Our goal is to define all of the mechanisms necessary for HTTP message handling that are independent of message semantics,
    766          thereby defining the complete set of requirements for message parsers and message-forwarding intermediaries.
    767       </p>
    768       <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a id="intro.requirements" href="#intro.requirements">Requirement Notation</a></h2>
    769       <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
    770          in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
    771       </p>
    772       <p id="rfc.section.1.1.p.2">Conformance criteria and considerations regarding error handling are defined in <a href="#conformance" title="Conformance and Error Handling">Section&nbsp;2.5</a>.
    773       </p>
    774       <div id="rfc.iref.g.1"></div>
    775       <div id="rfc.iref.g.2"></div>
    776       <div id="rfc.iref.g.3"></div>
    777       <div id="rfc.iref.g.4"></div>
    778       <div id="rfc.iref.g.5"></div>
    779       <div id="rfc.iref.g.6"></div>
    780       <div id="rfc.iref.g.7"></div>
    781       <div id="rfc.iref.g.8"></div>
    782       <div id="rfc.iref.g.9"></div>
    783       <div id="rfc.iref.g.10"></div>
    784       <div id="rfc.iref.g.11"></div>
    785       <div id="rfc.iref.g.12"></div>
    786       <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a id="notation" href="#notation">Syntax Notation</a></h2>
    787       <p id="rfc.section.1.2.p.1">This specification uses the Augmented Backus-Naur Form (ABNF) notation of <a href="#RFC5234" id="rfc.xref.RFC5234.1"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a> with the list rule extension defined in <a href="#abnf.extension" title="ABNF list extension: #rule">Appendix&nbsp;B</a>. <a href="#collected.abnf" title="Collected ABNF">Appendix&nbsp;C</a> shows the collected ABNF with the list rule expanded.
    788       </p>
    789       <div id="core.rules">
    790          <p id="rfc.section.1.2.p.2">                        The following core rules are included by reference, as defined in <a href="#RFC5234" id="rfc.xref.RFC5234.2"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>, <a href="http://tools.ietf.org/html/rfc5234#appendix-B.1">Appendix B.1</a>: ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), HEXDIG
    791             (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR
    792             (any visible <a href="#USASCII" id="rfc.xref.USASCII.1"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a> character).
     741      <div id="introduction">
     742         <h1 id="rfc.section.1" class="np"><a href="#rfc.section.1">1.</a>&nbsp;<a href="#introduction">Introduction</a></h1>
     743         <p id="rfc.section.1.p.1">The Hypertext Transfer Protocol (HTTP) is an application-level request/response protocol that uses extensible semantics and
     744            MIME-like message payloads for flexible interaction with network-based hypertext information systems. This document is the
     745            first in a series of documents that collectively form the HTTP/1.1 specification:
    793746         </p>
     747         <ul class="empty">
     748            <li>RFC xxx1: Message Syntax and Routing</li>
     749            <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content" id="rfc.xref.Part2.1">RFC xxx2</cite>: Semantics and Content
     750            </li>
     751            <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests" id="rfc.xref.Part4.1">RFC xxx3</cite>: Conditional Requests
     752            </li>
     753            <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests" id="rfc.xref.Part5.1">RFC xxx4</cite>: Range Requests
     754            </li>
     755            <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching" id="rfc.xref.Part6.1">RFC xxx5</cite>: Caching
     756            </li>
     757            <li><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication" id="rfc.xref.Part7.1">RFC xxx6</cite>: Authentication
     758            </li>
     759         </ul>
     760         <p id="rfc.section.1.p.2">This HTTP/1.1 specification obsoletes and moves to historic status <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2616.1">RFC 2616</cite>, its predecessor <cite title="Hypertext Transfer Protocol -- HTTP/1.1" id="rfc.xref.RFC2068.1">RFC 2068</cite>, <cite title="Use and Interpretation of HTTP Version Numbers" id="rfc.xref.RFC2145.1">RFC 2145</cite> (on HTTP versioning), and <cite title="Upgrading to TLS Within HTTP/1.1" id="rfc.xref.RFC2817.1">RFC 2817</cite> (on using CONNECT for TLS upgrades).
     761         </p>
     762         <p id="rfc.section.1.p.3">HTTP is a generic interface protocol for information systems. It is designed to hide the details of how a service is implemented
     763            by presenting a uniform interface to clients that is independent of the types of resources provided. Likewise, servers do
     764            not need to be aware of each client's purpose: an HTTP request can be considered in isolation rather than being associated
     765            with a specific type of client or a predetermined sequence of application steps. The result is a protocol that can be used
     766            effectively in many different contexts and for which implementations can evolve independently over time.
     767         </p>
     768         <p id="rfc.section.1.p.4">HTTP is also designed for use as an intermediation protocol for translating communication to and from non-HTTP information
     769            systems. HTTP proxies and gateways can provide access to alternative information services by translating their diverse protocols
     770            into a hypertext format that can be viewed and manipulated by clients in the same way as HTTP services.
     771         </p>
     772         <p id="rfc.section.1.p.5">One consequence of HTTP flexibility is that the protocol cannot be defined in terms of what occurs behind the interface. Instead,
     773            we are limited to defining the syntax of communication, the intent of received communication, and the expected behavior of
     774            recipients. If the communication is considered in isolation, then successful actions ought to be reflected in corresponding
     775            changes to the observable interface provided by servers. However, since multiple clients might act in parallel and perhaps
     776            at cross-purposes, we cannot require that such changes be observable beyond the scope of a single response.
     777         </p>
     778         <p id="rfc.section.1.p.6">This document describes the architectural elements that are used or referred to in HTTP, defines the "http" and "https" URI
     779            schemes, describes overall network operation and connection management, and defines HTTP message framing and forwarding requirements.
     780            Our goal is to define all of the mechanisms necessary for HTTP message handling that are independent of message semantics,
     781            thereby defining the complete set of requirements for message parsers and message-forwarding intermediaries.
     782         </p>
     783         <div id="intro.requirements">
     784            <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a href="#intro.requirements">Requirement Notation</a></h2>
     785            <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
     786               in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
     787            </p>
     788            <p id="rfc.section.1.1.p.2">Conformance criteria and considerations regarding error handling are defined in <a href="#conformance" title="Conformance and Error Handling">Section&nbsp;2.5</a>.
     789            </p>
     790         </div>
     791         <div id="notation">
     792            <div id="rfc.iref.g.1"></div>
     793            <div id="rfc.iref.g.2"></div>
     794            <div id="rfc.iref.g.3"></div>
     795            <div id="rfc.iref.g.4"></div>
     796            <div id="rfc.iref.g.5"></div>
     797            <div id="rfc.iref.g.6"></div>
     798            <div id="rfc.iref.g.7"></div>
     799            <div id="rfc.iref.g.8"></div>
     800            <div id="rfc.iref.g.9"></div>
     801            <div id="rfc.iref.g.10"></div>
     802            <div id="rfc.iref.g.11"></div>
     803            <div id="rfc.iref.g.12"></div>
     804            <h2 id="rfc.section.1.2"><a href="#rfc.section.1.2">1.2</a>&nbsp;<a href="#notation">Syntax Notation</a></h2>
     805            <p id="rfc.section.1.2.p.1">This specification uses the Augmented Backus-Naur Form (ABNF) notation of <a href="#RFC5234" id="rfc.xref.RFC5234.1"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a> with the list rule extension defined in <a href="#abnf.extension" title="ABNF list extension: #rule">Appendix&nbsp;B</a>. <a href="#collected.abnf" title="Collected ABNF">Appendix&nbsp;C</a> shows the collected ABNF with the list rule expanded.
     806            </p>
     807            <div id="core.rules">
     808               <p id="rfc.section.1.2.p.2">            The following core rules are included by reference, as defined in <a href="#RFC5234" id="rfc.xref.RFC5234.2"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>, <a href="https://tools.ietf.org/html/rfc5234#appendix-B.1">Appendix B.1</a>: ALPHA (letters), CR (carriage return), CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), HEXDIG
     809                  (hexadecimal 0-9/A-F/a-f), HTAB (horizontal tab), LF (line feed), OCTET (any 8-bit sequence of data), SP (space), and VCHAR
     810                  (any visible <a href="#USASCII" id="rfc.xref.USASCII.1"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a> character).
     811               </p>
     812            </div>
     813            <p id="rfc.section.1.2.p.3">As a convention, ABNF rule names prefixed with "obs-" denote "obsolete" grammar rules that appear for historical reasons.</p>
     814         </div>
    794815      </div>
    795       <p id="rfc.section.1.2.p.3">As a convention, ABNF rule names prefixed with "obs-" denote "obsolete" grammar rules that appear for historical reasons.</p>
    796       <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="architecture" href="#architecture">Architecture</a></h1>
    797       <p id="rfc.section.2.p.1">HTTP was created for the World Wide Web architecture and has evolved over time to support the scalability needs of a worldwide
    798          hypertext system. Much of that architecture is reflected in the terminology and syntax productions used to define HTTP.
    799       </p>
    800       <div id="rfc.iref.c.1"></div>
    801       <div id="rfc.iref.s.1"></div>
    802       <div id="rfc.iref.c.2"></div>
    803       <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="operation" href="#operation">Client/Server Messaging</a></h2>
    804       <p id="rfc.section.2.1.p.1">HTTP is a stateless request/response protocol that operates by exchanging <dfn>messages</dfn> (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) across a reliable transport or session-layer "<dfn>connection</dfn>" (<a href="#connection.management" title="Connection Management">Section&nbsp;6</a>). An HTTP "<dfn>client</dfn>" is a program that establishes a connection to a server for the purpose of sending one or more HTTP requests. An HTTP "<dfn>server</dfn>" is a program that accepts connections in order to service HTTP requests by sending HTTP responses.
    805       </p>
    806       <div id="rfc.iref.u.1"></div>
    807       <div id="rfc.iref.o.1"></div>
    808       <div id="rfc.iref.b.1"></div>
    809       <div id="rfc.iref.s.2"></div>
    810       <div id="rfc.iref.s.3"></div>
    811       <div id="rfc.iref.r.1"></div>
    812       <p id="rfc.section.2.1.p.2">The terms client and server refer only to the roles that these programs perform for a particular connection. The same program
    813          might act as a client on some connections and a server on others. We use the term "<dfn>user agent</dfn>" to refer to the program that initiates a request, such as a WWW browser, editor, or spider (web-traversing robot), and the
    814          term "<dfn>origin server</dfn>" to refer to the program that can originate authoritative responses to a request. For general requirements, we use the term
    815          "<dfn>sender</dfn>" to refer to whichever component sent a given message and the term "<dfn>recipient</dfn>" to refer to any component that receives the message.
    816       </p>
    817       <p id="rfc.section.2.1.p.3">HTTP relies upon the Uniform Resource Identifier (URI) standard <a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> to indicate the target resource (<a href="#target-resource" title="Identifying a Target Resource">Section&nbsp;5.1</a>) and relationships between resources. Messages are passed in a format similar to that used by Internet mail <a href="#RFC5322" id="rfc.xref.RFC5322.1"><cite title="Internet Message Format">[RFC5322]</cite></a> and the Multipurpose Internet Mail Extensions (MIME) <a href="#RFC2045" id="rfc.xref.RFC2045.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a> (see <a href="p2-semantics.html#differences.between.http.and.mime" title="Differences between HTTP and MIME">Appendix A</a> of <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> for the differences between HTTP and MIME messages).
    818       </p>
    819       <p id="rfc.section.2.1.p.4">Most HTTP communication consists of a retrieval request (GET) for a representation of some resource identified by a URI. In
    820          the simplest case, this might be accomplished via a single bidirectional connection (===) between the user agent (UA) and
    821          the origin server (O).
    822       </p>
    823       <div id="rfc.figure.u.1"></div><pre class="drawing">         request   &gt;
     816      <div id="architecture">
     817         <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a href="#architecture">Architecture</a></h1>
     818         <p id="rfc.section.2.p.1">HTTP was created for the World Wide Web architecture and has evolved over time to support the scalability needs of a worldwide
     819            hypertext system. Much of that architecture is reflected in the terminology and syntax productions used to define HTTP.
     820         </p>
     821         <div id="operation">
     822            <div id="rfc.iref.c.1"></div>
     823            <div id="rfc.iref.s.1"></div>
     824            <div id="rfc.iref.c.2"></div>
     825            <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a href="#operation">Client/Server Messaging</a></h2>
     826            <p id="rfc.section.2.1.p.1">HTTP is a stateless request/response protocol that operates by exchanging <dfn>messages</dfn> (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) across a reliable transport or session-layer "<dfn>connection</dfn>" (<a href="#connection.management" title="Connection Management">Section&nbsp;6</a>). An HTTP "<dfn>client</dfn>" is a program that establishes a connection to a server for the purpose of sending one or more HTTP requests. An HTTP "<dfn>server</dfn>" is a program that accepts connections in order to service HTTP requests by sending HTTP responses.
     827            </p>
     828            <div id="rfc.iref.u.1"></div>
     829            <div id="rfc.iref.o.1"></div>
     830            <div id="rfc.iref.b.1"></div>
     831            <div id="rfc.iref.s.2"></div>
     832            <div id="rfc.iref.s.3"></div>
     833            <div id="rfc.iref.r.1"></div>
     834            <p id="rfc.section.2.1.p.2">The terms client and server refer only to the roles that these programs perform for a particular connection. The same program
     835               might act as a client on some connections and a server on others. We use the term "<dfn>user agent</dfn>" to refer to the program that initiates a request, such as a WWW browser, editor, or spider (web-traversing robot), and the
     836               term "<dfn>origin server</dfn>" to refer to the program that can originate authoritative responses to a request. For general requirements, we use the term
     837               "<dfn>sender</dfn>" to refer to whichever component sent a given message and the term "<dfn>recipient</dfn>" to refer to any component that receives the message.
     838            </p>
     839            <p id="rfc.section.2.1.p.3">HTTP relies upon the Uniform Resource Identifier (URI) standard <a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> to indicate the target resource (<a href="#target-resource" title="Identifying a Target Resource">Section&nbsp;5.1</a>) and relationships between resources. Messages are passed in a format similar to that used by Internet mail <a href="#RFC5322" id="rfc.xref.RFC5322.1"><cite title="Internet Message Format">[RFC5322]</cite></a> and the Multipurpose Internet Mail Extensions (MIME) <a href="#RFC2045" id="rfc.xref.RFC2045.1"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a> (see <a href="p2-semantics.html#differences.between.http.and.mime" title="Differences between HTTP and MIME">Appendix A</a> of <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> for the differences between HTTP and MIME messages).
     840            </p>
     841            <p id="rfc.section.2.1.p.4">Most HTTP communication consists of a retrieval request (GET) for a representation of some resource identified by a URI. In
     842               the simplest case, this might be accomplished via a single bidirectional connection (===) between the user agent (UA) and
     843               the origin server (O).
     844            </p>
     845            <div id="rfc.figure.u.1"></div><pre class="drawing">         request   &gt;
    824846    <b>UA</b> ======================================= <b>O</b>
    825847                                &lt;   response
    826848</pre><div id="rfc.iref.m.1"></div>
    827       <div id="rfc.iref.r.2"></div>
    828       <div id="rfc.iref.r.3"></div>
    829       <p id="rfc.section.2.1.p.6">A client sends an HTTP request to a server in the form of a <dfn>request</dfn> message, beginning with a request-line that includes a method, URI, and protocol version (<a href="#request.line" title="Request Line">Section&nbsp;3.1.1</a>), followed by header fields containing request modifiers, client information, and representation metadata (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>), an empty line to indicate the end of the header section, and finally a message body containing the payload body (if any, <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>).
    830       </p>
    831       <p id="rfc.section.2.1.p.7">A server responds to a client's request by sending one or more HTTP <dfn>response</dfn> messages, each beginning with a status line that includes the protocol version, a success or error code, and textual reason
    832          phrase (<a href="#status.line" title="Status Line">Section&nbsp;3.1.2</a>), possibly followed by header fields containing server information, resource metadata, and representation metadata (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>), an empty line to indicate the end of the header section, and finally a message body containing the payload body (if any, <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>).
    833       </p>
    834       <p id="rfc.section.2.1.p.8">A connection might be used for multiple request/response exchanges, as defined in <a href="#persistent.connections" title="Persistent Connections">Section&nbsp;6.2</a>.
    835       </p>
    836       <p id="rfc.section.2.1.p.9">The following example illustrates a typical message exchange for a GET request on the URI "http://www.example.com/hello.txt":</p>
    837       <div id="rfc.figure.u.2"></div>
    838       <p>client request:</p><pre class="text2">GET /hello.txt HTTP/1.1
     849            <div id="rfc.iref.r.2"></div>
     850            <div id="rfc.iref.r.3"></div>
     851            <p id="rfc.section.2.1.p.6">A client sends an HTTP request to a server in the form of a <dfn>request</dfn> message, beginning with a request-line that includes a method, URI, and protocol version (<a href="#request.line" title="Request Line">Section&nbsp;3.1.1</a>), followed by header fields containing request modifiers, client information, and representation metadata (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>), an empty line to indicate the end of the header section, and finally a message body containing the payload body (if any, <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>).
     852            </p>
     853            <p id="rfc.section.2.1.p.7">A server responds to a client's request by sending one or more HTTP <dfn>response</dfn> messages, each beginning with a status line that includes the protocol version, a success or error code, and textual reason
     854               phrase (<a href="#status.line" title="Status Line">Section&nbsp;3.1.2</a>), possibly followed by header fields containing server information, resource metadata, and representation metadata (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>), an empty line to indicate the end of the header section, and finally a message body containing the payload body (if any, <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>).
     855            </p>
     856            <p id="rfc.section.2.1.p.8">A connection might be used for multiple request/response exchanges, as defined in <a href="#persistent.connections" title="Persistent Connections">Section&nbsp;6.2</a>.
     857            </p>
     858            <p id="rfc.section.2.1.p.9">The following example illustrates a typical message exchange for a GET request on the URI "http://www.example.com/hello.txt":</p>
     859            <div id="rfc.figure.u.2"></div>
     860            <p>client request:</p><pre class="text2">GET /hello.txt HTTP/1.1
    839861User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
    840862Host: www.example.com
     
    842864
    843865</pre><div id="rfc.figure.u.3"></div>
    844       <p>server response:</p><pre class="text">HTTP/1.1 200 OK
     866            <p>server response:</p><pre class="text">HTTP/1.1 200 OK
    845867Date: Mon, 27 Jul 2009 12:28:53 GMT
    846868Server: Apache
     
    853875
    854876<span id="exbody">Hello World!
    855 </span></pre><h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a id="implementation-diversity" href="#implementation-diversity">Implementation Diversity</a></h2>
    856       <p id="rfc.section.2.2.p.1">When considering the design of HTTP, it is easy to fall into a trap of thinking that all user agents are general-purpose browsers
    857          and all origin servers are large public websites. That is not the case in practice. Common HTTP user agents include household
    858          appliances, stereos, scales, firmware update scripts, command-line programs, mobile apps, and communication devices in a multitude
    859          of shapes and sizes. Likewise, common HTTP origin servers include home automation units, configurable networking components,
    860          office machines, autonomous robots, news feeds, traffic cameras, ad selectors, and video delivery platforms.
    861       </p>
    862       <p id="rfc.section.2.2.p.2">The term "user agent" does not imply that there is a human user directly interacting with the software agent at the time of
    863          a request. In many cases, a user agent is installed or configured to run in the background and save its results for later
    864          inspection (or save only a subset of those results that might be interesting or erroneous). Spiders, for example, are typically
    865          given a start URI and configured to follow certain behavior while crawling the Web as a hypertext graph.
    866       </p>
    867       <p id="rfc.section.2.2.p.3">The implementation diversity of HTTP means that we cannot assume the user agent can make interactive suggestions to a user
    868          or provide adequate warning for security or privacy options. In the few cases where this specification requires reporting
    869          of errors to the user, it is acceptable for such reporting to only be observable in an error console or log file. Likewise,
    870          requirements that an automated action be confirmed by the user before proceeding can me met via advance configuration choices,
    871          run-time options, or simply not proceeding with the unsafe action.
    872       </p>
    873       <div id="rfc.iref.i.1"></div>
    874       <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="intermediaries" href="#intermediaries">Intermediaries</a></h2>
    875       <p id="rfc.section.2.3.p.1">HTTP enables the use of intermediaries to satisfy requests through a chain of connections. There are three common forms of
    876          HTTP <dfn>intermediary</dfn>: proxy, gateway, and tunnel. In some cases, a single intermediary might act as an origin server, proxy, gateway, or tunnel,
    877          switching behavior based on the nature of each request.
    878       </p>
    879       <div id="rfc.figure.u.4"></div><pre class="drawing">         &gt;             &gt;             &gt;             &gt;
     877</span></pre></div>
     878         <div id="implementation-diversity">
     879            <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a href="#implementation-diversity">Implementation Diversity</a></h2>
     880            <p id="rfc.section.2.2.p.1">When considering the design of HTTP, it is easy to fall into a trap of thinking that all user agents are general-purpose browsers
     881               and all origin servers are large public websites. That is not the case in practice. Common HTTP user agents include household
     882               appliances, stereos, scales, firmware update scripts, command-line programs, mobile apps, and communication devices in a multitude
     883               of shapes and sizes. Likewise, common HTTP origin servers include home automation units, configurable networking components,
     884               office machines, autonomous robots, news feeds, traffic cameras, ad selectors, and video delivery platforms.
     885            </p>
     886            <p id="rfc.section.2.2.p.2">The term "user agent" does not imply that there is a human user directly interacting with the software agent at the time of
     887               a request. In many cases, a user agent is installed or configured to run in the background and save its results for later
     888               inspection (or save only a subset of those results that might be interesting or erroneous). Spiders, for example, are typically
     889               given a start URI and configured to follow certain behavior while crawling the Web as a hypertext graph.
     890            </p>
     891            <p id="rfc.section.2.2.p.3">The implementation diversity of HTTP means that we cannot assume the user agent can make interactive suggestions to a user
     892               or provide adequate warning for security or privacy options. In the few cases where this specification requires reporting
     893               of errors to the user, it is acceptable for such reporting to only be observable in an error console or log file. Likewise,
     894               requirements that an automated action be confirmed by the user before proceeding can me met via advance configuration choices,
     895               run-time options, or simply not proceeding with the unsafe action.
     896            </p>
     897         </div>
     898         <div id="intermediaries">
     899            <div id="rfc.iref.i.1"></div>
     900            <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a href="#intermediaries">Intermediaries</a></h2>
     901            <p id="rfc.section.2.3.p.1">HTTP enables the use of intermediaries to satisfy requests through a chain of connections. There are three common forms of
     902               HTTP <dfn>intermediary</dfn>: proxy, gateway, and tunnel. In some cases, a single intermediary might act as an origin server, proxy, gateway, or tunnel,
     903               switching behavior based on the nature of each request.
     904            </p>
     905            <div id="rfc.figure.u.4"></div><pre class="drawing">         &gt;             &gt;             &gt;             &gt;
    880906    <b>UA</b> =========== <b>A</b> =========== <b>B</b> =========== <b>C</b> =========== <b>O</b>
    881907               &lt;             &lt;             &lt;             &lt;
    882908</pre><p id="rfc.section.2.3.p.3">The figure above shows three intermediaries (A, B, and C) between the user agent and origin server. A request or response
    883          message that travels the whole chain will pass through four separate connections. Some HTTP communication options might apply
    884          only to the connection with the nearest, non-tunnel neighbor, only to the end-points of the chain, or to all connections along
    885          the chain. Although the diagram is linear, each participant might be engaged in multiple, simultaneous communications. For
    886          example, B might be receiving requests from many clients other than A, and/or forwarding requests to servers other than C,
    887          at the same time that it is handling A's request.
    888       </p>
    889       <p id="rfc.section.2.3.p.4"> <span id="rfc.iref.u.2"></span><span id="rfc.iref.d.1"></span>  <span id="rfc.iref.i.2"></span><span id="rfc.iref.o.2"></span> We use the terms "<dfn>upstream</dfn>" and "<dfn>downstream</dfn>" to describe various requirements in relation to the directional flow of a message: all messages flow from upstream to downstream.
    890          Likewise, we use the terms inbound and outbound to refer to directions in relation to the request path: "<dfn>inbound</dfn>" means toward the origin server and "<dfn>outbound</dfn>" means toward the user agent.
    891       </p>
    892       <p id="rfc.section.2.3.p.5"><span id="rfc.iref.p.1"></span> A "<dfn>proxy</dfn>" is a message forwarding agent that is selected by the client, usually via local configuration rules, to receive requests
    893          for some type(s) of absolute URI and attempt to satisfy those requests via translation through the HTTP interface. Some translations
    894          are minimal, such as for proxy requests for "http" URIs, whereas other requests might require translation to and from entirely
    895          different application-level protocols. Proxies are often used to group an organization's HTTP requests through a common intermediary
    896          for the sake of security, annotation services, or shared caching.
    897       </p>
    898       <p id="rfc.section.2.3.p.6"> <span id="rfc.iref.t.1"></span>  <span id="rfc.iref.n.1"></span> An HTTP-to-HTTP proxy is called a "<dfn>transforming proxy</dfn>" if it is designed or configured to modify request or response messages in a semantically meaningful way (i.e., modifications,
    899          beyond those required by normal HTTP processing, that change the message in a way that would be significant to the original
    900          sender or potentially significant to downstream recipients). For example, a transforming proxy might be acting as a shared
    901          annotation server (modifying responses to include references to a local annotation database), a malware filter, a format transcoder,
    902          or an intranet-to-Internet privacy filter. Such transformations are presumed to be desired by the client (or client organization)
    903          that selected the proxy and are beyond the scope of this specification. However, when a proxy is not intended to transform
    904          a given message, we use the term "<dfn>non-transforming proxy</dfn>" to target requirements that preserve HTTP message semantics. See <a href="p2-semantics.html#status.203" title="203 Non-Authoritative Information">Section 7.3.4</a> of <a href="#Part2" id="rfc.xref.Part2.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> and <a href="p6-cache.html#header.warning" title="Warning">Section 7.5</a> of <a href="#Part6" id="rfc.xref.Part6.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a> for status and warning codes related to transformations.
    905       </p>
    906       <p id="rfc.section.2.3.p.7"><span id="rfc.iref.g.13"></span><span id="rfc.iref.r.4"></span>  <span id="rfc.iref.a.1"></span> A "<dfn>gateway</dfn>" (a.k.a., "<dfn>reverse proxy</dfn>") is a receiving agent that acts as a layer above some other server(s) and translates the received requests to the underlying
    907          server's protocol. Gateways are often used to encapsulate legacy or untrusted information services, to improve server performance
    908          through "<dfn>accelerator</dfn>" caching, and to enable partitioning or load-balancing of HTTP services across multiple machines.
    909       </p>
    910       <p id="rfc.section.2.3.p.8">A gateway behaves as an origin server on its outbound connection and as a user agent on its inbound connection. All HTTP requirements
    911          applicable to an origin server also apply to the outbound communication of a gateway. A gateway communicates with inbound
    912          servers using any protocol that it desires, including private extensions to HTTP that are outside the scope of this specification.
    913          However, an HTTP-to-HTTP gateway that wishes to interoperate with third-party HTTP servers <em class="bcp14">MUST</em> conform to HTTP user agent requirements on the gateway's inbound connection and <em class="bcp14">MUST</em> implement the <a href="#header.connection" class="smpl">Connection</a> (<a href="#header.connection" id="rfc.xref.header.connection.1" title="Connection">Section&nbsp;6.1</a>) and <a href="#header.via" class="smpl">Via</a> (<a href="#header.via" id="rfc.xref.header.via.1" title="Via">Section&nbsp;5.7</a>) header fields for both connections.
    914       </p>
    915       <p id="rfc.section.2.3.p.9"><span id="rfc.iref.t.2"></span> A "<dfn>tunnel</dfn>" acts as a blind relay between two connections without changing the messages. Once active, a tunnel is not considered a party
    916          to the HTTP communication, though the tunnel might have been initiated by an HTTP request. A tunnel ceases to exist when both
    917          ends of the relayed connection are closed. Tunnels are used to extend a virtual connection through an intermediary, such as
    918          when Transport Layer Security (TLS, <a href="#RFC5246" id="rfc.xref.RFC5246.1"><cite title="The Transport Layer Security (TLS) Protocol Version 1.2">[RFC5246]</cite></a>) is used to establish confidential communication through a shared firewall proxy.
    919       </p>
    920       <p id="rfc.section.2.3.p.10"><span id="rfc.iref.i.3"></span>  <span id="rfc.iref.t.3"></span>  <span id="rfc.iref.c.3"></span> The above categories for intermediary only consider those acting as participants in the HTTP communication. There are also
    921          intermediaries that can act on lower layers of the network protocol stack, filtering or redirecting HTTP traffic without the
    922          knowledge or permission of message senders. Network intermediaries often introduce security flaws or interoperability problems
    923          by violating HTTP semantics. For example, an "<dfn>interception proxy</dfn>" <a href="#RFC3040" id="rfc.xref.RFC3040.1"><cite title="Internet Web Replication and Caching Taxonomy">[RFC3040]</cite></a> (also commonly known as a "<dfn>transparent proxy</dfn>" <a href="#RFC1919" id="rfc.xref.RFC1919.1"><cite title="Classical versus Transparent IP Proxies">[RFC1919]</cite></a> or "<dfn>captive portal</dfn>") differs from an HTTP proxy because it is not selected by the client. Instead, an interception proxy filters or redirects
    924          outgoing TCP port 80 packets (and occasionally other common port traffic). Interception proxies are commonly found on public
    925          network access points, as a means of enforcing account subscription prior to allowing use of non-local Internet services,
    926          and within corporate firewalls to enforce network usage policies. They are indistinguishable from a man-in-the-middle attack.
    927       </p>
    928       <p id="rfc.section.2.3.p.11">HTTP is defined as a stateless protocol, meaning that each request message can be understood in isolation. Many implementations
    929          depend on HTTP's stateless design in order to reuse proxied connections or dynamically load balance requests across multiple
    930          servers. Hence, servers <em class="bcp14">MUST NOT</em> assume that two requests on the same connection are from the same user agent unless the connection is secured and specific
    931          to that agent. Some non-standard HTTP extensions (e.g., <a href="#RFC4559" id="rfc.xref.RFC4559.1"><cite title="SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows">[RFC4559]</cite></a>) have been known to violate this requirement, resulting in security and interoperability problems.
    932       </p>
    933       <div id="rfc.iref.c.4"></div>
    934       <h2 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4</a>&nbsp;<a id="caches" href="#caches">Caches</a></h2>
    935       <p id="rfc.section.2.4.p.1">A "<dfn>cache</dfn>" is a local store of previous response messages and the subsystem that controls its message storage, retrieval, and deletion.
    936          A cache stores cacheable responses in order to reduce the response time and network bandwidth consumption on future, equivalent
    937          requests. Any client or server <em class="bcp14">MAY</em> employ a cache, though a cache cannot be used by a server while it is acting as a tunnel.
    938       </p>
    939       <p id="rfc.section.2.4.p.2">The effect of a cache is that the request/response chain is shortened if one of the participants along the chain has a cached
    940          response applicable to that request. The following illustrates the resulting chain if B has a cached copy of an earlier response
    941          from O (via C) for a request which has not been cached by UA or A.
    942       </p>
    943       <div id="rfc.figure.u.5"></div><pre class="drawing">            &gt;             &gt;
     909               message that travels the whole chain will pass through four separate connections. Some HTTP communication options might apply
     910               only to the connection with the nearest, non-tunnel neighbor, only to the end-points of the chain, or to all connections along
     911               the chain. Although the diagram is linear, each participant might be engaged in multiple, simultaneous communications. For
     912               example, B might be receiving requests from many clients other than A, and/or forwarding requests to servers other than C,
     913               at the same time that it is handling A's request.
     914            </p>
     915            <p id="rfc.section.2.3.p.4"><span id="rfc.iref.u.2"></span><span id="rfc.iref.d.1"></span> <span id="rfc.iref.i.2"></span><span id="rfc.iref.o.2"></span> We use the terms "<dfn>upstream</dfn>" and "<dfn>downstream</dfn>" to describe various requirements in relation to the directional flow of a message: all messages flow from upstream to downstream.
     916               Likewise, we use the terms inbound and outbound to refer to directions in relation to the request path: "<dfn>inbound</dfn>" means toward the origin server and "<dfn>outbound</dfn>" means toward the user agent.
     917            </p>
     918            <p id="rfc.section.2.3.p.5"><span id="rfc.iref.p.1"></span> A "<dfn>proxy</dfn>" is a message forwarding agent that is selected by the client, usually via local configuration rules, to receive requests
     919               for some type(s) of absolute URI and attempt to satisfy those requests via translation through the HTTP interface. Some translations
     920               are minimal, such as for proxy requests for "http" URIs, whereas other requests might require translation to and from entirely
     921               different application-level protocols. Proxies are often used to group an organization's HTTP requests through a common intermediary
     922               for the sake of security, annotation services, or shared caching.
     923            </p>
     924            <p id="rfc.section.2.3.p.6"><span id="rfc.iref.t.1"></span> <span id="rfc.iref.n.1"></span> An HTTP-to-HTTP proxy is called a "<dfn>transforming proxy</dfn>" if it is designed or configured to modify request or response messages in a semantically meaningful way (i.e., modifications,
     925               beyond those required by normal HTTP processing, that change the message in a way that would be significant to the original
     926               sender or potentially significant to downstream recipients). For example, a transforming proxy might be acting as a shared
     927               annotation server (modifying responses to include references to a local annotation database), a malware filter, a format transcoder,
     928               or an intranet-to-Internet privacy filter. Such transformations are presumed to be desired by the client (or client organization)
     929               that selected the proxy and are beyond the scope of this specification. However, when a proxy is not intended to transform
     930               a given message, we use the term "<dfn>non-transforming proxy</dfn>" to target requirements that preserve HTTP message semantics. See <a href="p2-semantics.html#status.203" title="203 Non-Authoritative Information">Section 7.3.4</a> of <a href="#Part2" id="rfc.xref.Part2.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> and <a href="p6-cache.html#header.warning" title="Warning">Section 7.5</a> of <a href="#Part6" id="rfc.xref.Part6.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a> for status and warning codes related to transformations.
     931            </p>
     932            <p id="rfc.section.2.3.p.7"><span id="rfc.iref.g.13"></span><span id="rfc.iref.r.4"></span> <span id="rfc.iref.a.1"></span> A "<dfn>gateway</dfn>" (a.k.a., "<dfn>reverse proxy</dfn>") is a receiving agent that acts as a layer above some other server(s) and translates the received requests to the underlying
     933               server's protocol. Gateways are often used to encapsulate legacy or untrusted information services, to improve server performance
     934               through "<dfn>accelerator</dfn>" caching, and to enable partitioning or load-balancing of HTTP services across multiple machines.
     935            </p>
     936            <p id="rfc.section.2.3.p.8">A gateway behaves as an origin server on its outbound connection and as a user agent on its inbound connection. All HTTP requirements
     937               applicable to an origin server also apply to the outbound communication of a gateway. A gateway communicates with inbound
     938               servers using any protocol that it desires, including private extensions to HTTP that are outside the scope of this specification.
     939               However, an HTTP-to-HTTP gateway that wishes to interoperate with third-party HTTP servers <em class="bcp14">MUST</em> conform to HTTP user agent requirements on the gateway's inbound connection and <em class="bcp14">MUST</em> implement the <a href="#header.connection" class="smpl">Connection</a> (<a href="#header.connection" id="rfc.xref.header.connection.1" title="Connection">Section&nbsp;6.1</a>) and <a href="#header.via" class="smpl">Via</a> (<a href="#header.via" id="rfc.xref.header.via.1" title="Via">Section&nbsp;5.7</a>) header fields for both connections.
     940            </p>
     941            <p id="rfc.section.2.3.p.9"><span id="rfc.iref.t.2"></span> A "<dfn>tunnel</dfn>" acts as a blind relay between two connections without changing the messages. Once active, a tunnel is not considered a party
     942               to the HTTP communication, though the tunnel might have been initiated by an HTTP request. A tunnel ceases to exist when both
     943               ends of the relayed connection are closed. Tunnels are used to extend a virtual connection through an intermediary, such as
     944               when Transport Layer Security (TLS, <a href="#RFC5246" id="rfc.xref.RFC5246.1"><cite title="The Transport Layer Security (TLS) Protocol Version 1.2">[RFC5246]</cite></a>) is used to establish confidential communication through a shared firewall proxy.
     945            </p>
     946            <p id="rfc.section.2.3.p.10"><span id="rfc.iref.i.3"></span> <span id="rfc.iref.t.3"></span> <span id="rfc.iref.c.3"></span> The above categories for intermediary only consider those acting as participants in the HTTP communication. There are also
     947               intermediaries that can act on lower layers of the network protocol stack, filtering or redirecting HTTP traffic without the
     948               knowledge or permission of message senders. Network intermediaries often introduce security flaws or interoperability problems
     949               by violating HTTP semantics. For example, an "<dfn>interception proxy</dfn>" <a href="#RFC3040" id="rfc.xref.RFC3040.1"><cite title="Internet Web Replication and Caching Taxonomy">[RFC3040]</cite></a> (also commonly known as a "<dfn>transparent proxy</dfn>" <a href="#RFC1919" id="rfc.xref.RFC1919.1"><cite title="Classical versus Transparent IP Proxies">[RFC1919]</cite></a> or "<dfn>captive portal</dfn>") differs from an HTTP proxy because it is not selected by the client. Instead, an interception proxy filters or redirects
     950               outgoing TCP port 80 packets (and occasionally other common port traffic). Interception proxies are commonly found on public
     951               network access points, as a means of enforcing account subscription prior to allowing use of non-local Internet services,
     952               and within corporate firewalls to enforce network usage policies. They are indistinguishable from a man-in-the-middle attack.
     953            </p>
     954            <p id="rfc.section.2.3.p.11">HTTP is defined as a stateless protocol, meaning that each request message can be understood in isolation. Many implementations
     955               depend on HTTP's stateless design in order to reuse proxied connections or dynamically load balance requests across multiple
     956               servers. Hence, servers <em class="bcp14">MUST NOT</em> assume that two requests on the same connection are from the same user agent unless the connection is secured and specific
     957               to that agent. Some non-standard HTTP extensions (e.g., <a href="#RFC4559" id="rfc.xref.RFC4559.1"><cite title="SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows">[RFC4559]</cite></a>) have been known to violate this requirement, resulting in security and interoperability problems.
     958            </p>
     959         </div>
     960         <div id="caches">
     961            <div id="rfc.iref.c.4"></div>
     962            <h2 id="rfc.section.2.4"><a href="#rfc.section.2.4">2.4</a>&nbsp;<a href="#caches">Caches</a></h2>
     963            <p id="rfc.section.2.4.p.1">A "<dfn>cache</dfn>" is a local store of previous response messages and the subsystem that controls its message storage, retrieval, and deletion.
     964               A cache stores cacheable responses in order to reduce the response time and network bandwidth consumption on future, equivalent
     965               requests. Any client or server <em class="bcp14">MAY</em> employ a cache, though a cache cannot be used by a server while it is acting as a tunnel.
     966            </p>
     967            <p id="rfc.section.2.4.p.2">The effect of a cache is that the request/response chain is shortened if one of the participants along the chain has a cached
     968               response applicable to that request. The following illustrates the resulting chain if B has a cached copy of an earlier response
     969               from O (via C) for a request which has not been cached by UA or A.
     970            </p>
     971            <div id="rfc.figure.u.5"></div><pre class="drawing">            &gt;             &gt;
    944972       <b>UA</b> =========== <b>A</b> =========== <b>B</b> - - - - - - <b>C</b> - - - - - - <b>O</b>
    945973                  &lt;             &lt;
    946974</pre><p id="rfc.section.2.4.p.4"><span id="rfc.iref.c.5"></span> A response is "<dfn>cacheable</dfn>" if a cache is allowed to store a copy of the response message for use in answering subsequent requests. Even when a response
    947          is cacheable, there might be additional constraints placed by the client or by the origin server on when that cached response
    948          can be used for a particular request. HTTP requirements for cache behavior and cacheable responses are defined in <a href="p6-cache.html#caching.overview" title="Overview of Cache Operation">Section 2</a> of <a href="#Part6" id="rfc.xref.Part6.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>.
    949       </p>
    950       <p id="rfc.section.2.4.p.5">There are a wide variety of architectures and configurations of caches and proxies deployed across the World Wide Web and
    951          inside large organizations. These systems include national hierarchies of proxy caches to save transoceanic bandwidth, systems
    952          that broadcast or multicast cache entries, organizations that distribute subsets of cached data via optical media, and so
    953          on.
    954       </p>
    955       <h2 id="rfc.section.2.5"><a href="#rfc.section.2.5">2.5</a>&nbsp;<a id="conformance" href="#conformance">Conformance and Error Handling</a></h2>
    956       <p id="rfc.section.2.5.p.1">This specification targets conformance criteria according to the role of a participant in HTTP communication. Hence, HTTP
    957          requirements are placed on senders, recipients, clients, servers, user agents, intermediaries, origin servers, proxies, gateways,
    958          or caches, depending on what behavior is being constrained by the requirement. Additional (social) requirements are placed
    959          on implementations, resource owners, and protocol element registrations when they apply beyond the scope of a single communication.
    960       </p>
    961       <p id="rfc.section.2.5.p.2">The verb "generate" is used instead of "send" where a requirement differentiates between creating a protocol element and merely
    962          forwarding a received element downstream.
    963       </p>
    964       <p id="rfc.section.2.5.p.3">An implementation is considered conformant if it complies with all of the requirements associated with the roles it partakes
    965          in HTTP. Note that SHOULD-level requirements are relevant here, unless one of the documented exceptions is applicable.
    966       </p>
    967       <p id="rfc.section.2.5.p.4">Conformance applies to both the syntax and semantics of HTTP protocol elements. A sender <em class="bcp14">MUST NOT</em> generate protocol elements that convey a meaning that is known by that sender to be false. A sender <em class="bcp14">MUST NOT</em> generate protocol elements that do not match the grammar defined by the ABNF rules for those protocol elements that are applicable
    968          to the sender's role. If a received protocol element is processed, the recipient <em class="bcp14">MUST</em> be able to parse any value that would match the ABNF rules for that protocol element, excluding only those rules not applicable
    969          to the recipient's role.
    970       </p>
    971       <p id="rfc.section.2.5.p.5">Unless noted otherwise, a recipient <em class="bcp14">MAY</em> attempt to recover a usable protocol element from an invalid construct. HTTP does not define specific error handling mechanisms
    972          except when they have a direct impact on security, since different applications of the protocol require different error handling
    973          strategies. For example, a Web browser might wish to transparently recover from a response where the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereas a systems control client might consider any form of error recovery
    974          to be dangerous.
    975       </p>
    976       <h2 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6</a>&nbsp;<a id="http.version" href="#http.version">Protocol Versioning</a></h2>
    977       <p id="rfc.section.2.6.p.1">HTTP uses a "&lt;major&gt;.&lt;minor&gt;" numbering scheme to indicate versions of the protocol. This specification defines version "1.1".
    978          The protocol version as a whole indicates the sender's conformance with the set of requirements laid out in that version's
    979          corresponding specification of HTTP.
    980       </p>
    981       <p id="rfc.section.2.6.p.2">The version of an HTTP message is indicated by an HTTP-version field in the first line of the message. HTTP-version is case-sensitive.</p>
    982       <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.14"></span><span id="rfc.iref.g.15"></span>  <a href="#http.version" class="smpl">HTTP-version</a>  = <a href="#http.version" class="smpl">HTTP-name</a> "/" <a href="#core.rules" class="smpl">DIGIT</a> "." <a href="#core.rules" class="smpl">DIGIT</a>
     975               is cacheable, there might be additional constraints placed by the client or by the origin server on when that cached response
     976               can be used for a particular request. HTTP requirements for cache behavior and cacheable responses are defined in <a href="p6-cache.html#caching.overview" title="Overview of Cache Operation">Section 2</a> of <a href="#Part6" id="rfc.xref.Part6.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>.
     977            </p>
     978            <p id="rfc.section.2.4.p.5">There are a wide variety of architectures and configurations of caches and proxies deployed across the World Wide Web and
     979               inside large organizations. These systems include national hierarchies of proxy caches to save transoceanic bandwidth, systems
     980               that broadcast or multicast cache entries, organizations that distribute subsets of cached data via optical media, and so
     981               on.
     982            </p>
     983         </div>
     984         <div id="conformance">
     985            <h2 id="rfc.section.2.5"><a href="#rfc.section.2.5">2.5</a>&nbsp;<a href="#conformance">Conformance and Error Handling</a></h2>
     986            <p id="rfc.section.2.5.p.1">This specification targets conformance criteria according to the role of a participant in HTTP communication. Hence, HTTP
     987               requirements are placed on senders, recipients, clients, servers, user agents, intermediaries, origin servers, proxies, gateways,
     988               or caches, depending on what behavior is being constrained by the requirement. Additional (social) requirements are placed
     989               on implementations, resource owners, and protocol element registrations when they apply beyond the scope of a single communication.
     990            </p>
     991            <p id="rfc.section.2.5.p.2">The verb "generate" is used instead of "send" where a requirement differentiates between creating a protocol element and merely
     992               forwarding a received element downstream.
     993            </p>
     994            <p id="rfc.section.2.5.p.3">An implementation is considered conformant if it complies with all of the requirements associated with the roles it partakes
     995               in HTTP. Note that SHOULD-level requirements are relevant here, unless one of the documented exceptions is applicable.
     996            </p>
     997            <p id="rfc.section.2.5.p.4">Conformance applies to both the syntax and semantics of HTTP protocol elements. A sender <em class="bcp14">MUST NOT</em> generate protocol elements that convey a meaning that is known by that sender to be false. A sender <em class="bcp14">MUST NOT</em> generate protocol elements that do not match the grammar defined by the ABNF rules for those protocol elements that are applicable
     998               to the sender's role. If a received protocol element is processed, the recipient <em class="bcp14">MUST</em> be able to parse any value that would match the ABNF rules for that protocol element, excluding only those rules not applicable
     999               to the recipient's role.
     1000            </p>
     1001            <p id="rfc.section.2.5.p.5">Unless noted otherwise, a recipient <em class="bcp14">MAY</em> attempt to recover a usable protocol element from an invalid construct. HTTP does not define specific error handling mechanisms
     1002               except when they have a direct impact on security, since different applications of the protocol require different error handling
     1003               strategies. For example, a Web browser might wish to transparently recover from a response where the <a href="p2-semantics.html#header.location" class="smpl">Location</a> header field doesn't parse according to the ABNF, whereas a systems control client might consider any form of error recovery
     1004               to be dangerous.
     1005            </p>
     1006         </div>
     1007         <div id="http.version">
     1008            <h2 id="rfc.section.2.6"><a href="#rfc.section.2.6">2.6</a>&nbsp;<a href="#http.version">Protocol Versioning</a></h2>
     1009            <p id="rfc.section.2.6.p.1">HTTP uses a "&lt;major&gt;.&lt;minor&gt;" numbering scheme to indicate versions of the protocol. This specification defines version "1.1".
     1010               The protocol version as a whole indicates the sender's conformance with the set of requirements laid out in that version's
     1011               corresponding specification of HTTP.
     1012            </p>
     1013            <p id="rfc.section.2.6.p.2">The version of an HTTP message is indicated by an HTTP-version field in the first line of the message. HTTP-version is case-sensitive.</p>
     1014            <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.14"></span><span id="rfc.iref.g.15"></span>  <a href="#http.version" class="smpl">HTTP-version</a>  = <a href="#http.version" class="smpl">HTTP-name</a> "/" <a href="#core.rules" class="smpl">DIGIT</a> "." <a href="#core.rules" class="smpl">DIGIT</a>
    9831015  <a href="#http.version" class="smpl">HTTP-name</a>     = %x48.54.54.50 ; "HTTP", case-sensitive
    9841016</pre><p id="rfc.section.2.6.p.4">The HTTP version number consists of two decimal digits separated by a "." (period or decimal point). The first digit ("major
    985          version") indicates the HTTP messaging syntax, whereas the second digit ("minor version") indicates the highest minor version
    986          to which the sender is conformant and able to understand for future communication. The minor version advertises the sender's
    987          communication capabilities even when the sender is only using a backwards-compatible subset of the protocol, thereby letting
    988          the recipient know that more advanced features can be used in response (by servers) or in future requests (by clients).
    989       </p>
    990       <p id="rfc.section.2.6.p.5">When an HTTP/1.1 message is sent to an HTTP/1.0 recipient <a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a> or a recipient whose version is unknown, the HTTP/1.1 message is constructed such that it can be interpreted as a valid HTTP/1.0
    991          message if all of the newer features are ignored. This specification places recipient-version requirements on some new features
    992          so that a conformant sender will only use compatible features until it has determined, through configuration or the receipt
    993          of a message, that the recipient supports HTTP/1.1.
    994       </p>
    995       <p id="rfc.section.2.6.p.6">The interpretation of a header field does not change between minor versions of the same major HTTP version, though the default
    996          behavior of a recipient in the absence of such a field can change. Unless specified otherwise, header fields defined in HTTP/1.1
    997          are defined for all versions of HTTP/1.x. In particular, the <a href="#header.host" class="smpl">Host</a> and <a href="#header.connection" class="smpl">Connection</a> header fields ought to be implemented by all HTTP/1.x implementations whether or not they advertise conformance with HTTP/1.1.
    998       </p>
    999       <p id="rfc.section.2.6.p.7">New header fields can be defined such that, when they are understood by a recipient, they might override or enhance the interpretation
    1000          of previously defined header fields. When an implementation receives an unrecognized header field, the recipient <em class="bcp14">MUST</em> ignore that header field for local processing regardless of the message's HTTP version. An unrecognized header field received
    1001          by a proxy <em class="bcp14">MUST</em> be forwarded downstream unless the header field's field-name is listed in the message's <a href="#header.connection" class="smpl">Connection</a> header field (see <a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section&nbsp;6.1</a>). These requirements allow HTTP's functionality to be enhanced without requiring prior update of deployed intermediaries.
    1002       </p>
    1003       <p id="rfc.section.2.6.p.8">Intermediaries that process HTTP messages (i.e., all intermediaries other than those acting as tunnels) <em class="bcp14">MUST</em> send their own HTTP-version in forwarded messages. In other words, they <em class="bcp14">MUST NOT</em> blindly forward the first line of an HTTP message without ensuring that the protocol version in that message matches a version
    1004          to which that intermediary is conformant for both the receiving and sending of messages. Forwarding an HTTP message without
    1005          rewriting the HTTP-version might result in communication errors when downstream recipients use the message sender's version
    1006          to determine what features are safe to use for later communication with that sender.
    1007       </p>
    1008       <p id="rfc.section.2.6.p.9">An HTTP client <em class="bcp14">SHOULD</em> send a request version equal to the highest version to which the client is conformant and whose major version is no higher
    1009          than the highest version supported by the server, if this is known. An HTTP client <em class="bcp14">MUST NOT</em> send a version to which it is not conformant.
    1010       </p>
    1011       <p id="rfc.section.2.6.p.10">An HTTP client <em class="bcp14">MAY</em> send a lower request version if it is known that the server incorrectly implements the HTTP specification, but only after
    1012          the client has attempted at least one normal request and determined from the response status or header fields (e.g., <a href="p2-semantics.html#header.server" class="smpl">Server</a>) that the server improperly handles higher request versions.
    1013       </p>
    1014       <p id="rfc.section.2.6.p.11">An HTTP server <em class="bcp14">SHOULD</em> send a response version equal to the highest version to which the server is conformant and whose major version is less than
    1015          or equal to the one received in the request. An HTTP server <em class="bcp14">MUST NOT</em> send a version to which it is not conformant. A server <em class="bcp14">MAY</em> send a <a href="p2-semantics.html#status.505" class="smpl">505 (HTTP Version Not
    1016             Supported)</a> response if it cannot send a response using the major version used in the client's request.
    1017       </p>
    1018       <p id="rfc.section.2.6.p.12">An HTTP server <em class="bcp14">MAY</em> send an HTTP/1.0 response to an HTTP/1.0 request if it is known or suspected that the client incorrectly implements the HTTP
    1019          specification and is incapable of correctly processing later version responses, such as when a client fails to parse the version
    1020          number correctly or when an intermediary is known to blindly forward the HTTP-version even when it doesn't conform to the
    1021          given minor version of the protocol. Such protocol downgrades <em class="bcp14">SHOULD NOT</em> be performed unless triggered by specific client attributes, such as when one or more of the request header fields (e.g., <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a>) uniquely match the values sent by a client known to be in error.
    1022       </p>
    1023       <p id="rfc.section.2.6.p.13">The intention of HTTP's versioning design is that the major number will only be incremented if an incompatible message syntax
    1024          is introduced, and that the minor number will only be incremented when changes made to the protocol have the effect of adding
    1025          to the message semantics or implying additional capabilities of the sender. However, the minor version was not incremented
    1026          for the changes introduced between <a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> and <a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, and this revision is specifically avoiding any such changes to the protocol.
    1027       </p>
    1028       <div id="rfc.iref.r.5"></div>
    1029       <h2 id="rfc.section.2.7"><a href="#rfc.section.2.7">2.7</a>&nbsp;<a id="uri" href="#uri">Uniform Resource Identifiers</a></h2>
    1030       <p id="rfc.section.2.7.p.1">Uniform Resource Identifiers (URIs) <a href="#RFC3986" id="rfc.xref.RFC3986.2"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> are used throughout HTTP as the means for identifying resources (<a href="p2-semantics.html#resource" title="Resource">Section 2</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). URI references are used to target requests, indicate redirects, and define relationships.
    1031       </p>
    1032       <p id="rfc.section.2.7.p.2">This specification adopts the definitions of "URI-reference", "absolute-URI", "relative-part", "port", "host", "path-abempty",
    1033          "path-absolute", "query", and "authority" from the URI generic syntax. In addition, we define a partial-URI rule for protocol
    1034          elements that allow a relative URI but not a fragment.
    1035       </p>
    1036       <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.16"></span><span id="rfc.iref.g.17"></span><span id="rfc.iref.g.18"></span><span id="rfc.iref.g.19"></span><span id="rfc.iref.g.20"></span><span id="rfc.iref.g.21"></span><span id="rfc.iref.g.22"></span><span id="rfc.iref.g.23"></span>  <a href="#uri" class="smpl">URI-reference</a> = &lt;URI-reference, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.3"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.1">Section 4.1</a>&gt;
    1037   <a href="#uri" class="smpl">absolute-URI</a>  = &lt;absolute-URI, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.4"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>&gt;
    1038   <a href="#uri" class="smpl">relative-part</a> = &lt;relative-part, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.5"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-4.2">Section 4.2</a>&gt;
    1039   <a href="#uri" class="smpl">authority</a>     = &lt;authority, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.6"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2">Section 3.2</a>&gt;
    1040   <a href="#uri" class="smpl">path-abempty</a>  = &lt;path-abempty, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.7"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>&gt;
    1041   <a href="#uri" class="smpl">path-absolute</a> = &lt;path-absolute, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.8"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>&gt;
    1042   <a href="#uri" class="smpl">port</a>          = &lt;port, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.9"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.3">Section 3.2.3</a>&gt;
    1043   <a href="#uri" class="smpl">query</a>         = &lt;query, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.10"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.4">Section 3.4</a>&gt;
    1044   <a href="#uri" class="smpl">uri-host</a>      = &lt;host, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.11"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>&gt;
     1017               version") indicates the HTTP messaging syntax, whereas the second digit ("minor version") indicates the highest minor version
     1018               to which the sender is conformant and able to understand for future communication. The minor version advertises the sender's
     1019               communication capabilities even when the sender is only using a backwards-compatible subset of the protocol, thereby letting
     1020               the recipient know that more advanced features can be used in response (by servers) or in future requests (by clients).
     1021            </p>
     1022            <p id="rfc.section.2.6.p.5">When an HTTP/1.1 message is sent to an HTTP/1.0 recipient <a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a> or a recipient whose version is unknown, the HTTP/1.1 message is constructed such that it can be interpreted as a valid HTTP/1.0
     1023               message if all of the newer features are ignored. This specification places recipient-version requirements on some new features
     1024               so that a conformant sender will only use compatible features until it has determined, through configuration or the receipt
     1025               of a message, that the recipient supports HTTP/1.1.
     1026            </p>
     1027            <p id="rfc.section.2.6.p.6">The interpretation of a header field does not change between minor versions of the same major HTTP version, though the default
     1028               behavior of a recipient in the absence of such a field can change. Unless specified otherwise, header fields defined in HTTP/1.1
     1029               are defined for all versions of HTTP/1.x. In particular, the <a href="#header.host" class="smpl">Host</a> and <a href="#header.connection" class="smpl">Connection</a> header fields ought to be implemented by all HTTP/1.x implementations whether or not they advertise conformance with HTTP/1.1.
     1030            </p>
     1031            <p id="rfc.section.2.6.p.7">New header fields can be defined such that, when they are understood by a recipient, they might override or enhance the interpretation
     1032               of previously defined header fields. When an implementation receives an unrecognized header field, the recipient <em class="bcp14">MUST</em> ignore that header field for local processing regardless of the message's HTTP version. An unrecognized header field received
     1033               by a proxy <em class="bcp14">MUST</em> be forwarded downstream unless the header field's field-name is listed in the message's <a href="#header.connection" class="smpl">Connection</a> header field (see <a href="#header.connection" id="rfc.xref.header.connection.2" title="Connection">Section&nbsp;6.1</a>). These requirements allow HTTP's functionality to be enhanced without requiring prior update of deployed intermediaries.
     1034            </p>
     1035            <p id="rfc.section.2.6.p.8">Intermediaries that process HTTP messages (i.e., all intermediaries other than those acting as tunnels) <em class="bcp14">MUST</em> send their own HTTP-version in forwarded messages. In other words, they <em class="bcp14">MUST NOT</em> blindly forward the first line of an HTTP message without ensuring that the protocol version in that message matches a version
     1036               to which that intermediary is conformant for both the receiving and sending of messages. Forwarding an HTTP message without
     1037               rewriting the HTTP-version might result in communication errors when downstream recipients use the message sender's version
     1038               to determine what features are safe to use for later communication with that sender.
     1039            </p>
     1040            <p id="rfc.section.2.6.p.9">An HTTP client <em class="bcp14">SHOULD</em> send a request version equal to the highest version to which the client is conformant and whose major version is no higher
     1041               than the highest version supported by the server, if this is known. An HTTP client <em class="bcp14">MUST NOT</em> send a version to which it is not conformant.
     1042            </p>
     1043            <p id="rfc.section.2.6.p.10">An HTTP client <em class="bcp14">MAY</em> send a lower request version if it is known that the server incorrectly implements the HTTP specification, but only after
     1044               the client has attempted at least one normal request and determined from the response status or header fields (e.g., <a href="p2-semantics.html#header.server" class="smpl">Server</a>) that the server improperly handles higher request versions.
     1045            </p>
     1046            <p id="rfc.section.2.6.p.11">An HTTP server <em class="bcp14">SHOULD</em> send a response version equal to the highest version to which the server is conformant and whose major version is less than
     1047               or equal to the one received in the request. An HTTP server <em class="bcp14">MUST NOT</em> send a version to which it is not conformant. A server <em class="bcp14">MAY</em> send a <a href="p2-semantics.html#status.505" class="smpl">505 (HTTP Version Not
     1048                  Supported)</a> response if it cannot send a response using the major version used in the client's request.
     1049            </p>
     1050            <p id="rfc.section.2.6.p.12">An HTTP server <em class="bcp14">MAY</em> send an HTTP/1.0 response to an HTTP/1.0 request if it is known or suspected that the client incorrectly implements the HTTP
     1051               specification and is incapable of correctly processing later version responses, such as when a client fails to parse the version
     1052               number correctly or when an intermediary is known to blindly forward the HTTP-version even when it doesn't conform to the
     1053               given minor version of the protocol. Such protocol downgrades <em class="bcp14">SHOULD NOT</em> be performed unless triggered by specific client attributes, such as when one or more of the request header fields (e.g., <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a>) uniquely match the values sent by a client known to be in error.
     1054            </p>
     1055            <p id="rfc.section.2.6.p.13">The intention of HTTP's versioning design is that the major number will only be incremented if an incompatible message syntax
     1056               is introduced, and that the minor number will only be incremented when changes made to the protocol have the effect of adding
     1057               to the message semantics or implying additional capabilities of the sender. However, the minor version was not incremented
     1058               for the changes introduced between <a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> and <a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, and this revision is specifically avoiding any such changes to the protocol.
     1059            </p>
     1060         </div>
     1061         <div id="uri">
     1062            <div id="rfc.iref.r.5"></div>
     1063            <h2 id="rfc.section.2.7"><a href="#rfc.section.2.7">2.7</a>&nbsp;<a href="#uri">Uniform Resource Identifiers</a></h2>
     1064            <p id="rfc.section.2.7.p.1">Uniform Resource Identifiers (URIs) <a href="#RFC3986" id="rfc.xref.RFC3986.2"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a> are used throughout HTTP as the means for identifying resources (<a href="p2-semantics.html#resource" title="Resource">Section 2</a> of <a href="#Part2" id="rfc.xref.Part2.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). URI references are used to target requests, indicate redirects, and define relationships.
     1065            </p>
     1066            <p id="rfc.section.2.7.p.2">This specification adopts the definitions of "URI-reference", "absolute-URI", "relative-part", "port", "host", "path-abempty",
     1067               "path-absolute", "query", and "authority" from the URI generic syntax. In addition, we define a partial-URI rule for protocol
     1068               elements that allow a relative URI but not a fragment.
     1069            </p>
     1070            <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.16"></span><span id="rfc.iref.g.17"></span><span id="rfc.iref.g.18"></span><span id="rfc.iref.g.19"></span><span id="rfc.iref.g.20"></span><span id="rfc.iref.g.21"></span><span id="rfc.iref.g.22"></span><span id="rfc.iref.g.23"></span>  <a href="#uri" class="smpl">URI-reference</a> = &lt;URI-reference, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.3"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-4.1">Section 4.1</a>&gt;
     1071  <a href="#uri" class="smpl">absolute-URI</a>  = &lt;absolute-URI, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.4"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-4.3">Section 4.3</a>&gt;
     1072  <a href="#uri" class="smpl">relative-part</a> = &lt;relative-part, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.5"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-4.2">Section 4.2</a>&gt;
     1073  <a href="#uri" class="smpl">authority</a>     = &lt;authority, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.6"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2">Section 3.2</a>&gt;
     1074  <a href="#uri" class="smpl">path-abempty</a>  = &lt;path-abempty, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.7"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>&gt;
     1075  <a href="#uri" class="smpl">path-absolute</a> = &lt;path-absolute, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.8"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.3">Section 3.3</a>&gt;
     1076  <a href="#uri" class="smpl">port</a>          = &lt;port, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.9"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.3">Section 3.2.3</a>&gt;
     1077  <a href="#uri" class="smpl">query</a>         = &lt;query, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.10"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.4">Section 3.4</a>&gt;
     1078  <a href="#uri" class="smpl">uri-host</a>      = &lt;host, defined in <a href="#RFC3986" id="rfc.xref.RFC3986.11"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>&gt;
    10451079 
    10461080  <a href="#uri" class="smpl">partial-URI</a>   = relative-part [ "?" query ]
    10471081</pre><p id="rfc.section.2.7.p.4">Each protocol element in HTTP that allows a URI reference will indicate in its ABNF production whether the element allows
    1048          any form of reference (URI-reference), only a URI in absolute form (absolute-URI), only the path and optional query components,
    1049          or some combination of the above. Unless otherwise indicated, URI references are parsed relative to the effective request
    1050          URI (<a href="#effective.request.uri" title="Effective Request URI">Section&nbsp;5.5</a>).
    1051       </p>
    1052       <h3 id="rfc.section.2.7.1"><a href="#rfc.section.2.7.1">2.7.1</a>&nbsp;<a id="http.uri" href="#http.uri">http URI scheme</a></h3>
    1053       <div id="rfc.iref.h.1"></div>
    1054       <div id="rfc.iref.u.3"></div>
    1055       <p id="rfc.section.2.7.1.p.1">The "http" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
    1056          namespace governed by a potential HTTP origin server listening for TCP connections on a given port.
    1057       </p>
    1058       <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.24"></span>  <a href="#http.uri" class="smpl">http-URI</a> = "http:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
    1059 </pre><p id="rfc.section.2.7.1.p.3">The HTTP origin server is identified by the generic syntax's <a href="#uri" class="smpl">authority</a> component, which includes a host identifier and optional TCP port (<a href="#RFC3986" id="rfc.xref.RFC3986.12"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>). The remainder of the URI, consisting of both the hierarchical path component and optional query component, serves as an
    1060          identifier for a potential resource within that origin server's name space.
    1061       </p>
    1062       <p id="rfc.section.2.7.1.p.4">If the host identifier is provided as an IP literal or IPv4 address, then the origin server is any listener on the indicated
    1063          TCP port at that IP address. If host is a registered name, then that name is considered an indirect identifier and the recipient
    1064          might use a name resolution service, such as DNS, to find the address of a listener for that host. The host <em class="bcp14">MUST NOT</em> be empty; if an "http" URI is received with an empty host, then it <em class="bcp14">MUST</em> be rejected as invalid. If the port subcomponent is empty or not given, then TCP port 80 is assumed (the default reserved
    1065          port for WWW services).
    1066       </p>
    1067       <p id="rfc.section.2.7.1.p.5">Regardless of the form of host identifier, access to that host is not implied by the mere presence of its name or address.
    1068          The host might or might not exist and, even when it does exist, might or might not be running an HTTP server or listening
    1069          to the indicated port. The "http" URI scheme makes use of the delegated nature of Internet names and addresses to establish
    1070          a naming authority (whatever entity has the ability to place an HTTP server at that Internet name or address) and allows that
    1071          authority to determine which names are valid and how they might be used.
    1072       </p>
    1073       <p id="rfc.section.2.7.1.p.6">When an "http" URI is used within a context that calls for access to the indicated resource, a client <em class="bcp14">MAY</em> attempt access by resolving the host to an IP address, establishing a TCP connection to that address on the indicated port,
    1074          and sending an HTTP request message (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) containing the URI's identifying data (<a href="#message.routing" title="Message Routing">Section&nbsp;5</a>) to the server. If the server responds to that request with a non-interim HTTP response message, as described in <a href="p2-semantics.html#status.codes" title="Response Status Codes">Section 7</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, then that response is considered an authoritative answer to the client's request.
    1075       </p>
    1076       <p id="rfc.section.2.7.1.p.7">Although HTTP is independent of the transport protocol, the "http" scheme is specific to TCP-based services because the name
    1077          delegation process depends on TCP for establishing authority. An HTTP service based on some other underlying connection protocol
    1078          would presumably be identified using a different URI scheme, just as the "https" scheme (below) is used for resources that
    1079          require an end-to-end secured connection. Other protocols might also be used to provide access to "http" identified resources
    1080          — it is only the authoritative interface used for mapping the namespace that is specific to TCP.
    1081       </p>
    1082       <p id="rfc.section.2.7.1.p.8">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.13"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. Some implementations make use of the userinfo component for internal
    1083          configuration of authentication information, such as within command invocation options, configuration files, or bookmark lists,
    1084          even though such usage might expose a user identifier or password. Senders <em class="bcp14">MUST NOT</em> include a userinfo subcomponent (and its "@" delimiter) when transmitting an "http" URI in a message. Recipients of HTTP messages
    1085          that contain a URI reference <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent
    1086          is being used to obscure the authority for the sake of phishing attacks.
    1087       </p>
    1088       <h3 id="rfc.section.2.7.2"><a href="#rfc.section.2.7.2">2.7.2</a>&nbsp;<a id="https.uri" href="#https.uri">https URI scheme</a></h3>
    1089       <div id="rfc.iref.h.2"></div>
    1090       <div id="rfc.iref.u.4"></div>
    1091       <p id="rfc.section.2.7.2.p.1">The "https" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
    1092          namespace governed by a potential HTTP origin server listening to a given TCP port for TLS-secured connections <a href="#RFC5246" id="rfc.xref.RFC5246.2"><cite title="The Transport Layer Security (TLS) Protocol Version 1.2">[RFC5246]</cite></a>.
    1093       </p>
    1094       <p id="rfc.section.2.7.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default
    1095          TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured, end-to-end, through the use of strong encryption prior to sending the first HTTP request.
    1096       </p>
    1097       <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.25"></span>  <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
     1082               any form of reference (URI-reference), only a URI in absolute form (absolute-URI), only the path and optional query components,
     1083               or some combination of the above. Unless otherwise indicated, URI references are parsed relative to the effective request
     1084               URI (<a href="#effective.request.uri" title="Effective Request URI">Section&nbsp;5.5</a>).
     1085            </p>
     1086            <div id="http.uri">
     1087               <h3 id="rfc.section.2.7.1"><a href="#rfc.section.2.7.1">2.7.1</a>&nbsp;<a href="#http.uri">http URI scheme</a></h3>
     1088               <div id="rfc.iref.h.1"></div>
     1089               <div id="rfc.iref.u.3"></div>
     1090               <p id="rfc.section.2.7.1.p.1">The "http" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
     1091                  namespace governed by a potential HTTP origin server listening for TCP connections on a given port.
     1092               </p>
     1093               <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.24"></span>  <a href="#http.uri" class="smpl">http-URI</a> = "http:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
     1094</pre><p id="rfc.section.2.7.1.p.3">The HTTP origin server is identified by the generic syntax's <a href="#uri" class="smpl">authority</a> component, which includes a host identifier and optional TCP port (<a href="#RFC3986" id="rfc.xref.RFC3986.12"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.2">Section 3.2.2</a>). The remainder of the URI, consisting of both the hierarchical path component and optional query component, serves as an
     1095                  identifier for a potential resource within that origin server's name space.
     1096               </p>
     1097               <p id="rfc.section.2.7.1.p.4">If the host identifier is provided as an IP literal or IPv4 address, then the origin server is any listener on the indicated
     1098                  TCP port at that IP address. If host is a registered name, then that name is considered an indirect identifier and the recipient
     1099                  might use a name resolution service, such as DNS, to find the address of a listener for that host. The host <em class="bcp14">MUST NOT</em> be empty; if an "http" URI is received with an empty host, then it <em class="bcp14">MUST</em> be rejected as invalid. If the port subcomponent is empty or not given, then TCP port 80 is assumed (the default reserved
     1100                  port for WWW services).
     1101               </p>
     1102               <p id="rfc.section.2.7.1.p.5">Regardless of the form of host identifier, access to that host is not implied by the mere presence of its name or address.
     1103                  The host might or might not exist and, even when it does exist, might or might not be running an HTTP server or listening
     1104                  to the indicated port. The "http" URI scheme makes use of the delegated nature of Internet names and addresses to establish
     1105                  a naming authority (whatever entity has the ability to place an HTTP server at that Internet name or address) and allows that
     1106                  authority to determine which names are valid and how they might be used.
     1107               </p>
     1108               <p id="rfc.section.2.7.1.p.6">When an "http" URI is used within a context that calls for access to the indicated resource, a client <em class="bcp14">MAY</em> attempt access by resolving the host to an IP address, establishing a TCP connection to that address on the indicated port,
     1109                  and sending an HTTP request message (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) containing the URI's identifying data (<a href="#message.routing" title="Message Routing">Section&nbsp;5</a>) to the server. If the server responds to that request with a non-interim HTTP response message, as described in <a href="p2-semantics.html#status.codes" title="Response Status Codes">Section 7</a> of <a href="#Part2" id="rfc.xref.Part2.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, then that response is considered an authoritative answer to the client's request.
     1110               </p>
     1111               <p id="rfc.section.2.7.1.p.7">Although HTTP is independent of the transport protocol, the "http" scheme is specific to TCP-based services because the name
     1112                  delegation process depends on TCP for establishing authority. An HTTP service based on some other underlying connection protocol
     1113                  would presumably be identified using a different URI scheme, just as the "https" scheme (below) is used for resources that
     1114                  require an end-to-end secured connection. Other protocols might also be used to provide access to "http" identified resources
     1115                  — it is only the authoritative interface used for mapping the namespace that is specific to TCP.
     1116               </p>
     1117               <p id="rfc.section.2.7.1.p.8">The URI generic syntax for authority also includes a deprecated userinfo subcomponent (<a href="#RFC3986" id="rfc.xref.RFC3986.13"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.2.1">Section 3.2.1</a>) for including user authentication information in the URI. Some implementations make use of the userinfo component for internal
     1118                  configuration of authentication information, such as within command invocation options, configuration files, or bookmark lists,
     1119                  even though such usage might expose a user identifier or password. Senders <em class="bcp14">MUST NOT</em> include a userinfo subcomponent (and its "@" delimiter) when transmitting an "http" URI in a message. Recipients of HTTP messages
     1120                  that contain a URI reference <em class="bcp14">SHOULD</em> parse for the existence of userinfo and treat its presence as an error, likely indicating that the deprecated subcomponent
     1121                  is being used to obscure the authority for the sake of phishing attacks.
     1122               </p>
     1123            </div>
     1124            <div id="https.uri">
     1125               <h3 id="rfc.section.2.7.2"><a href="#rfc.section.2.7.2">2.7.2</a>&nbsp;<a href="#https.uri">https URI scheme</a></h3>
     1126               <div id="rfc.iref.h.2"></div>
     1127               <div id="rfc.iref.u.4"></div>
     1128               <p id="rfc.section.2.7.2.p.1">The "https" URI scheme is hereby defined for the purpose of minting identifiers according to their association with the hierarchical
     1129                  namespace governed by a potential HTTP origin server listening to a given TCP port for TLS-secured connections <a href="#RFC5246" id="rfc.xref.RFC5246.2"><cite title="The Transport Layer Security (TLS) Protocol Version 1.2">[RFC5246]</cite></a>.
     1130               </p>
     1131               <p id="rfc.section.2.7.2.p.2">All of the requirements listed above for the "http" scheme are also requirements for the "https" scheme, except that a default
     1132                  TCP port of 443 is assumed if the port subcomponent is empty or not given, and the TCP connection <em class="bcp14">MUST</em> be secured, end-to-end, through the use of strong encryption prior to sending the first HTTP request.
     1133               </p>
     1134               <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.25"></span>  <a href="#https.uri" class="smpl">https-URI</a> = "https:" "//" <a href="#uri" class="smpl">authority</a> <a href="#uri" class="smpl">path-abempty</a> [ "?" <a href="#uri" class="smpl">query</a> ]
    10981135</pre><p id="rfc.section.2.7.2.p.4">Unlike the "http" scheme, responses to "https" identified requests are never "public" and thus <em class="bcp14">MUST NOT</em> be reused for shared caching. They can, however, be reused in a private cache if the message is cacheable by default in HTTP
    1099          or specifically indicated as such by the Cache-Control header field (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 7.2</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
    1100       </p>
    1101       <p id="rfc.section.2.7.2.p.5">Resources made available via the "https" scheme have no shared identity with the "http" scheme even if their resource identifiers
    1102          indicate the same authority (the same host listening to the same TCP port). They are distinct name spaces and are considered
    1103          to be distinct origin servers. However, an extension to HTTP that is defined to apply to entire host domains, such as the
    1104          Cookie protocol <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a>, can allow information set by one service to impact communication with other services within a matching group of host domains.
    1105       </p>
    1106       <p id="rfc.section.2.7.2.p.6">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>.
    1107       </p>
    1108       <h3 id="rfc.section.2.7.3"><a href="#rfc.section.2.7.3">2.7.3</a>&nbsp;<a id="uri.comparison" href="#uri.comparison">http and https URI Normalization and Comparison</a></h3>
    1109       <p id="rfc.section.2.7.3.p.1">Since the "http" and "https" schemes conform to the URI generic syntax, such URIs are normalized and compared according to
    1110          the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.14"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme.
    1111       </p>
    1112       <p id="rfc.section.2.7.3.p.2">If the port is equal to the default port for a scheme, the normal form is to elide the port subcomponent. Likewise, an empty
    1113          path component is equivalent to an absolute path of "/", so the normal form is to provide a path of "/" instead. The scheme
    1114          and host are case-insensitive and normally provided in lowercase; all other components are compared in a case-sensitive manner.
    1115          Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them.
    1116       </p>
    1117       <p id="rfc.section.2.7.3.p.3">For example, the following three URIs are equivalent:</p>
    1118       <div id="rfc.figure.u.10"></div><pre class="text">   http://example.com:80/~smith/home.html
     1136                  or specifically indicated as such by the Cache-Control header field (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 7.2</a> of <a href="#Part6" id="rfc.xref.Part6.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
     1137               </p>
     1138               <p id="rfc.section.2.7.2.p.5">Resources made available via the "https" scheme have no shared identity with the "http" scheme even if their resource identifiers
     1139                  indicate the same authority (the same host listening to the same TCP port). They are distinct name spaces and are considered
     1140                  to be distinct origin servers. However, an extension to HTTP that is defined to apply to entire host domains, such as the
     1141                  Cookie protocol <a href="#RFC6265" id="rfc.xref.RFC6265.1"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a>, can allow information set by one service to impact communication with other services within a matching group of host domains.
     1142               </p>
     1143               <p id="rfc.section.2.7.2.p.6">The process for authoritative access to an "https" identified resource is defined in <a href="#RFC2818" id="rfc.xref.RFC2818.1"><cite title="HTTP Over TLS">[RFC2818]</cite></a>.
     1144               </p>
     1145            </div>
     1146            <div id="uri.comparison">
     1147               <h3 id="rfc.section.2.7.3"><a href="#rfc.section.2.7.3">2.7.3</a>&nbsp;<a href="#uri.comparison">http and https URI Normalization and Comparison</a></h3>
     1148               <p id="rfc.section.2.7.3.p.1">Since the "http" and "https" schemes conform to the URI generic syntax, such URIs are normalized and compared according to
     1149                  the algorithm defined in <a href="#RFC3986" id="rfc.xref.RFC3986.14"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-6">Section 6</a>, using the defaults described above for each scheme.
     1150               </p>
     1151               <p id="rfc.section.2.7.3.p.2">If the port is equal to the default port for a scheme, the normal form is to elide the port subcomponent. Likewise, an empty
     1152                  path component is equivalent to an absolute path of "/", so the normal form is to provide a path of "/" instead. The scheme
     1153                  and host are case-insensitive and normally provided in lowercase; all other components are compared in a case-sensitive manner.
     1154                  Characters other than those in the "reserved" set are equivalent to their percent-encoded octets (see <a href="#RFC3986" id="rfc.xref.RFC3986.15"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-2.1">Section 2.1</a>): the normal form is to not encode them.
     1155               </p>
     1156               <p id="rfc.section.2.7.3.p.3">For example, the following three URIs are equivalent:</p>
     1157               <div id="rfc.figure.u.10"></div><pre class="text">   http://example.com:80/~smith/home.html
    11191158   http://EXAMPLE.com/%7Esmith/home.html
    11201159   http://EXAMPLE.com:/%7esmith/home.html
    1121 </pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="http.message" href="#http.message">Message Format</a></h1>
    1122       <div id="rfc.iref.h.3"></div>
    1123       <div id="rfc.iref.h.4"></div>
    1124       <div id="rfc.iref.h.5"></div>
    1125       <p id="rfc.section.3.p.1">All HTTP/1.1 messages consist of a start-line followed by a sequence of octets in a format similar to the Internet Message
    1126          Format <a href="#RFC5322" id="rfc.xref.RFC5322.2"><cite title="Internet Message Format">[RFC5322]</cite></a>: zero or more header fields (collectively referred to as the "headers" or the "header section"), an empty line indicating
    1127          the end of the header section, and an optional message body.
    1128       </p>
    1129       <div id="rfc.figure.u.11"></div><pre class="inline"><span id="rfc.iref.g.26"></span>  <a href="#http.message" class="smpl">HTTP-message</a>   = <a href="#http.message" class="smpl">start-line</a>
     1160</pre></div>
     1161         </div>
     1162      </div>
     1163      <div id="http.message">
     1164         <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a href="#http.message">Message Format</a></h1>
     1165         <div id="rfc.iref.h.3"></div>
     1166         <div id="rfc.iref.h.4"></div>
     1167         <div id="rfc.iref.h.5"></div>
     1168         <p id="rfc.section.3.p.1">All HTTP/1.1 messages consist of a start-line followed by a sequence of octets in a format similar to the Internet Message
     1169            Format <a href="#RFC5322" id="rfc.xref.RFC5322.2"><cite title="Internet Message Format">[RFC5322]</cite></a>: zero or more header fields (collectively referred to as the "headers" or the "header section"), an empty line indicating
     1170            the end of the header section, and an optional message body.
     1171         </p>
     1172         <div id="rfc.figure.u.11"></div><pre class="inline"><span id="rfc.iref.g.26"></span>  <a href="#http.message" class="smpl">HTTP-message</a>   = <a href="#http.message" class="smpl">start-line</a>
    11301173                   *( <a href="#header.fields" class="smpl">header-field</a> <a href="#core.rules" class="smpl">CRLF</a> )
    11311174                   <a href="#core.rules" class="smpl">CRLF</a>
    11321175                   [ <a href="#message.body" class="smpl">message-body</a> ]
    11331176</pre><p id="rfc.section.3.p.3">The normal procedure for parsing an HTTP message is to read the start-line into a structure, read each header field into a
    1134          hash table by field name until the empty line, and then use the parsed data to determine if a message body is expected. If
    1135          a message body has been indicated, then it is read as a stream until an amount of octets equal to the message body length
    1136          is read or the connection is closed.
    1137       </p>
    1138       <p id="rfc.section.3.p.4">Recipients <em class="bcp14">MUST</em> parse an HTTP message as a sequence of octets in an encoding that is a superset of US-ASCII <a href="#USASCII" id="rfc.xref.USASCII.2"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a>. Parsing an HTTP message as a stream of Unicode characters, without regard for the specific encoding, creates security vulnerabilities
    1139          due to the varying ways that string processing libraries handle invalid multibyte character sequences that contain the octet
    1140          LF (%x0A). String-based parsers can only be safely used within protocol elements after the element has been extracted from
    1141          the message, such as within a header field-value after message parsing has delineated the individual fields.
    1142       </p>
    1143       <p id="rfc.section.3.p.5">An HTTP message can be parsed as a stream for incremental processing or forwarding downstream. However, recipients cannot
    1144          rely on incremental delivery of partial messages, since some implementations will buffer or delay message forwarding for the
    1145          sake of network efficiency, security checks, or payload transformations.
    1146       </p>
    1147       <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a id="start.line" href="#start.line">Start Line</a></h2>
    1148       <p id="rfc.section.3.1.p.1">An HTTP message can either be a request from client to server or a response from server to client. Syntactically, the two
    1149          types of message differ only in the start-line, which is either a request-line (for requests) or a status-line (for responses),
    1150          and in the algorithm for determining the length of the message body (<a href="#message.body" title="Message Body">Section&nbsp;3.3</a>). In theory, a client could receive requests and a server could receive responses, distinguishing them by their different
    1151          start-line formats, but in practice servers are implemented to only expect a request (a response is interpreted as an unknown
    1152          or invalid request method) and clients are implemented to only expect a response.
    1153       </p>
    1154       <div id="rfc.figure.u.12"></div><pre class="inline"><span id="rfc.iref.g.27"></span>  <a href="#http.message" class="smpl">start-line</a>     = <a href="#request.line" class="smpl">request-line</a> / <a href="#status.line" class="smpl">status-line</a>
     1177            hash table by field name until the empty line, and then use the parsed data to determine if a message body is expected. If
     1178            a message body has been indicated, then it is read as a stream until an amount of octets equal to the message body length
     1179            is read or the connection is closed.
     1180         </p>
     1181         <p id="rfc.section.3.p.4">Recipients <em class="bcp14">MUST</em> parse an HTTP message as a sequence of octets in an encoding that is a superset of US-ASCII <a href="#USASCII" id="rfc.xref.USASCII.2"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a>. Parsing an HTTP message as a stream of Unicode characters, without regard for the specific encoding, creates security vulnerabilities
     1182            due to the varying ways that string processing libraries handle invalid multibyte character sequences that contain the octet
     1183            LF (%x0A). String-based parsers can only be safely used within protocol elements after the element has been extracted from
     1184            the message, such as within a header field-value after message parsing has delineated the individual fields.
     1185         </p>
     1186         <p id="rfc.section.3.p.5">An HTTP message can be parsed as a stream for incremental processing or forwarding downstream. However, recipients cannot
     1187            rely on incremental delivery of partial messages, since some implementations will buffer or delay message forwarding for the
     1188            sake of network efficiency, security checks, or payload transformations.
     1189         </p>
     1190         <div id="start.line">
     1191            <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a href="#start.line">Start Line</a></h2>
     1192            <p id="rfc.section.3.1.p.1">An HTTP message can either be a request from client to server or a response from server to client. Syntactically, the two
     1193               types of message differ only in the start-line, which is either a request-line (for requests) or a status-line (for responses),
     1194               and in the algorithm for determining the length of the message body (<a href="#message.body" title="Message Body">Section&nbsp;3.3</a>). In theory, a client could receive requests and a server could receive responses, distinguishing them by their different
     1195               start-line formats, but in practice servers are implemented to only expect a request (a response is interpreted as an unknown
     1196               or invalid request method) and clients are implemented to only expect a response.
     1197            </p>
     1198            <div id="rfc.figure.u.12"></div><pre class="inline"><span id="rfc.iref.g.27"></span>  <a href="#http.message" class="smpl">start-line</a>     = <a href="#request.line" class="smpl">request-line</a> / <a href="#status.line" class="smpl">status-line</a>
    11551199</pre><p id="rfc.section.3.1.p.3">A sender <em class="bcp14">MUST NOT</em> send whitespace between the start-line and the first header field. The presence of such whitespace in a request might be an
    1156          attempt to trick a server into ignoring that field or processing the line after it as a new request, either of which might
    1157          result in a security vulnerability if other implementations within the request chain interpret the same message differently.
    1158          Likewise, the presence of such whitespace in a response might be ignored by some clients or cause others to cease parsing.
    1159       </p>
    1160       <h3 id="rfc.section.3.1.1"><a href="#rfc.section.3.1.1">3.1.1</a>&nbsp;<a id="request.line" href="#request.line">Request Line</a></h3>
    1161       <p id="rfc.section.3.1.1.p.1">A request-line begins with a method token, followed by a single space (SP), the request-target, another single space (SP),
    1162          the protocol version, and ending with CRLF.
    1163       </p>
    1164       <div id="rfc.figure.u.13"></div><pre class="inline"><span id="rfc.iref.g.28"></span>  <a href="#request.line" class="smpl">request-line</a>   = <a href="#method" class="smpl">method</a> <a href="#core.rules" class="smpl">SP</a> <a href="#request-target" class="smpl">request-target</a> <a href="#core.rules" class="smpl">SP</a> <a href="#http.version" class="smpl">HTTP-version</a> <a href="#core.rules" class="smpl">CRLF</a>
     1200               attempt to trick a server into ignoring that field or processing the line after it as a new request, either of which might
     1201               result in a security vulnerability if other implementations within the request chain interpret the same message differently.
     1202               Likewise, the presence of such whitespace in a response might be ignored by some clients or cause others to cease parsing.
     1203            </p>
     1204            <div id="request.line">
     1205               <h3 id="rfc.section.3.1.1"><a href="#rfc.section.3.1.1">3.1.1</a>&nbsp;<a href="#request.line">Request Line</a></h3>
     1206               <p id="rfc.section.3.1.1.p.1">A request-line begins with a method token, followed by a single space (SP), the request-target, another single space (SP),
     1207                  the protocol version, and ending with CRLF.
     1208               </p>
     1209               <div id="rfc.figure.u.13"></div><pre class="inline"><span id="rfc.iref.g.28"></span>  <a href="#request.line" class="smpl">request-line</a>   = <a href="#method" class="smpl">method</a> <a href="#core.rules" class="smpl">SP</a> <a href="#request-target" class="smpl">request-target</a> <a href="#core.rules" class="smpl">SP</a> <a href="#http.version" class="smpl">HTTP-version</a> <a href="#core.rules" class="smpl">CRLF</a>
    11651210</pre><p id="rfc.section.3.1.1.p.3">A server <em class="bcp14">MUST</em> be able to parse any received message that begins with a request-line and matches the ABNF rule for HTTP-message.
    1166       </p>
    1167       <div id="rfc.iref.m.2"></div>
    1168       <div id="method">
    1169          <p id="rfc.section.3.1.1.p.4">The method token indicates the request method to be performed on the target resource. The request method is case-sensitive.</p>
    1170       </div>
    1171       <div id="rfc.figure.u.14"></div><pre class="inline"><span id="rfc.iref.g.29"></span>  <a href="#method" class="smpl">method</a>         = <a href="#rule.token.separators" class="smpl">token</a>
     1211               </p>
     1212               <div id="rfc.iref.m.2"></div>
     1213               <div id="method">
     1214                  <p id="rfc.section.3.1.1.p.4">The method token indicates the request method to be performed on the target resource. The request method is case-sensitive.</p>
     1215               </div>
     1216               <div id="rfc.figure.u.14"></div><pre class="inline"><span id="rfc.iref.g.29"></span>  <a href="#method" class="smpl">method</a>         = <a href="#rule.token.separators" class="smpl">token</a>
    11721217</pre><p id="rfc.section.3.1.1.p.6">The methods defined by this specification can be found in <a href="p2-semantics.html#methods" title="Request Methods">Section 5</a> of <a href="#Part2" id="rfc.xref.Part2.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, along with information regarding the HTTP method registry and considerations for defining new methods.
    1173       </p>
    1174       <div id="rfc.iref.r.6"></div>
    1175       <p id="rfc.section.3.1.1.p.7">The request-target identifies the target resource upon which to apply the request, as defined in <a href="#request-target" title="Request Target">Section&nbsp;5.3</a>.
    1176       </p>
    1177       <p id="rfc.section.3.1.1.p.8">No whitespace is allowed inside the method, request-target, and protocol version. Hence, recipients typically parse the request-line
    1178          into its component parts by splitting on the SP characters.
    1179       </p>
    1180       <p id="rfc.section.3.1.1.p.9">Unfortunately, some user agents fail to properly encode hypertext references that have embedded whitespace, sending the characters
    1181          directly instead of properly percent-encoding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a <a href="p2-semantics.html#status.301" class="smpl">301 (Moved Permanently)</a> redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately
    1182          crafted to bypass security filters along the request chain.
    1183       </p>
    1184       <p id="rfc.section.3.1.1.p.10">HTTP does not place a pre-defined limit on the length of a request-line. A server that receives a method longer than any that
    1185          it implements <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.405" class="smpl">405 (Method Not Allowed)</a>, if it is an origin server, or a <a href="p2-semantics.html#status.501" class="smpl">501 (Not Implemented)</a> status code. A server <em class="bcp14">MUST</em> be prepared to receive URIs of unbounded length and respond with the <a href="p2-semantics.html#status.414" class="smpl">414 (URI Too Long)</a> status code if the received request-target would be longer than the server wishes to handle (see <a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 7.5.12</a> of <a href="#Part2" id="rfc.xref.Part2.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
    1186       </p>
    1187       <p id="rfc.section.3.1.1.p.11">Various ad-hoc limitations on request-line length are found in practice. It is <em class="bcp14">RECOMMENDED</em> that all HTTP senders and recipients support, at a minimum, request-line lengths of up to 8000 octets.
    1188       </p>
    1189       <h3 id="rfc.section.3.1.2"><a href="#rfc.section.3.1.2">3.1.2</a>&nbsp;<a id="status.line" href="#status.line">Status Line</a></h3>
    1190       <p id="rfc.section.3.1.2.p.1">The first line of a response message is the status-line, consisting of the protocol version, a space (SP), the status code,
    1191          another space, a possibly-empty textual phrase describing the status code, and ending with CRLF.
    1192       </p>
    1193       <div id="rfc.figure.u.15"></div><pre class="inline"><span id="rfc.iref.g.30"></span>  <a href="#status.line" class="smpl">status-line</a> = <a href="#http.version" class="smpl">HTTP-version</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.line" class="smpl">status-code</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.line" class="smpl">reason-phrase</a> <a href="#core.rules" class="smpl">CRLF</a>
     1218               </p>
     1219               <div id="rfc.iref.r.6"></div>
     1220               <p id="rfc.section.3.1.1.p.7">The request-target identifies the target resource upon which to apply the request, as defined in <a href="#request-target" title="Request Target">Section&nbsp;5.3</a>.
     1221               </p>
     1222               <p id="rfc.section.3.1.1.p.8">No whitespace is allowed inside the method, request-target, and protocol version. Hence, recipients typically parse the request-line
     1223                  into its component parts by splitting on the SP characters.
     1224               </p>
     1225               <p id="rfc.section.3.1.1.p.9">Unfortunately, some user agents fail to properly encode hypertext references that have embedded whitespace, sending the characters
     1226                  directly instead of properly percent-encoding the disallowed characters. Recipients of an invalid request-line <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> error or a <a href="p2-semantics.html#status.301" class="smpl">301 (Moved Permanently)</a> redirect with the request-target properly encoded. Recipients <em class="bcp14">SHOULD NOT</em> attempt to autocorrect and then process the request without a redirect, since the invalid request-line might be deliberately
     1227                  crafted to bypass security filters along the request chain.
     1228               </p>
     1229               <p id="rfc.section.3.1.1.p.10">HTTP does not place a pre-defined limit on the length of a request-line. A server that receives a method longer than any that
     1230                  it implements <em class="bcp14">SHOULD</em> respond with either a <a href="p2-semantics.html#status.405" class="smpl">405 (Method Not Allowed)</a>, if it is an origin server, or a <a href="p2-semantics.html#status.501" class="smpl">501 (Not Implemented)</a> status code. A server <em class="bcp14">MUST</em> be prepared to receive URIs of unbounded length and respond with the <a href="p2-semantics.html#status.414" class="smpl">414 (URI Too Long)</a> status code if the received request-target would be longer than the server wishes to handle (see <a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 7.5.12</a> of <a href="#Part2" id="rfc.xref.Part2.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
     1231               </p>
     1232               <p id="rfc.section.3.1.1.p.11">Various ad-hoc limitations on request-line length are found in practice. It is <em class="bcp14">RECOMMENDED</em> that all HTTP senders and recipients support, at a minimum, request-line lengths of up to 8000 octets.
     1233               </p>
     1234            </div>
     1235            <div id="status.line">
     1236               <h3 id="rfc.section.3.1.2"><a href="#rfc.section.3.1.2">3.1.2</a>&nbsp;<a href="#status.line">Status Line</a></h3>
     1237               <p id="rfc.section.3.1.2.p.1">The first line of a response message is the status-line, consisting of the protocol version, a space (SP), the status code,
     1238                  another space, a possibly-empty textual phrase describing the status code, and ending with CRLF.
     1239               </p>
     1240               <div id="rfc.figure.u.15"></div><pre class="inline"><span id="rfc.iref.g.30"></span>  <a href="#status.line" class="smpl">status-line</a> = <a href="#http.version" class="smpl">HTTP-version</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.line" class="smpl">status-code</a> <a href="#core.rules" class="smpl">SP</a> <a href="#status.line" class="smpl">reason-phrase</a> <a href="#core.rules" class="smpl">CRLF</a>
    11941241</pre><p id="rfc.section.3.1.2.p.3">A client <em class="bcp14">MUST</em> be able to parse any received message that begins with a status-line and matches the ABNF rule for HTTP-message.
    1195       </p>
    1196       <p id="rfc.section.3.1.2.p.4">The status-code element is a 3-digit integer code describing the result of the server's attempt to understand and satisfy
    1197          the client's corresponding request. The rest of the response message is to be interpreted in light of the semantics defined
    1198          for that status code. See <a href="p2-semantics.html#status.codes" title="Response Status Codes">Section 7</a> of <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> for information about the semantics of status codes, including the classes of status code (indicated by the first digit),
    1199          the status codes defined by this specification, considerations for the definition of new status codes, and the IANA registry.
    1200       </p>
    1201       <div id="rfc.figure.u.16"></div><pre class="inline"><span id="rfc.iref.g.31"></span>  <a href="#status.line" class="smpl">status-code</a>    = 3<a href="#core.rules" class="smpl">DIGIT</a>
     1242               </p>
     1243               <p id="rfc.section.3.1.2.p.4">The status-code element is a 3-digit integer code describing the result of the server's attempt to understand and satisfy
     1244                  the client's corresponding request. The rest of the response message is to be interpreted in light of the semantics defined
     1245                  for that status code. See <a href="p2-semantics.html#status.codes" title="Response Status Codes">Section 7</a> of <a href="#Part2" id="rfc.xref.Part2.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> for information about the semantics of status codes, including the classes of status code (indicated by the first digit),
     1246                  the status codes defined by this specification, considerations for the definition of new status codes, and the IANA registry.
     1247               </p>
     1248               <div id="rfc.figure.u.16"></div><pre class="inline"><span id="rfc.iref.g.31"></span>  <a href="#status.line" class="smpl">status-code</a>    = 3<a href="#core.rules" class="smpl">DIGIT</a>
    12021249</pre><p id="rfc.section.3.1.2.p.6">The reason-phrase element exists for the sole purpose of providing a textual description associated with the numeric status
    1203          code, mostly out of deference to earlier Internet application protocols that were more frequently used with interactive text
    1204          clients. A client <em class="bcp14">SHOULD</em> ignore the reason-phrase content.
    1205       </p>
    1206       <div id="rfc.figure.u.17"></div><pre class="inline"><span id="rfc.iref.g.32"></span>  <a href="#status.line" class="smpl">reason-phrase</a>  = *( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
    1207 </pre><h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="header.fields" href="#header.fields">Header Fields</a></h2>
    1208       <p id="rfc.section.3.2.p.1">Each HTTP header field consists of a case-insensitive field name followed by a colon (":"), optional whitespace, and the field
    1209          value.
    1210       </p>
    1211       <div id="rfc.figure.u.18"></div><pre class="inline"><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span>  <a href="#header.fields" class="smpl">header-field</a>   = <a href="#header.fields" class="smpl">field-name</a> ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.fields" class="smpl">field-value</a> <a href="#rule.whitespace" class="smpl">BWS</a>
     1250                  code, mostly out of deference to earlier Internet application protocols that were more frequently used with interactive text
     1251                  clients. A client <em class="bcp14">SHOULD</em> ignore the reason-phrase content.
     1252               </p>
     1253               <div id="rfc.figure.u.17"></div><pre class="inline"><span id="rfc.iref.g.32"></span>  <a href="#status.line" class="smpl">reason-phrase</a>  = *( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
     1254</pre></div>
     1255         </div>
     1256         <div id="header.fields">
     1257            <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a href="#header.fields">Header Fields</a></h2>
     1258            <p id="rfc.section.3.2.p.1">Each HTTP header field consists of a case-insensitive field name followed by a colon (":"), optional whitespace, and the field
     1259               value.
     1260            </p>
     1261            <div id="rfc.figure.u.18"></div><pre class="inline"><span id="rfc.iref.g.33"></span><span id="rfc.iref.g.34"></span><span id="rfc.iref.g.35"></span><span id="rfc.iref.g.36"></span><span id="rfc.iref.g.37"></span>  <a href="#header.fields" class="smpl">header-field</a>   = <a href="#header.fields" class="smpl">field-name</a> ":" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#header.fields" class="smpl">field-value</a> <a href="#rule.whitespace" class="smpl">BWS</a>
    12121262  <a href="#header.fields" class="smpl">field-name</a>     = <a href="#rule.token.separators" class="smpl">token</a>
    12131263  <a href="#header.fields" class="smpl">field-value</a>    = *( <a href="#header.fields" class="smpl">field-content</a> / <a href="#header.fields" class="smpl">obs-fold</a> )
     
    12171267                 ; see <a href="#field.parsing" title="Field Parsing">Section&nbsp;3.2.2</a>
    12181268</pre><p id="rfc.section.3.2.p.3">The field-name token labels the corresponding field-value as having the semantics defined by that header field. For example,
    1219          the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field is defined in <a href="p2-semantics.html#header.date" title="Date">Section 8.1.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> as containing the origination timestamp for the message in which it appears.
    1220       </p>
    1221       <p id="rfc.section.3.2.p.4">HTTP header fields are fully extensible: there is no limit on the introduction of new field names, each presumably defining
    1222          new semantics, or on the number of header fields used in a given message. Existing fields are defined in each part of this
    1223          specification and in many other specifications outside the standards process. New header fields can be introduced without
    1224          changing the protocol version if their defined semantics allow them to be safely ignored by recipients that do not recognize
    1225          them.
    1226       </p>
    1227       <p id="rfc.section.3.2.p.5">New HTTP header fields <em class="bcp14">SHOULD</em> be registered with IANA in the Message Header Field Registry, as described in <a href="p2-semantics.html#header.field.registry" title="Header Field Registry">Section 9.3</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. Unrecognized header fields <em class="bcp14">MUST</em> be forwarded by a proxy unless the field-name is listed in the <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section&nbsp;6.1</a>) or the proxy is specifically configured to block or otherwise transform such fields. Unrecognized header fields <em class="bcp14">SHOULD</em> be ignored by other recipients.
    1228       </p>
    1229       <p id="rfc.section.3.2.p.6">The order in which header fields with differing field names are received is not significant. However, it is "good practice"
    1230          to send header fields that contain control data first, such as <a href="#header.host" class="smpl">Host</a> on requests and <a href="p2-semantics.html#header.date" class="smpl">Date</a> on responses, so that implementations can decide when not to handle a message as early as possible. A server <em class="bcp14">MUST</em> wait until the entire header section is received before interpreting a request message, since later header fields might include
    1231          conditionals, authentication credentials, or deliberately misleading duplicate header fields that would impact request processing.
    1232       </p>
    1233       <p id="rfc.section.3.2.p.7">Multiple header fields with the same field name <em class="bcp14">MUST NOT</em> be sent in a message unless the entire field value for that header field is defined as a comma-separated list [i.e., #(values)].
    1234          Multiple header fields with the same field name can be combined into one "field-name: field-value" pair, without changing
    1235          the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by
    1236          a comma. The order in which header fields with the same field name are received is therefore significant to the interpretation
    1237          of the combined field value; a proxy <em class="bcp14">MUST NOT</em> change the order of these field values when forwarding a message.
    1238       </p>
    1239       <div class="note" id="rfc.section.3.2.p.8">
    1240          <p> <b>Note:</b> The "Set-Cookie" header field as implemented in practice can occur multiple times, but does not use the list syntax, and thus
    1241             cannot be combined into a single line (<a href="#RFC6265" id="rfc.xref.RFC6265.2"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a>). (See Appendix A.2.3 of <a href="#Kri2001" id="rfc.xref.Kri2001.1"><cite title="HTTP Cookies: Standards, Privacy, and Politics">[Kri2001]</cite></a> for details.) Also note that the Set-Cookie2 header field specified in <a href="#RFC2965" id="rfc.xref.RFC2965.1"><cite title="HTTP State Management Mechanism">[RFC2965]</cite></a> does not share this problem.
    1242          </p>
    1243       </div>
    1244       <h3 id="rfc.section.3.2.1"><a href="#rfc.section.3.2.1">3.2.1</a>&nbsp;<a id="whitespace" href="#whitespace">Whitespace</a></h3>
    1245       <div id="rule.LWS">
    1246          <p id="rfc.section.3.2.1.p.1">This specification uses three rules to denote the use of linear whitespace: OWS (optional whitespace), RWS (required whitespace),
    1247             and BWS ("bad" whitespace).
    1248          </p>
    1249       </div>
    1250       <div id="rule.OWS">
    1251          <p id="rfc.section.3.2.1.p.2">The OWS rule is used where zero or more linear whitespace octets might appear. OWS <em class="bcp14">SHOULD</em> either not be produced or be produced as a single SP. Multiple OWS octets that occur within field-content <em class="bcp14">SHOULD</em> either be replaced with a single SP or transformed to all SP octets (each octet other than SP replaced with SP) before interpreting
    1252             the field value or forwarding the message downstream.
    1253          </p>
    1254       </div>
    1255       <div id="rule.RWS">
    1256          <p id="rfc.section.3.2.1.p.3">RWS is used when at least one linear whitespace octet is required to separate field tokens. RWS <em class="bcp14">SHOULD</em> be produced as a single SP. Multiple RWS octets that occur within field-content <em class="bcp14">SHOULD</em> either be replaced with a single SP or transformed to all SP octets before interpreting the field value or forwarding the
    1257             message downstream.
    1258          </p>
    1259       </div>
    1260       <div id="rule.BWS">
    1261          <p id="rfc.section.3.2.1.p.4">BWS is used where the grammar allows optional whitespace, for historical reasons, but senders <em class="bcp14">SHOULD NOT</em> produce it in messages; recipients <em class="bcp14">MUST</em> accept such bad optional whitespace and remove it before interpreting the field value or forwarding the message downstream.
    1262          </p>
    1263       </div>
    1264       <div id="rule.whitespace">
    1265          <p id="rfc.section.3.2.1.p.5">      </p>
    1266       </div>
    1267       <div id="rfc.figure.u.19"></div><pre class="inline"><span id="rfc.iref.g.38"></span><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span>  <a href="#rule.whitespace" class="smpl">OWS</a>            = *( <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">HTAB</a> )
     1269               the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field is defined in <a href="p2-semantics.html#header.date" title="Date">Section 8.1.1.2</a> of <a href="#Part2" id="rfc.xref.Part2.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a> as containing the origination timestamp for the message in which it appears.
     1270            </p>
     1271            <p id="rfc.section.3.2.p.4">HTTP header fields are fully extensible: there is no limit on the introduction of new field names, each presumably defining
     1272               new semantics, or on the number of header fields used in a given message. Existing fields are defined in each part of this
     1273               specification and in many other specifications outside the standards process. New header fields can be introduced without
     1274               changing the protocol version if their defined semantics allow them to be safely ignored by recipients that do not recognize
     1275               them.
     1276            </p>
     1277            <p id="rfc.section.3.2.p.5">New HTTP header fields <em class="bcp14">SHOULD</em> be registered with IANA in the Message Header Field Registry, as described in <a href="p2-semantics.html#header.field.registry" title="Header Field Registry">Section 9.3</a> of <a href="#Part2" id="rfc.xref.Part2.10"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. Unrecognized header fields <em class="bcp14">MUST</em> be forwarded by a proxy unless the field-name is listed in the <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.3" title="Connection">Section&nbsp;6.1</a>) or the proxy is specifically configured to block or otherwise transform such fields. Unrecognized header fields <em class="bcp14">SHOULD</em> be ignored by other recipients.
     1278            </p>
     1279            <p id="rfc.section.3.2.p.6">The order in which header fields with differing field names are received is not significant. However, it is "good practice"
     1280               to send header fields that contain control data first, such as <a href="#header.host" class="smpl">Host</a> on requests and <a href="p2-semantics.html#header.date" class="smpl">Date</a> on responses, so that implementations can decide when not to handle a message as early as possible. A server <em class="bcp14">MUST</em> wait until the entire header section is received before interpreting a request message, since later header fields might include
     1281               conditionals, authentication credentials, or deliberately misleading duplicate header fields that would impact request processing.
     1282            </p>
     1283            <p id="rfc.section.3.2.p.7">Multiple header fields with the same field name <em class="bcp14">MUST NOT</em> be sent in a message unless the entire field value for that header field is defined as a comma-separated list [i.e., #(values)].
     1284               Multiple header fields with the same field name can be combined into one "field-name: field-value" pair, without changing
     1285               the semantics of the message, by appending each subsequent field value to the combined field value in order, separated by
     1286               a comma. The order in which header fields with the same field name are received is therefore significant to the interpretation
     1287               of the combined field value; a proxy <em class="bcp14">MUST NOT</em> change the order of these field values when forwarding a message.
     1288            </p>
     1289            <div class="note" id="rfc.section.3.2.p.8">
     1290               <p><b>Note:</b> The "Set-Cookie" header field as implemented in practice can occur multiple times, but does not use the list syntax, and thus
     1291                  cannot be combined into a single line (<a href="#RFC6265" id="rfc.xref.RFC6265.2"><cite title="HTTP State Management Mechanism">[RFC6265]</cite></a>). (See Appendix A.2.3 of <a href="#Kri2001" id="rfc.xref.Kri2001.1"><cite title="HTTP Cookies: Standards, Privacy, and Politics">[Kri2001]</cite></a> for details.) Also note that the Set-Cookie2 header field specified in <a href="#RFC2965" id="rfc.xref.RFC2965.1"><cite title="HTTP State Management Mechanism">[RFC2965]</cite></a> does not share this problem.
     1292               </p>
     1293            </div>
     1294            <div id="whitespace">
     1295               <h3 id="rfc.section.3.2.1"><a href="#rfc.section.3.2.1">3.2.1</a>&nbsp;<a href="#whitespace">Whitespace</a></h3>
     1296               <div id="rule.LWS">
     1297                  <p id="rfc.section.3.2.1.p.1">This specification uses three rules to denote the use of linear whitespace: OWS (optional whitespace), RWS (required whitespace),
     1298                     and BWS ("bad" whitespace).
     1299                  </p>
     1300               </div>
     1301               <div id="rule.OWS">
     1302                  <p id="rfc.section.3.2.1.p.2">The OWS rule is used where zero or more linear whitespace octets might appear. OWS <em class="bcp14">SHOULD</em> either not be produced or be produced as a single SP. Multiple OWS octets that occur within field-content <em class="bcp14">SHOULD</em> either be replaced with a single SP or transformed to all SP octets (each octet other than SP replaced with SP) before interpreting
     1303                     the field value or forwarding the message downstream.
     1304                  </p>
     1305               </div>
     1306               <div id="rule.RWS">
     1307                  <p id="rfc.section.3.2.1.p.3">RWS is used when at least one linear whitespace octet is required to separate field tokens. RWS <em class="bcp14">SHOULD</em> be produced as a single SP. Multiple RWS octets that occur within field-content <em class="bcp14">SHOULD</em> either be replaced with a single SP or transformed to all SP octets before interpreting the field value or forwarding the
     1308                     message downstream.
     1309                  </p>
     1310               </div>
     1311               <div id="rule.BWS">
     1312                  <p id="rfc.section.3.2.1.p.4">BWS is used where the grammar allows optional whitespace, for historical reasons, but senders <em class="bcp14">SHOULD NOT</em> produce it in messages; recipients <em class="bcp14">MUST</em> accept such bad optional whitespace and remove it before interpreting the field value or forwarding the message downstream.
     1313                  </p>
     1314               </div>
     1315               <div id="rule.whitespace">
     1316                  <p id="rfc.section.3.2.1.p.5">   </p>
     1317               </div>
     1318               <div id="rfc.figure.u.19"></div><pre class="inline"><span id="rfc.iref.g.38"></span><span id="rfc.iref.g.39"></span><span id="rfc.iref.g.40"></span>  <a href="#rule.whitespace" class="smpl">OWS</a>            = *( <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">HTAB</a> )
    12681319                 ; "optional" whitespace
    12691320  <a href="#rule.whitespace" class="smpl">RWS</a>            = 1*( <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">HTAB</a> )
     
    12711322  <a href="#rule.whitespace" class="smpl">BWS</a>            = <a href="#rule.whitespace" class="smpl">OWS</a>
    12721323                 ; "bad" whitespace
    1273 </pre><h3 id="rfc.section.3.2.2"><a href="#rfc.section.3.2.2">3.2.2</a>&nbsp;<a id="field.parsing" href="#field.parsing">Field Parsing</a></h3>
    1274       <p id="rfc.section.3.2.2.p.1">No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace
    1275          have led to security vulnerabilities in request routing and response handling. Any received request message that contains
    1276          whitespace between a header field-name and colon <em class="bcp14">MUST</em> be rejected with a response code of 400 (Bad Request). A proxy <em class="bcp14">MUST</em> remove any such whitespace from a response message before forwarding the message downstream.
    1277       </p>
    1278       <p id="rfc.section.3.2.2.p.2">A field value <em class="bcp14">MAY</em> be preceded by optional whitespace (OWS); a single SP is preferred. The field value does not include any leading or trailing
    1279          white space: OWS occurring before the first non-whitespace octet of the field value or after the last non-whitespace octet
    1280          of the field value is ignored and <em class="bcp14">SHOULD</em> be removed before further processing (as this does not change the meaning of the header field).
    1281       </p>
    1282       <p id="rfc.section.3.2.2.p.3">Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one
    1283          space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type
    1284          (<a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section&nbsp;7.3.1</a>). HTTP senders <em class="bcp14">MUST NOT</em> produce messages that include line folding (i.e., that contain any field-value that matches the obs-fold rule) unless the
    1285          message is intended for packaging within the message/http media type. HTTP recipients <em class="bcp14">SHOULD</em> accept line folding and replace any embedded obs-fold whitespace with either a single SP or a matching number of SP octets
    1286          (to avoid buffer copying) prior to interpreting the field value or forwarding the message downstream.
    1287       </p>
    1288       <p id="rfc.section.3.2.2.p.4">Historically, HTTP has allowed field content with text in the ISO-8859-1 <a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a> character encoding and supported other character sets only through use of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a> encoding. In practice, most HTTP header field values use only a subset of the US-ASCII character encoding <a href="#USASCII" id="rfc.xref.USASCII.3"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a>. Newly defined header fields <em class="bcp14">SHOULD</em> limit their field values to US-ASCII octets. Recipients <em class="bcp14">SHOULD</em> treat other (obs-text) octets in field content as opaque data.
    1289       </p>
    1290       <h3 id="rfc.section.3.2.3"><a href="#rfc.section.3.2.3">3.2.3</a>&nbsp;<a id="field.length" href="#field.length">Field Length</a></h3>
    1291       <p id="rfc.section.3.2.3.p.1">HTTP does not place a pre-defined limit on the length of header fields, either in isolation or as a set. A server <em class="bcp14">MUST</em> be prepared to receive request header fields of unbounded length and respond with a <a href="p2-semantics.html#status.4xx" class="smpl">4xx
    1292             (Client Error)</a> status code if the received header field(s) would be longer than the server wishes to handle.
    1293       </p>
    1294       <p id="rfc.section.3.2.3.p.2">A client that receives response header fields that are longer than it wishes to handle can only treat it as a server error.</p>
    1295       <p id="rfc.section.3.2.3.p.3">Various ad-hoc limitations on header field length are found in practice. It is <em class="bcp14">RECOMMENDED</em> that all HTTP senders and recipients support messages whose combined header fields have 4000 or more octets.
    1296       </p>
    1297       <h3 id="rfc.section.3.2.4"><a href="#rfc.section.3.2.4">3.2.4</a>&nbsp;<a id="field.components" href="#field.components">Field value components</a></h3>
    1298       <div id="rule.token.separators">
    1299          <p id="rfc.section.3.2.4.p.1">        Many HTTP header field values consist of words (token or quoted-string) separated by whitespace or special characters. These
    1300             special characters <em class="bcp14">MUST</em> be in a quoted string to be used within a parameter value (as defined in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
    1301          </p>
    1302       </div>
    1303       <div id="rfc.figure.u.20"></div><pre class="inline"><span id="rfc.iref.g.41"></span><span id="rfc.iref.g.42"></span><span id="rfc.iref.g.43"></span><span id="rfc.iref.g.44"></span>  <a href="#rule.token.separators" class="smpl">word</a>           = <a href="#rule.token.separators" class="smpl">token</a> / <a href="#rule.quoted-string" class="smpl">quoted-string</a>
     1324</pre></div>
     1325            <div id="field.parsing">
     1326               <h3 id="rfc.section.3.2.2"><a href="#rfc.section.3.2.2">3.2.2</a>&nbsp;<a href="#field.parsing">Field Parsing</a></h3>
     1327               <p id="rfc.section.3.2.2.p.1">No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace
     1328                  have led to security vulnerabilities in request routing and response handling. Any received request message that contains
     1329                  whitespace between a header field-name and colon <em class="bcp14">MUST</em> be rejected with a response code of 400 (Bad Request). A proxy <em class="bcp14">MUST</em> remove any such whitespace from a response message before forwarding the message downstream.
     1330               </p>
     1331               <p id="rfc.section.3.2.2.p.2">A field value <em class="bcp14">MAY</em> be preceded by optional whitespace (OWS); a single SP is preferred. The field value does not include any leading or trailing
     1332                  white space: OWS occurring before the first non-whitespace octet of the field value or after the last non-whitespace octet
     1333                  of the field value is ignored and <em class="bcp14">SHOULD</em> be removed before further processing (as this does not change the meaning of the header field).
     1334               </p>
     1335               <p id="rfc.section.3.2.2.p.3">Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one
     1336                  space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type
     1337                  (<a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section&nbsp;7.3.1</a>). HTTP senders <em class="bcp14">MUST NOT</em> produce messages that include line folding (i.e., that contain any field-value that matches the obs-fold rule) unless the
     1338                  message is intended for packaging within the message/http media type. HTTP recipients <em class="bcp14">SHOULD</em> accept line folding and replace any embedded obs-fold whitespace with either a single SP or a matching number of SP octets
     1339                  (to avoid buffer copying) prior to interpreting the field value or forwarding the message downstream.
     1340               </p>
     1341               <p id="rfc.section.3.2.2.p.4">Historically, HTTP has allowed field content with text in the ISO-8859-1 <a href="#ISO-8859-1" id="rfc.xref.ISO-8859-1.1"><cite title="Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1">[ISO-8859-1]</cite></a> character encoding and supported other character sets only through use of <a href="#RFC2047" id="rfc.xref.RFC2047.1"><cite title="MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text">[RFC2047]</cite></a> encoding. In practice, most HTTP header field values use only a subset of the US-ASCII character encoding <a href="#USASCII" id="rfc.xref.USASCII.3"><cite title="Coded Character Set -- 7-bit American Standard Code for Information Interchange">[USASCII]</cite></a>. Newly defined header fields <em class="bcp14">SHOULD</em> limit their field values to US-ASCII octets. Recipients <em class="bcp14">SHOULD</em> treat other (obs-text) octets in field content as opaque data.
     1342               </p>
     1343            </div>
     1344            <div id="field.length">
     1345               <h3 id="rfc.section.3.2.3"><a href="#rfc.section.3.2.3">3.2.3</a>&nbsp;<a href="#field.length">Field Length</a></h3>
     1346               <p id="rfc.section.3.2.3.p.1">HTTP does not place a pre-defined limit on the length of header fields, either in isolation or as a set. A server <em class="bcp14">MUST</em> be prepared to receive request header fields of unbounded length and respond with a <a href="p2-semantics.html#status.4xx" class="smpl">4xx
     1347                     (Client Error)</a> status code if the received header field(s) would be longer than the server wishes to handle.
     1348               </p>
     1349               <p id="rfc.section.3.2.3.p.2">A client that receives response header fields that are longer than it wishes to handle can only treat it as a server error.</p>
     1350               <p id="rfc.section.3.2.3.p.3">Various ad-hoc limitations on header field length are found in practice. It is <em class="bcp14">RECOMMENDED</em> that all HTTP senders and recipients support messages whose combined header fields have 4000 or more octets.
     1351               </p>
     1352            </div>
     1353            <div id="field.components">
     1354               <h3 id="rfc.section.3.2.4"><a href="#rfc.section.3.2.4">3.2.4</a>&nbsp;<a href="#field.components">Field value components</a></h3>
     1355               <div id="rule.token.separators">
     1356                  <p id="rfc.section.3.2.4.p.1">    Many HTTP header field values consist of words (token or quoted-string) separated by whitespace or special characters. These
     1357                     special characters <em class="bcp14">MUST</em> be in a quoted string to be used within a parameter value (as defined in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
     1358                  </p>
     1359               </div>
     1360               <div id="rfc.figure.u.20"></div><pre class="inline"><span id="rfc.iref.g.41"></span><span id="rfc.iref.g.42"></span><span id="rfc.iref.g.43"></span><span id="rfc.iref.g.44"></span>  <a href="#rule.token.separators" class="smpl">word</a>           = <a href="#rule.token.separators" class="smpl">token</a> / <a href="#rule.quoted-string" class="smpl">quoted-string</a>
    13041361
    13051362  <a href="#rule.token.separators" class="smpl">token</a>          = 1*<a href="#rule.token.separators" class="smpl">tchar</a>
     
    13141371                 / "]" / "?" / "=" / "{" / "}"
    13151372</pre><div id="rule.quoted-string">
    1316          <p id="rfc.section.3.2.4.p.3">      A string of text is parsed as a single word if it is quoted using double-quote marks.</p>
    1317       </div>
    1318       <div id="rfc.figure.u.21"></div><pre class="inline"><span id="rfc.iref.g.45"></span><span id="rfc.iref.g.46"></span><span id="rfc.iref.g.47"></span>  <a href="#rule.quoted-string" class="smpl">quoted-string</a>  = <a href="#core.rules" class="smpl">DQUOTE</a> *( <a href="#rule.quoted-string" class="smpl">qdtext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> ) <a href="#core.rules" class="smpl">DQUOTE</a>
     1373                  <p id="rfc.section.3.2.4.p.3">   A string of text is parsed as a single word if it is quoted using double-quote marks.</p>
     1374               </div>
     1375               <div id="rfc.figure.u.21"></div><pre class="inline"><span id="rfc.iref.g.45"></span><span id="rfc.iref.g.46"></span><span id="rfc.iref.g.47"></span>  <a href="#rule.quoted-string" class="smpl">quoted-string</a>  = <a href="#core.rules" class="smpl">DQUOTE</a> *( <a href="#rule.quoted-string" class="smpl">qdtext</a> / <a href="#rule.quoted-pair" class="smpl">quoted-pair</a> ) <a href="#core.rules" class="smpl">DQUOTE</a>
    13191376  <a href="#rule.quoted-string" class="smpl">qdtext</a>         = <a href="#rule.whitespace" class="smpl">OWS</a> / %x21 / %x23-5B / %x5D-7E / <a href="#rule.quoted-string" class="smpl">obs-text</a>
    13201377  <a href="#rule.quoted-string" class="smpl">obs-text</a>       = %x80-FF
    13211378</pre><div id="rule.quoted-pair">
    1322          <p id="rfc.section.3.2.4.p.5"> The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string constructs:</p>
    1323       </div>
    1324       <div id="rfc.figure.u.22"></div><pre class="inline"><span id="rfc.iref.g.48"></span>  <a href="#rule.quoted-pair" class="smpl">quoted-pair</a>    = "\" ( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
     1379                  <p id="rfc.section.3.2.4.p.5"> The backslash octet ("\") can be used as a single-octet quoting mechanism within quoted-string constructs:</p>
     1380               </div>
     1381               <div id="rfc.figure.u.22"></div><pre class="inline"><span id="rfc.iref.g.48"></span>  <a href="#rule.quoted-pair" class="smpl">quoted-pair</a>    = "\" ( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
    13251382</pre><p id="rfc.section.3.2.4.p.7">Recipients that process the value of the quoted-string <em class="bcp14">MUST</em> handle a quoted-pair as if it were replaced by the octet following the backslash.
    1326       </p>
    1327       <p id="rfc.section.3.2.4.p.8">Senders <em class="bcp14">SHOULD NOT</em> escape octets in quoted-strings that do not require escaping (i.e., other than DQUOTE and the backslash octet).
    1328       </p>
    1329       <div id="rule.comment">
    1330          <p id="rfc.section.3.2.4.p.9">    Comments can be included in some HTTP header fields by surrounding the comment text with parentheses. Comments are only allowed
    1331             in fields containing "comment" as part of their field value definition.
    1332          </p>
    1333       </div>
    1334       <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.49"></span><span id="rfc.iref.g.50"></span>  <a href="#rule.comment" class="smpl">comment</a>        = "(" *( <a href="#rule.comment" class="smpl">ctext</a> / <a href="#rule.quoted-cpair" class="smpl">quoted-cpair</a> / <a href="#rule.comment" class="smpl">comment</a> ) ")"
     1383               </p>
     1384               <p id="rfc.section.3.2.4.p.8">Senders <em class="bcp14">SHOULD NOT</em> escape octets in quoted-strings that do not require escaping (i.e., other than DQUOTE and the backslash octet).
     1385               </p>
     1386               <div id="rule.comment">
     1387                  <p id="rfc.section.3.2.4.p.9">  Comments can be included in some HTTP header fields by surrounding the comment text with parentheses. Comments are only allowed
     1388                     in fields containing "comment" as part of their field value definition.
     1389                  </p>
     1390               </div>
     1391               <div id="rfc.figure.u.23"></div><pre class="inline"><span id="rfc.iref.g.49"></span><span id="rfc.iref.g.50"></span>  <a href="#rule.comment" class="smpl">comment</a>        = "(" *( <a href="#rule.comment" class="smpl">ctext</a> / <a href="#rule.quoted-cpair" class="smpl">quoted-cpair</a> / <a href="#rule.comment" class="smpl">comment</a> ) ")"
    13351392  <a href="#rule.comment" class="smpl">ctext</a>          = <a href="#rule.whitespace" class="smpl">OWS</a> / %x21-27 / %x2A-5B / %x5D-7E / <a href="#rule.quoted-string" class="smpl">obs-text</a>
    13361393</pre><div id="rule.quoted-cpair">
    1337          <p id="rfc.section.3.2.4.p.11">  The backslash octet ("\") can be used as a single-octet quoting mechanism within comment constructs:</p>
     1394                  <p id="rfc.section.3.2.4.p.11"> The backslash octet ("\") can be used as a single-octet quoting mechanism within comment constructs:</p>
     1395               </div>
     1396               <div id="rfc.figure.u.24"></div><pre class="inline"><span id="rfc.iref.g.51"></span>  <a href="#rule.quoted-cpair" class="smpl">quoted-cpair</a>   = "\" ( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
     1397</pre><p id="rfc.section.3.2.4.p.13">Senders <em class="bcp14">SHOULD NOT</em> escape octets in comments that do not require escaping (i.e., other than the backslash octet "\" and the parentheses "(" and
     1398                  ")").
     1399               </p>
     1400            </div>
     1401         </div>
     1402         <div id="message.body">
     1403            <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;<a href="#message.body">Message Body</a></h2>
     1404            <p id="rfc.section.3.3.p.1">The message body (if any) of an HTTP message is used to carry the payload body of that request or response. The message body
     1405               is identical to the payload body unless a transfer coding has been applied, as described in <a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.1" title="Transfer-Encoding">Section&nbsp;3.3.1</a>.
     1406            </p>
     1407            <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.52"></span>  <a href="#message.body" class="smpl">message-body</a> = *OCTET
     1408</pre><p id="rfc.section.3.3.p.3">The rules for when a message body is allowed in a message differ for requests and responses.</p>
     1409            <p id="rfc.section.3.3.p.4">The presence of a message body in a request is signaled by a a <a href="#header.content-length" class="smpl">Content-Length</a> or <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field. Request message framing is independent of method semantics, even if the method does not define any use for a
     1410               message body.
     1411            </p>
     1412            <p id="rfc.section.3.3.p.5">The presence of a message body in a response depends on both the request method to which it is responding and the response
     1413               status code (<a href="#status.line" title="Status Line">Section&nbsp;3.1.2</a>). Responses to the HEAD request method never include a message body because the associated response header fields (e.g., <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, <a href="#header.content-length" class="smpl">Content-Length</a>, etc.), if present, indicate only what their values would have been if the request method had been GET (<a href="p2-semantics.html#HEAD" title="HEAD">Section 5.3.2</a> of <a href="#Part2" id="rfc.xref.Part2.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> responses to CONNECT switch to tunnel mode instead of having a message body (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). All <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a>, <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>, and <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> responses <em class="bcp14">MUST NOT</em> include a message body. All other responses do include a message body, although the body <em class="bcp14">MAY</em> be of zero length.
     1414            </p>
     1415            <div id="header.transfer-encoding">
     1416               <div id="rfc.iref.t.4"></div>
     1417               <h3 id="rfc.section.3.3.1"><a href="#rfc.section.3.3.1">3.3.1</a>&nbsp;<a href="#header.transfer-encoding">Transfer-Encoding</a></h3>
     1418               <p id="rfc.section.3.3.1.p.1">When one or more transfer codings are applied to a payload body in order to form the message body, a Transfer-Encoding header
     1419                  field <em class="bcp14">MUST</em> be sent in the message and <em class="bcp14">MUST</em> contain the list of corresponding transfer-coding names in the same order that they were applied. Transfer codings are defined
     1420                  in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>.
     1421               </p>
     1422               <div id="rfc.figure.u.26"></div><pre class="inline"><span id="rfc.iref.g.53"></span>  <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> = 1#<a href="#transfer.codings" class="smpl">transfer-coding</a>
     1423</pre><p id="rfc.section.3.3.1.p.3">Transfer-Encoding is analogous to the Content-Transfer-Encoding field of MIME, which was designed to enable safe transport
     1424                  of binary data over a 7-bit transport service (<a href="#RFC2045" id="rfc.xref.RFC2045.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>, <a href="https://tools.ietf.org/html/rfc2045#section-6">Section 6</a>). However, safe transport has a different focus for an 8bit-clean transfer protocol. In HTTP's case, Transfer-Encoding is
     1425                  primarily intended to accurately delimit a dynamically generated payload and to distinguish payload encodings that are only
     1426                  applied for transport efficiency or security from those that are characteristics of the target resource.
     1427               </p>
     1428               <p id="rfc.section.3.3.1.p.4">The "chunked" transfer-coding (<a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>) <em class="bcp14">MUST</em> be implemented by all HTTP/1.1 recipients because it plays a crucial role in delimiting messages when the payload body size
     1429                  is not known in advance. When the "chunked" transfer-coding is used, it <em class="bcp14">MUST</em> be the last transfer-coding applied to form the message body and <em class="bcp14">MUST NOT</em> be applied more than once in a message body. If any transfer-coding is applied to a request payload body, the final transfer-coding
     1430                  applied <em class="bcp14">MUST</em> be "chunked". If any transfer-coding is applied to a response payload body, then either the final transfer-coding applied <em class="bcp14">MUST</em> be "chunked" or the message <em class="bcp14">MUST</em> be terminated by closing the connection.
     1431               </p>
     1432               <div id="rfc.figure.u.27"></div>
     1433               <p>For example,</p><pre class="text">  Transfer-Encoding: gzip, chunked
     1434</pre><p>indicates that the payload body has been compressed using the gzip coding and then chunked using the chunked coding while
     1435                  forming the message body.
     1436               </p>
     1437               <p id="rfc.section.3.3.1.p.6">If more than one Transfer-Encoding header field is present in a message, the multiple field-values <em class="bcp14">MUST</em> be combined into one field-value, according to the algorithm defined in <a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>, before determining the message body length.
     1438               </p>
     1439               <p id="rfc.section.3.3.1.p.7">Unlike <a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 3.1.2.1</a> of <a href="#Part2" id="rfc.xref.Part2.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>), Transfer-Encoding is a property of the message, not of the payload, and thus <em class="bcp14">MAY</em> be added or removed by any implementation along the request/response chain. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other header fields not defined by this specification.
     1440               </p>
     1441               <p id="rfc.section.3.3.1.p.8">Transfer-Encoding <em class="bcp14">MAY</em> be sent in a response to a HEAD request or in a <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> response (<a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>) to a GET request, neither of which includes a message body, to indicate that the origin server would have applied a transfer
     1442                  coding to the message body if the request had been an unconditional GET. This indication is not required, however, because
     1443                  any recipient on the response chain (including the origin server) can remove transfer codings when they are not needed.
     1444               </p>
     1445               <p id="rfc.section.3.3.1.p.9">Transfer-Encoding was added in HTTP/1.1. It is generally assumed that implementations advertising only HTTP/1.0 support will
     1446                  not understand how to process a transfer-encoded payload. A client <em class="bcp14">MUST NOT</em> send a request containing Transfer-Encoding unless it knows the server will handle HTTP/1.1 (or later) requests; such knowledge
     1447                  might be in the form of specific user configuration or by remembering the version of a prior received response. A server <em class="bcp14">MUST NOT</em> send a response containing Transfer-Encoding unless the corresponding request indicates HTTP/1.1 (or later).
     1448               </p>
     1449               <p id="rfc.section.3.3.1.p.10">A server that receives a request message with a transfer-coding it does not understand <em class="bcp14">SHOULD</em> respond with <a href="p2-semantics.html#status.501" class="smpl">501 (Not Implemented)</a> and then close the connection.
     1450               </p>
     1451            </div>
     1452            <div id="header.content-length">
     1453               <div id="rfc.iref.c.6"></div>
     1454               <h3 id="rfc.section.3.3.2"><a href="#rfc.section.3.3.2">3.3.2</a>&nbsp;<a href="#header.content-length">Content-Length</a></h3>
     1455               <p id="rfc.section.3.3.2.p.1">When a message is allowed to contain a message body, does not have a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field, and has a payload body length that is known to the sender before the message header section has been sent, the
     1456                  sender <em class="bcp14">SHOULD</em> send a Content-Length header field to indicate the length of the payload body as a decimal number of octets.
     1457               </p>
     1458               <div id="rfc.figure.u.28"></div><pre class="inline"><span id="rfc.iref.g.54"></span>  <a href="#header.content-length" class="smpl">Content-Length</a> = 1*<a href="#core.rules" class="smpl">DIGIT</a>
     1459</pre><p id="rfc.section.3.3.2.p.3">An example is</p>
     1460               <div id="rfc.figure.u.29"></div><pre class="text">  Content-Length: 3495
     1461</pre><p id="rfc.section.3.3.2.p.5">A sender <em class="bcp14">MUST NOT</em> send a Content-Length header field in any message that contains a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field.
     1462               </p>
     1463               <p id="rfc.section.3.3.2.p.6">A server <em class="bcp14">MAY</em> send a Content-Length header field in a response to a HEAD request (<a href="p2-semantics.html#HEAD" title="HEAD">Section 5.3.2</a> of <a href="#Part2" id="rfc.xref.Part2.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>); a server <em class="bcp14">MUST NOT</em> send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent
     1464                  in the payload body of a response if the same request had used the GET method.
     1465               </p>
     1466               <p id="rfc.section.3.3.2.p.7">A server <em class="bcp14">MAY</em> send a Content-Length header field in a <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> response to a conditional GET request (<a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>); a server <em class="bcp14">MUST NOT</em> send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent
     1467                  in the payload body of a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to the same request.
     1468               </p>
     1469               <p id="rfc.section.3.3.2.p.8">A server <em class="bcp14">MUST NOT</em> send a Content-Length header field in any response with a status code of <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a> or <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>. A server <em class="bcp14">SHOULD NOT</em> send a Content-Length header field in any <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> response to a CONNECT request (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
     1470               </p>
     1471               <p id="rfc.section.3.3.2.p.9">Any Content-Length field value greater than or equal to zero is valid. Since there is no predefined limit to the length of
     1472                  an HTTP payload, recipients <em class="bcp14">SHOULD</em> anticipate potentially large decimal numerals and prevent parsing errors due to integer conversion overflows (<a href="#attack.protocol.element.size.overflows" title="Protocol Element Size Overflows">Section&nbsp;8.6</a>).
     1473               </p>
     1474               <p id="rfc.section.3.3.2.p.10">If a message is received that has multiple Content-Length header fields with field-values consisting of the same decimal value,
     1475                  or a single Content-Length header field with a field value containing a list of identical decimal values (e.g., "Content-Length:
     1476                  42, 42"), indicating that duplicate Content-Length header fields have been generated or combined by an upstream message processor,
     1477                  then the recipient <em class="bcp14">MUST</em> either reject the message as invalid or replace the duplicated field-values with a single valid Content-Length field containing
     1478                  that decimal value prior to determining the message body length.
     1479               </p>
     1480               <div class="note" id="rfc.section.3.3.2.p.11">
     1481                  <p><b>Note:</b> HTTP's use of Content-Length for message framing differs significantly from the same field's use in MIME, where it is an optional
     1482                     field used only within the "message/external-body" media-type.
     1483                  </p>
     1484               </div>
     1485            </div>
     1486            <div id="message.body.length">
     1487               <h3 id="rfc.section.3.3.3"><a href="#rfc.section.3.3.3">3.3.3</a>&nbsp;<a href="#message.body.length">Message Body Length</a></h3>
     1488               <p id="rfc.section.3.3.3.p.1">The length of a message body is determined by one of the following (in order of precedence):</p>
     1489               <p id="rfc.section.3.3.3.p.2"></p>
     1490               <ol>
     1491                  <li>
     1492                     <p>Any response to a HEAD request and any response with a <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a>, <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>, or <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> status code is always terminated by the first empty line after the header fields, regardless of the header fields present
     1493                        in the message, and thus cannot contain a message body.
     1494                     </p>
     1495                  </li>
     1496                  <li>
     1497                     <p>Any <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> response to a CONNECT request implies that the connection will become a tunnel immediately after the empty line that concludes
     1498                        the header fields. A client <em class="bcp14">MUST</em> ignore any <a href="#header.content-length" class="smpl">Content-Length</a> or <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header fields received in such a message.
     1499                     </p>
     1500                  </li>
     1501                  <li>
     1502                     <p>If a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field is present and the "chunked" transfer-coding (<a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>) is the final encoding, the message body length is determined by reading and decoding the chunked data until the transfer-coding
     1503                        indicates the data is complete.
     1504                     </p>
     1505                     <p>If a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field is present in a response and the "chunked" transfer-coding is not the final encoding, the message body length
     1506                        is determined by reading the connection until it is closed by the server. If a Transfer-Encoding header field is present in
     1507                        a request and the "chunked" transfer-coding is not the final encoding, the message body length cannot be determined reliably;
     1508                        the server <em class="bcp14">MUST</em> respond with the <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection.
     1509                     </p>
     1510                     <p>If a message is received with both a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> and a <a href="#header.content-length" class="smpl">Content-Length</a> header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request
     1511                        or response smuggling (bypass of security-related checks on message routing or content) and thus ought to be handled as an
     1512                        error. The provided Content-Length <em class="bcp14">MUST</em> be removed, prior to forwarding the message downstream, or replaced with the real message body length after the transfer-coding
     1513                        is decoded.
     1514                     </p>
     1515                  </li>
     1516                  <li>
     1517                     <p>If a message is received without <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> and with either multiple <a href="#header.content-length" class="smpl">Content-Length</a> header fields having differing field-values or a single Content-Length header field having an invalid value, then the message
     1518                        framing is invalid and <em class="bcp14">MUST</em> be treated as an error to prevent request or response smuggling. If this is a request message, the server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection. If this is a response message received by a proxy, the proxy <em class="bcp14">MUST</em> discard the received response, send a <a href="p2-semantics.html#status.502" class="smpl">502 (Bad Gateway)</a> status code as its downstream response, and then close the connection. If this is a response message received by a user-agent,
     1519                        it <em class="bcp14">MUST</em> be treated as an error by discarding the message and closing the connection.
     1520                     </p>
     1521                  </li>
     1522                  <li>
     1523                     <p>If a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field is present without <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, its decimal value defines the message body length in octets. If the actual number of octets sent in the message is less
     1524                        than the indicated Content-Length, the recipient <em class="bcp14">MUST</em> consider the message to be incomplete and treat the connection as no longer usable. If the actual number of octets sent in
     1525                        the message is more than the indicated Content-Length, the recipient <em class="bcp14">MUST</em> only process the message body up to the field value's number of octets; the remainder of the message <em class="bcp14">MUST</em> either be discarded or treated as the next message in a pipeline. For the sake of robustness, a user-agent <em class="bcp14">MAY</em> attempt to detect and correct such an error in message framing if it is parsing the response to the last request on a connection
     1526                        and the connection has been closed by the server.
     1527                     </p>
     1528                  </li>
     1529                  <li>
     1530                     <p>If this is a request message and none of the above are true, then the message body length is zero (no message body is present).</p>
     1531                  </li>
     1532                  <li>
     1533                     <p>Otherwise, this is a response message without a declared message body length, so the message body length is determined by
     1534                        the number of octets received prior to the server closing the connection.
     1535                     </p>
     1536                  </li>
     1537               </ol>
     1538               <p id="rfc.section.3.3.3.p.3">Since there is no way to distinguish a successfully completed, close-delimited message from a partially-received message interrupted
     1539                  by network failure, a server <em class="bcp14">SHOULD</em> use encoding or length-delimited messages whenever possible. The close-delimiting feature exists primarily for backwards compatibility
     1540                  with HTTP/1.0.
     1541               </p>
     1542               <p id="rfc.section.3.3.3.p.4">A server <em class="bcp14">MAY</em> reject a request that contains a message body but not a <a href="#header.content-length" class="smpl">Content-Length</a> by responding with <a href="p2-semantics.html#status.411" class="smpl">411 (Length Required)</a>.
     1543               </p>
     1544               <p id="rfc.section.3.3.3.p.5">Unless a transfer-coding other than "chunked" has been applied, a client that sends a request containing a message body <em class="bcp14">SHOULD</em> use a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field if the message body length is known in advance, rather than the "chunked" encoding, since some existing services
     1545                  respond to "chunked" with a <a href="p2-semantics.html#status.411" class="smpl">411 (Length Required)</a> status code even though they understand the chunked encoding. This is typically because such services are implemented via
     1546                  a gateway that requires a content-length in advance of being called and the server is unable or unwilling to buffer the entire
     1547                  request before processing.
     1548               </p>
     1549               <p id="rfc.section.3.3.3.p.6">A client that sends a request containing a message body <em class="bcp14">MUST</em> include a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field if it does not know the server will handle HTTP/1.1 (or later) requests; such knowledge can be in the form of
     1550                  specific user configuration or by remembering the version of a prior received response.
     1551               </p>
     1552            </div>
     1553         </div>
     1554         <div id="incomplete.messages">
     1555            <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a>&nbsp;<a href="#incomplete.messages">Handling Incomplete Messages</a></h2>
     1556            <p id="rfc.section.3.4.p.1">Request messages that are prematurely terminated, possibly due to a canceled connection or a server-imposed time-out exception, <em class="bcp14">MUST</em> result in closure of the connection; sending an error response prior to closing the connection is <em class="bcp14">OPTIONAL</em>.
     1557            </p>
     1558            <p id="rfc.section.3.4.p.2">Response messages that are prematurely terminated, usually by closure of the connection prior to receiving the expected number
     1559               of octets or by failure to decode a transfer-encoded message body, <em class="bcp14">MUST</em> be recorded as incomplete. A response that terminates in the middle of the header block (before the empty line is received)
     1560               cannot be assumed to convey the full semantics of the response and <em class="bcp14">MUST</em> be treated as an error.
     1561            </p>
     1562            <p id="rfc.section.3.4.p.3">A message body that uses the chunked transfer encoding is incomplete if the zero-sized chunk that terminates the encoding
     1563               has not been received. A message that uses a valid <a href="#header.content-length" class="smpl">Content-Length</a> is incomplete if the size of the message body received (in octets) is less than the value given by Content-Length. A response
     1564               that has neither chunked transfer encoding nor Content-Length is terminated by closure of the connection, and thus is considered
     1565               complete regardless of the number of message body octets received, provided that the header block was received intact.
     1566            </p>
     1567            <p id="rfc.section.3.4.p.4">A user agent <em class="bcp14">MUST NOT</em> render an incomplete response message body as if it were complete (i.e., some indication needs to be given to the user that
     1568               an error occurred). Cache requirements for incomplete responses are defined in <a href="p6-cache.html#response.cacheability" title="Storing Responses in Caches">Section 3</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>.
     1569            </p>
     1570            <p id="rfc.section.3.4.p.5">A server <em class="bcp14">MUST</em> read the entire request message body or close the connection after sending its response, since otherwise the remaining data
     1571               on a persistent connection would be misinterpreted as the next request. Likewise, a client <em class="bcp14">MUST</em> read the entire response message body if it intends to reuse the same connection for a subsequent request. Pipelining multiple
     1572               requests on a connection is described in <a href="#pipelining" title="Pipelining">Section&nbsp;6.2.2.1</a>.
     1573            </p>
     1574         </div>
     1575         <div id="message.robustness">
     1576            <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a>&nbsp;<a href="#message.robustness">Message Parsing Robustness</a></h2>
     1577            <p id="rfc.section.3.5.p.1">Older HTTP/1.0 client implementations might send an extra CRLF after a POST request as a lame workaround for some early server
     1578               applications that failed to read message body content that was not terminated by a line-ending. An HTTP/1.1 client <em class="bcp14">MUST NOT</em> preface or follow a request with an extra CRLF. If terminating the request message body with a line-ending is desired, then
     1579               the client <em class="bcp14">MUST</em> include the terminating CRLF octets as part of the message body length.
     1580            </p>
     1581            <p id="rfc.section.3.5.p.2">In the interest of robustness, servers <em class="bcp14">SHOULD</em> ignore at least one empty line received where a request-line is expected. In other words, if the server is reading the protocol
     1582               stream at the beginning of a message and receives a CRLF first, it <em class="bcp14">SHOULD</em> ignore the CRLF. Likewise, although the line terminator for the start-line and header fields is the sequence CRLF, we recommend
     1583               that recipients recognize a single LF as a line terminator and ignore any CR.
     1584            </p>
     1585            <p id="rfc.section.3.5.p.3">When a server listening only for HTTP request messages, or processing what appears from the start-line to be an HTTP request
     1586               message, receives a sequence of octets that does not match the HTTP-message grammar aside from the robustness exceptions listed
     1587               above, the server <em class="bcp14">MUST</em> respond with an HTTP/1.1 <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> response.
     1588            </p>
     1589         </div>
    13381590      </div>
    1339       <div id="rfc.figure.u.24"></div><pre class="inline"><span id="rfc.iref.g.51"></span>  <a href="#rule.quoted-cpair" class="smpl">quoted-cpair</a>   = "\" ( <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / <a href="#core.rules" class="smpl">VCHAR</a> / <a href="#rule.quoted-string" class="smpl">obs-text</a> )
    1340 </pre><p id="rfc.section.3.2.4.p.13">Senders <em class="bcp14">SHOULD NOT</em> escape octets in comments that do not require escaping (i.e., other than the backslash octet "\" and the parentheses "(" and
    1341          ")").
    1342       </p>
    1343       <h2 id="rfc.section.3.3"><a href="#rfc.section.3.3">3.3</a>&nbsp;<a id="message.body" href="#message.body">Message Body</a></h2>
    1344       <p id="rfc.section.3.3.p.1">The message body (if any) of an HTTP message is used to carry the payload body of that request or response. The message body
    1345          is identical to the payload body unless a transfer coding has been applied, as described in <a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.1" title="Transfer-Encoding">Section&nbsp;3.3.1</a>.
    1346       </p>
    1347       <div id="rfc.figure.u.25"></div><pre class="inline"><span id="rfc.iref.g.52"></span>  <a href="#message.body" class="smpl">message-body</a> = *OCTET
    1348 </pre><p id="rfc.section.3.3.p.3">The rules for when a message body is allowed in a message differ for requests and responses.</p>
    1349       <p id="rfc.section.3.3.p.4">The presence of a message body in a request is signaled by a a <a href="#header.content-length" class="smpl">Content-Length</a> or <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field. Request message framing is independent of method semantics, even if the method does not define any use for a
    1350          message body.
    1351       </p>
    1352       <p id="rfc.section.3.3.p.5">The presence of a message body in a response depends on both the request method to which it is responding and the response
    1353          status code (<a href="#status.line" title="Status Line">Section&nbsp;3.1.2</a>). Responses to the HEAD request method never include a message body because the associated response header fields (e.g., <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, <a href="#header.content-length" class="smpl">Content-Length</a>, etc.), if present, indicate only what their values would have been if the request method had been GET (<a href="p2-semantics.html#HEAD" title="HEAD">Section 5.3.2</a> of <a href="#Part2" id="rfc.xref.Part2.11"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> responses to CONNECT switch to tunnel mode instead of having a message body (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.12"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). All <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a>, <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>, and <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> responses <em class="bcp14">MUST NOT</em> include a message body. All other responses do include a message body, although the body <em class="bcp14">MAY</em> be of zero length.
    1354       </p>
    1355       <div id="rfc.iref.t.4"></div>
    1356       <h3 id="rfc.section.3.3.1"><a href="#rfc.section.3.3.1">3.3.1</a>&nbsp;<a id="header.transfer-encoding" href="#header.transfer-encoding">Transfer-Encoding</a></h3>
    1357       <p id="rfc.section.3.3.1.p.1">When one or more transfer codings are applied to a payload body in order to form the message body, a Transfer-Encoding header
    1358          field <em class="bcp14">MUST</em> be sent in the message and <em class="bcp14">MUST</em> contain the list of corresponding transfer-coding names in the same order that they were applied. Transfer codings are defined
    1359          in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>.
    1360       </p>
    1361       <div id="rfc.figure.u.26"></div><pre class="inline"><span id="rfc.iref.g.53"></span>  <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> = 1#<a href="#transfer.codings" class="smpl">transfer-coding</a>
    1362 </pre><p id="rfc.section.3.3.1.p.3">Transfer-Encoding is analogous to the Content-Transfer-Encoding field of MIME, which was designed to enable safe transport
    1363          of binary data over a 7-bit transport service (<a href="#RFC2045" id="rfc.xref.RFC2045.2"><cite title="Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies">[RFC2045]</cite></a>, <a href="http://tools.ietf.org/html/rfc2045#section-6">Section 6</a>). However, safe transport has a different focus for an 8bit-clean transfer protocol. In HTTP's case, Transfer-Encoding is
    1364          primarily intended to accurately delimit a dynamically generated payload and to distinguish payload encodings that are only
    1365          applied for transport efficiency or security from those that are characteristics of the target resource.
    1366       </p>
    1367       <p id="rfc.section.3.3.1.p.4">The "chunked" transfer-coding (<a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>) <em class="bcp14">MUST</em> be implemented by all HTTP/1.1 recipients because it plays a crucial role in delimiting messages when the payload body size
    1368          is not known in advance. When the "chunked" transfer-coding is used, it <em class="bcp14">MUST</em> be the last transfer-coding applied to form the message body and <em class="bcp14">MUST NOT</em> be applied more than once in a message body. If any transfer-coding is applied to a request payload body, the final transfer-coding
    1369          applied <em class="bcp14">MUST</em> be "chunked". If any transfer-coding is applied to a response payload body, then either the final transfer-coding applied <em class="bcp14">MUST</em> be "chunked" or the message <em class="bcp14">MUST</em> be terminated by closing the connection.
    1370       </p>
    1371       <div id="rfc.figure.u.27"></div>
    1372       <p>For example,</p><pre class="text">  Transfer-Encoding: gzip, chunked
    1373 </pre><p>indicates that the payload body has been compressed using the gzip coding and then chunked using the chunked coding while
    1374          forming the message body.
    1375       </p>
    1376       <p id="rfc.section.3.3.1.p.6">If more than one Transfer-Encoding header field is present in a message, the multiple field-values <em class="bcp14">MUST</em> be combined into one field-value, according to the algorithm defined in <a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>, before determining the message body length.
    1377       </p>
    1378       <p id="rfc.section.3.3.1.p.7">Unlike <a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 3.1.2.1</a> of <a href="#Part2" id="rfc.xref.Part2.13"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>), Transfer-Encoding is a property of the message, not of the payload, and thus <em class="bcp14">MAY</em> be added or removed by any implementation along the request/response chain. Additional information about the encoding parameters <em class="bcp14">MAY</em> be provided by other header fields not defined by this specification.
    1379       </p>
    1380       <p id="rfc.section.3.3.1.p.8">Transfer-Encoding <em class="bcp14">MAY</em> be sent in a response to a HEAD request or in a <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> response (<a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>) to a GET request, neither of which includes a message body, to indicate that the origin server would have applied a transfer
    1381          coding to the message body if the request had been an unconditional GET. This indication is not required, however, because
    1382          any recipient on the response chain (including the origin server) can remove transfer codings when they are not needed.
    1383       </p>
    1384       <p id="rfc.section.3.3.1.p.9">Transfer-Encoding was added in HTTP/1.1. It is generally assumed that implementations advertising only HTTP/1.0 support will
    1385          not understand how to process a transfer-encoded payload. A client <em class="bcp14">MUST NOT</em> send a request containing Transfer-Encoding unless it knows the server will handle HTTP/1.1 (or later) requests; such knowledge
    1386          might be in the form of specific user configuration or by remembering the version of a prior received response. A server <em class="bcp14">MUST NOT</em> send a response containing Transfer-Encoding unless the corresponding request indicates HTTP/1.1 (or later).
    1387       </p>
    1388       <p id="rfc.section.3.3.1.p.10">A server that receives a request message with a transfer-coding it does not understand <em class="bcp14">SHOULD</em> respond with <a href="p2-semantics.html#status.501" class="smpl">501 (Not Implemented)</a> and then close the connection.
    1389       </p>
    1390       <div id="rfc.iref.c.6"></div>
    1391       <h3 id="rfc.section.3.3.2"><a href="#rfc.section.3.3.2">3.3.2</a>&nbsp;<a id="header.content-length" href="#header.content-length">Content-Length</a></h3>
    1392       <p id="rfc.section.3.3.2.p.1">When a message is allowed to contain a message body, does not have a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field, and has a payload body length that is known to the sender before the message header section has been sent, the
    1393          sender <em class="bcp14">SHOULD</em> send a Content-Length header field to indicate the length of the payload body as a decimal number of octets.
    1394       </p>
    1395       <div id="rfc.figure.u.28"></div><pre class="inline"><span id="rfc.iref.g.54"></span>  <a href="#header.content-length" class="smpl">Content-Length</a> = 1*<a href="#core.rules" class="smpl">DIGIT</a>
    1396 </pre><p id="rfc.section.3.3.2.p.3">An example is</p>
    1397       <div id="rfc.figure.u.29"></div><pre class="text">  Content-Length: 3495
    1398 </pre><p id="rfc.section.3.3.2.p.5">A sender <em class="bcp14">MUST NOT</em> send a Content-Length header field in any message that contains a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field.
    1399       </p>
    1400       <p id="rfc.section.3.3.2.p.6">A server <em class="bcp14">MAY</em> send a Content-Length header field in a response to a HEAD request (<a href="p2-semantics.html#HEAD" title="HEAD">Section 5.3.2</a> of <a href="#Part2" id="rfc.xref.Part2.14"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>); a server <em class="bcp14">MUST NOT</em> send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent
    1401          in the payload body of a response if the same request had used the GET method.
    1402       </p>
    1403       <p id="rfc.section.3.3.2.p.7">A server <em class="bcp14">MAY</em> send a Content-Length header field in a <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> response to a conditional GET request (<a href="p4-conditional.html#status.304" title="304 Not Modified">Section 4.1</a> of <a href="#Part4" id="rfc.xref.Part4.3"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>); a server <em class="bcp14">MUST NOT</em> send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent
    1404          in the payload body of a <a href="p2-semantics.html#status.200" class="smpl">200 (OK)</a> response to the same request.
    1405       </p>
    1406       <p id="rfc.section.3.3.2.p.8">A server <em class="bcp14">MUST NOT</em> send a Content-Length header field in any response with a status code of <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a> or <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>. A server <em class="bcp14">SHOULD NOT</em> send a Content-Length header field in any <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> response to a CONNECT request (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.15"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
    1407       </p>
    1408       <p id="rfc.section.3.3.2.p.9">Any Content-Length field value greater than or equal to zero is valid. Since there is no predefined limit to the length of
    1409          an HTTP payload, recipients <em class="bcp14">SHOULD</em> anticipate potentially large decimal numerals and prevent parsing errors due to integer conversion overflows (<a href="#attack.protocol.element.size.overflows" title="Protocol Element Size Overflows">Section&nbsp;8.6</a>).
    1410       </p>
    1411       <p id="rfc.section.3.3.2.p.10">If a message is received that has multiple Content-Length header fields with field-values consisting of the same decimal value,
    1412          or a single Content-Length header field with a field value containing a list of identical decimal values (e.g., "Content-Length:
    1413          42, 42"), indicating that duplicate Content-Length header fields have been generated or combined by an upstream message processor,
    1414          then the recipient <em class="bcp14">MUST</em> either reject the message as invalid or replace the duplicated field-values with a single valid Content-Length field containing
    1415          that decimal value prior to determining the message body length.
    1416       </p>
    1417       <div class="note" id="rfc.section.3.3.2.p.11">
    1418          <p> <b>Note:</b> HTTP's use of Content-Length for message framing differs significantly from the same field's use in MIME, where it is an optional
    1419             field used only within the "message/external-body" media-type.
    1420          </p>
    1421       </div>
    1422       <h3 id="rfc.section.3.3.3"><a href="#rfc.section.3.3.3">3.3.3</a>&nbsp;<a id="message.body.length" href="#message.body.length">Message Body Length</a></h3>
    1423       <p id="rfc.section.3.3.3.p.1">The length of a message body is determined by one of the following (in order of precedence):</p>
    1424       <p id="rfc.section.3.3.3.p.2"> </p>
    1425       <ol>
    1426          <li>
    1427             <p>Any response to a HEAD request and any response with a <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a>, <a href="p2-semantics.html#status.204" class="smpl">204 (No Content)</a>, or <a href="p4-conditional.html#status.304" class="smpl">304 (Not Modified)</a> status code is always terminated by the first empty line after the header fields, regardless of the header fields present
    1428                in the message, and thus cannot contain a message body.
    1429             </p>
    1430          </li>
    1431          <li>
    1432             <p>Any <a href="p2-semantics.html#status.2xx" class="smpl">2xx (Successful)</a> response to a CONNECT request implies that the connection will become a tunnel immediately after the empty line that concludes
    1433                the header fields. A client <em class="bcp14">MUST</em> ignore any <a href="#header.content-length" class="smpl">Content-Length</a> or <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header fields received in such a message.
    1434             </p>
    1435          </li>
    1436          <li>
    1437             <p>If a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field is present and the "chunked" transfer-coding (<a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>) is the final encoding, the message body length is determined by reading and decoding the chunked data until the transfer-coding
    1438                indicates the data is complete.
    1439             </p>
    1440             <p>If a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> header field is present in a response and the "chunked" transfer-coding is not the final encoding, the message body length
    1441                is determined by reading the connection until it is closed by the server. If a Transfer-Encoding header field is present in
    1442                a request and the "chunked" transfer-coding is not the final encoding, the message body length cannot be determined reliably;
    1443                the server <em class="bcp14">MUST</em> respond with the <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection.
    1444             </p>
    1445             <p>If a message is received with both a <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> and a <a href="#header.content-length" class="smpl">Content-Length</a> header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request
    1446                or response smuggling (bypass of security-related checks on message routing or content) and thus ought to be handled as an
    1447                error. The provided Content-Length <em class="bcp14">MUST</em> be removed, prior to forwarding the message downstream, or replaced with the real message body length after the transfer-coding
    1448                is decoded.
    1449             </p>
    1450          </li>
    1451          <li>
    1452             <p>If a message is received without <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> and with either multiple <a href="#header.content-length" class="smpl">Content-Length</a> header fields having differing field-values or a single Content-Length header field having an invalid value, then the message
    1453                framing is invalid and <em class="bcp14">MUST</em> be treated as an error to prevent request or response smuggling. If this is a request message, the server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection. If this is a response message received by a proxy, the proxy <em class="bcp14">MUST</em> discard the received response, send a <a href="p2-semantics.html#status.502" class="smpl">502 (Bad Gateway)</a> status code as its downstream response, and then close the connection. If this is a response message received by a user-agent,
    1454                it <em class="bcp14">MUST</em> be treated as an error by discarding the message and closing the connection.
    1455             </p>
    1456          </li>
    1457          <li>
    1458             <p>If a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field is present without <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, its decimal value defines the message body length in octets. If the actual number of octets sent in the message is less
    1459                than the indicated Content-Length, the recipient <em class="bcp14">MUST</em> consider the message to be incomplete and treat the connection as no longer usable. If the actual number of octets sent in
    1460                the message is more than the indicated Content-Length, the recipient <em class="bcp14">MUST</em> only process the message body up to the field value's number of octets; the remainder of the message <em class="bcp14">MUST</em> either be discarded or treated as the next message in a pipeline. For the sake of robustness, a user-agent <em class="bcp14">MAY</em> attempt to detect and correct such an error in message framing if it is parsing the response to the last request on a connection
    1461                and the connection has been closed by the server.
    1462             </p>
    1463          </li>
    1464          <li>
    1465             <p>If this is a request message and none of the above are true, then the message body length is zero (no message body is present).</p>
    1466          </li>
    1467          <li>
    1468             <p>Otherwise, this is a response message without a declared message body length, so the message body length is determined by
    1469                the number of octets received prior to the server closing the connection.
    1470             </p>
    1471          </li>
    1472       </ol>
    1473       <p id="rfc.section.3.3.3.p.3">Since there is no way to distinguish a successfully completed, close-delimited message from a partially-received message interrupted
    1474          by network failure, a server <em class="bcp14">SHOULD</em> use encoding or length-delimited messages whenever possible. The close-delimiting feature exists primarily for backwards compatibility
    1475          with HTTP/1.0.
    1476       </p>
    1477       <p id="rfc.section.3.3.3.p.4">A server <em class="bcp14">MAY</em> reject a request that contains a message body but not a <a href="#header.content-length" class="smpl">Content-Length</a> by responding with <a href="p2-semantics.html#status.411" class="smpl">411 (Length Required)</a>.
    1478       </p>
    1479       <p id="rfc.section.3.3.3.p.5">Unless a transfer-coding other than "chunked" has been applied, a client that sends a request containing a message body <em class="bcp14">SHOULD</em> use a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field if the message body length is known in advance, rather than the "chunked" encoding, since some existing services
    1480          respond to "chunked" with a <a href="p2-semantics.html#status.411" class="smpl">411 (Length Required)</a> status code even though they understand the chunked encoding. This is typically because such services are implemented via
    1481          a gateway that requires a content-length in advance of being called and the server is unable or unwilling to buffer the entire
    1482          request before processing.
    1483       </p>
    1484       <p id="rfc.section.3.3.3.p.6">A client that sends a request containing a message body <em class="bcp14">MUST</em> include a valid <a href="#header.content-length" class="smpl">Content-Length</a> header field if it does not know the server will handle HTTP/1.1 (or later) requests; such knowledge can be in the form of
    1485          specific user configuration or by remembering the version of a prior received response.
    1486       </p>
    1487       <h2 id="rfc.section.3.4"><a href="#rfc.section.3.4">3.4</a>&nbsp;<a id="incomplete.messages" href="#incomplete.messages">Handling Incomplete Messages</a></h2>
    1488       <p id="rfc.section.3.4.p.1">Request messages that are prematurely terminated, possibly due to a canceled connection or a server-imposed time-out exception, <em class="bcp14">MUST</em> result in closure of the connection; sending an error response prior to closing the connection is <em class="bcp14">OPTIONAL</em>.
    1489       </p>
    1490       <p id="rfc.section.3.4.p.2">Response messages that are prematurely terminated, usually by closure of the connection prior to receiving the expected number
    1491          of octets or by failure to decode a transfer-encoded message body, <em class="bcp14">MUST</em> be recorded as incomplete. A response that terminates in the middle of the header block (before the empty line is received)
    1492          cannot be assumed to convey the full semantics of the response and <em class="bcp14">MUST</em> be treated as an error.
    1493       </p>
    1494       <p id="rfc.section.3.4.p.3">A message body that uses the chunked transfer encoding is incomplete if the zero-sized chunk that terminates the encoding
    1495          has not been received. A message that uses a valid <a href="#header.content-length" class="smpl">Content-Length</a> is incomplete if the size of the message body received (in octets) is less than the value given by Content-Length. A response
    1496          that has neither chunked transfer encoding nor Content-Length is terminated by closure of the connection, and thus is considered
    1497          complete regardless of the number of message body octets received, provided that the header block was received intact.
    1498       </p>
    1499       <p id="rfc.section.3.4.p.4">A user agent <em class="bcp14">MUST NOT</em> render an incomplete response message body as if it were complete (i.e., some indication needs to be given to the user that
    1500          an error occurred). Cache requirements for incomplete responses are defined in <a href="p6-cache.html#response.cacheability" title="Storing Responses in Caches">Section 3</a> of <a href="#Part6" id="rfc.xref.Part6.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>.
    1501       </p>
    1502       <p id="rfc.section.3.4.p.5">A server <em class="bcp14">MUST</em> read the entire request message body or close the connection after sending its response, since otherwise the remaining data
    1503          on a persistent connection would be misinterpreted as the next request. Likewise, a client <em class="bcp14">MUST</em> read the entire response message body if it intends to reuse the same connection for a subsequent request. Pipelining multiple
    1504          requests on a connection is described in <a href="#pipelining" title="Pipelining">Section&nbsp;6.2.2.1</a>.
    1505       </p>
    1506       <h2 id="rfc.section.3.5"><a href="#rfc.section.3.5">3.5</a>&nbsp;<a id="message.robustness" href="#message.robustness">Message Parsing Robustness</a></h2>
    1507       <p id="rfc.section.3.5.p.1">Older HTTP/1.0 client implementations might send an extra CRLF after a POST request as a lame workaround for some early server
    1508          applications that failed to read message body content that was not terminated by a line-ending. An HTTP/1.1 client <em class="bcp14">MUST NOT</em> preface or follow a request with an extra CRLF. If terminating the request message body with a line-ending is desired, then
    1509          the client <em class="bcp14">MUST</em> include the terminating CRLF octets as part of the message body length.
    1510       </p>
    1511       <p id="rfc.section.3.5.p.2">In the interest of robustness, servers <em class="bcp14">SHOULD</em> ignore at least one empty line received where a request-line is expected. In other words, if the server is reading the protocol
    1512          stream at the beginning of a message and receives a CRLF first, it <em class="bcp14">SHOULD</em> ignore the CRLF. Likewise, although the line terminator for the start-line and header fields is the sequence CRLF, we recommend
    1513          that recipients recognize a single LF as a line terminator and ignore any CR.
    1514       </p>
    1515       <p id="rfc.section.3.5.p.3">When a server listening only for HTTP request messages, or processing what appears from the start-line to be an HTTP request
    1516          message, receives a sequence of octets that does not match the HTTP-message grammar aside from the robustness exceptions listed
    1517          above, the server <em class="bcp14">MUST</em> respond with an HTTP/1.1 <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> response.
    1518       </p>
    1519       <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="transfer.codings" href="#transfer.codings">Transfer Codings</a></h1>
    1520       <p id="rfc.section.4.p.1">Transfer-coding values are used to indicate an encoding transformation that has been, can be, or might need to be applied
    1521          to a payload body in order to ensure "safe transport" through the network. This differs from a content coding in that the
    1522          transfer-coding is a property of the message rather than a property of the representation that is being transferred.
    1523       </p>
    1524       <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.55"></span><span id="rfc.iref.g.56"></span>  <a href="#transfer.codings" class="smpl">transfer-coding</a>    = "chunked" ; <a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>
     1591      <div id="transfer.codings">
     1592         <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a href="#transfer.codings">Transfer Codings</a></h1>
     1593         <p id="rfc.section.4.p.1">Transfer-coding values are used to indicate an encoding transformation that has been, can be, or might need to be applied
     1594            to a payload body in order to ensure "safe transport" through the network. This differs from a content coding in that the
     1595            transfer-coding is a property of the message rather than a property of the representation that is being transferred.
     1596         </p>
     1597         <div id="rfc.figure.u.30"></div><pre class="inline"><span id="rfc.iref.g.55"></span><span id="rfc.iref.g.56"></span>  <a href="#transfer.codings" class="smpl">transfer-coding</a>    = "chunked" ; <a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>
    15251598                     / "compress" ; <a href="#compress.coding" title="Compress Coding">Section&nbsp;4.2.1</a>
    15261599                     / "deflate" ; <a href="#deflate.coding" title="Deflate Coding">Section&nbsp;4.2.2</a>
     
    15291602  <a href="#transfer.codings" class="smpl">transfer-extension</a> = <a href="#rule.token.separators" class="smpl">token</a> *( <a href="#rule.whitespace" class="smpl">OWS</a> ";" <a href="#rule.whitespace" class="smpl">OWS</a> <a href="#rule.parameter" class="smpl">transfer-parameter</a> )
    15301603</pre><div id="rule.parameter">
    1531          <p id="rfc.section.4.p.3">      Parameters are in the form of attribute/value pairs.</p>
    1532       </div>
    1533       <div id="rfc.figure.u.31"></div><pre class="inline"><span id="rfc.iref.g.57"></span><span id="rfc.iref.g.58"></span><span id="rfc.iref.g.59"></span><span id="rfc.iref.g.60"></span><span id="rfc.iref.g.61"></span>  <a href="#rule.parameter" class="smpl">transfer-parameter</a> = <a href="#rule.parameter" class="smpl">attribute</a> <a href="#rule.whitespace" class="smpl">BWS</a> "=" <a href="#rule.whitespace" class="smpl">BWS</a> <a href="#rule.parameter" class="smpl">value</a>
     1604            <p id="rfc.section.4.p.3">   Parameters are in the form of attribute/value pairs.</p>
     1605         </div>
     1606         <div id="rfc.figure.u.31"></div><pre class="inline"><span id="rfc.iref.g.57"></span><span id="rfc.iref.g.58"></span><span id="rfc.iref.g.59"></span><span id="rfc.iref.g.60"></span><span id="rfc.iref.g.61"></span>  <a href="#rule.parameter" class="smpl">transfer-parameter</a> = <a href="#rule.parameter" class="smpl">attribute</a> <a href="#rule.whitespace" class="smpl">BWS</a> "=" <a href="#rule.whitespace" class="smpl">BWS</a> <a href="#rule.parameter" class="smpl">value</a>
    15341607  <a href="#rule.parameter" class="smpl">attribute</a>          = <a href="#rule.token.separators" class="smpl">token</a>
    15351608  <a href="#rule.parameter" class="smpl">value</a>              = <a href="#rule.token.separators" class="smpl">word</a>
    15361609</pre><p id="rfc.section.4.p.5">All transfer-coding values are case-insensitive and <em class="bcp14">SHOULD</em> be registered within the HTTP Transfer Coding registry, as defined in <a href="#transfer.coding.registry" title="Transfer Coding Registry">Section&nbsp;7.4</a>. They are used in the <a href="#header.te" class="smpl">TE</a> (<a href="#header.te" id="rfc.xref.header.te.1" title="TE">Section&nbsp;4.3</a>) and <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> (<a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.2" title="Transfer-Encoding">Section&nbsp;3.3.1</a>) header fields.
    1537       </p>
    1538       <div id="rfc.iref.c.7"></div>
    1539       <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a id="chunked.encoding" href="#chunked.encoding">Chunked Transfer Coding</a></h2>
    1540       <p id="rfc.section.4.1.p.1">The chunked encoding modifies the body of a message in order to transfer it as a series of chunks, each with its own size
    1541          indicator, followed by an <em class="bcp14">OPTIONAL</em> trailer containing header fields. This allows dynamically produced content to be transferred along with the information necessary
    1542          for the recipient to verify that it has received the full message.
    1543       </p>
    1544       <div id="rfc.figure.u.32"></div><pre class="inline"><span id="rfc.iref.g.62"></span><span id="rfc.iref.g.63"></span><span id="rfc.iref.g.64"></span><span id="rfc.iref.g.65"></span><span id="rfc.iref.g.66"></span><span id="rfc.iref.g.67"></span><span id="rfc.iref.g.68"></span><span id="rfc.iref.g.69"></span><span id="rfc.iref.g.70"></span><span id="rfc.iref.g.71"></span><span id="rfc.iref.g.72"></span>  <a href="#chunked.encoding" class="smpl">chunked-body</a>   = *<a href="#chunked.encoding" class="smpl">chunk</a>
     1610         </p>
     1611         <div id="chunked.encoding">
     1612            <div id="rfc.iref.c.7"></div>
     1613            <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a href="#chunked.encoding">Chunked Transfer Coding</a></h2>
     1614            <p id="rfc.section.4.1.p.1">The chunked encoding modifies the body of a message in order to transfer it as a series of chunks, each with its own size
     1615               indicator, followed by an <em class="bcp14">OPTIONAL</em> trailer containing header fields. This allows dynamically produced content to be transferred along with the information necessary
     1616               for the recipient to verify that it has received the full message.
     1617            </p>
     1618            <div id="rfc.figure.u.32"></div><pre class="inline"><span id="rfc.iref.g.62"></span><span id="rfc.iref.g.63"></span><span id="rfc.iref.g.64"></span><span id="rfc.iref.g.65"></span><span id="rfc.iref.g.66"></span><span id="rfc.iref.g.67"></span><span id="rfc.iref.g.68"></span><span id="rfc.iref.g.69"></span><span id="rfc.iref.g.70"></span><span id="rfc.iref.g.71"></span><span id="rfc.iref.g.72"></span>  <a href="#chunked.encoding" class="smpl">chunked-body</a>   = *<a href="#chunked.encoding" class="smpl">chunk</a>
    15451619                   <a href="#chunked.encoding" class="smpl">last-chunk</a>
    15461620                   <a href="#chunked.encoding" class="smpl">trailer-part</a>
     
    15621636  <a href="#chunked.encoding" class="smpl">qdtext-nf</a>      = <a href="#core.rules" class="smpl">HTAB</a> / <a href="#core.rules" class="smpl">SP</a> / %x21 / %x23-5B / %x5D-7E / <a href="#rule.quoted-string" class="smpl">obs-text</a>
    15631637</pre><p id="rfc.section.4.1.p.3">Chunk extensions within the chucked encoding are deprecated. Senders <em class="bcp14">SHOULD NOT</em> send chunk-ext. Definition of new chunk extensions is discouraged.
    1564       </p>
    1565       <p id="rfc.section.4.1.p.4">The chunk-size field is a string of hex digits indicating the size of the chunk-data in octets. The chunked encoding is ended
    1566          by any chunk whose size is zero, followed by the trailer, which is terminated by an empty line.
    1567       </p>
    1568       <div id="rfc.iref.t.5"></div>
    1569       <h3 id="rfc.section.4.1.1"><a href="#rfc.section.4.1.1">4.1.1</a>&nbsp;<a id="header.trailer" href="#header.trailer">Trailer</a></h3>
    1570       <p id="rfc.section.4.1.1.p.1">A trailer allows the sender to include additional fields at the end of a chunked message in order to supply metadata that
    1571          might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing
    1572          status. The trailer <em class="bcp14">MUST NOT</em> contain fields that need to be known before a recipient processes the body, such as <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, <a href="#header.content-length" class="smpl">Content-Length</a>, and <a href="#header.trailer" class="smpl">Trailer</a>.
    1573       </p>
    1574       <p id="rfc.section.4.1.1.p.2">When a message includes a message body encoded with the chunked transfer-coding and the sender desires to send metadata in
    1575          the form of trailer fields at the end of the message, the sender <em class="bcp14">SHOULD</em> send a <a href="#header.trailer" class="smpl">Trailer</a> header field before the message body to indicate which fields will be present in the trailers. This allows the recipient to
    1576          prepare for receipt of that metadata before it starts processing the body, which is useful if the message is being streamed
    1577          and the recipient wishes to confirm an integrity check on the fly.
    1578       </p>
    1579       <div id="rfc.figure.u.33"></div><pre class="inline"><span id="rfc.iref.g.73"></span>  <a href="#header.trailer" class="smpl">Trailer</a> = 1#<a href="#header.fields" class="smpl">field-name</a>
     1638            </p>
     1639            <p id="rfc.section.4.1.p.4">The chunk-size field is a string of hex digits indicating the size of the chunk-data in octets. The chunked encoding is ended
     1640               by any chunk whose size is zero, followed by the trailer, which is terminated by an empty line.
     1641            </p>
     1642            <div id="header.trailer">
     1643               <div id="rfc.iref.t.5"></div>
     1644               <h3 id="rfc.section.4.1.1"><a href="#rfc.section.4.1.1">4.1.1</a>&nbsp;<a href="#header.trailer">Trailer</a></h3>
     1645               <p id="rfc.section.4.1.1.p.1">A trailer allows the sender to include additional fields at the end of a chunked message in order to supply metadata that
     1646                  might be dynamically generated while the message body is sent, such as a message integrity check, digital signature, or post-processing
     1647                  status. The trailer <em class="bcp14">MUST NOT</em> contain fields that need to be known before a recipient processes the body, such as <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a>, <a href="#header.content-length" class="smpl">Content-Length</a>, and <a href="#header.trailer" class="smpl">Trailer</a>.
     1648               </p>
     1649               <p id="rfc.section.4.1.1.p.2">When a message includes a message body encoded with the chunked transfer-coding and the sender desires to send metadata in
     1650                  the form of trailer fields at the end of the message, the sender <em class="bcp14">SHOULD</em> send a <a href="#header.trailer" class="smpl">Trailer</a> header field before the message body to indicate which fields will be present in the trailers. This allows the recipient to
     1651                  prepare for receipt of that metadata before it starts processing the body, which is useful if the message is being streamed
     1652                  and the recipient wishes to confirm an integrity check on the fly.
     1653               </p>
     1654               <div id="rfc.figure.u.33"></div><pre class="inline"><span id="rfc.iref.g.73"></span>  <a href="#header.trailer" class="smpl">Trailer</a> = 1#<a href="#header.fields" class="smpl">field-name</a>
    15801655</pre><p id="rfc.section.4.1.1.p.4">If no <a href="#header.trailer" class="smpl">Trailer</a> header field is present, the sender of a chunked message body <em class="bcp14">SHOULD</em> send an empty trailer.
    1581       </p>
    1582       <p id="rfc.section.4.1.1.p.5">A server <em class="bcp14">MUST</em> send an empty trailer with the chunked transfer-coding unless at least one of the following is true:
    1583       </p>
    1584       <ol>
    1585          <li>the request included a <a href="#header.te" class="smpl">TE</a> header field that indicates "trailers" is acceptable in the transfer-coding of the response, as described in <a href="#header.te" id="rfc.xref.header.te.2" title="TE">Section&nbsp;4.3</a>; or,
    1586          </li>
    1587          <li>the trailer fields consist entirely of optional metadata and the recipient could use the message (in a manner acceptable to
    1588             the server where the field originated) without receiving that metadata. In other words, the server that generated the header
    1589             field is willing to accept the possibility that the trailer fields might be silently discarded along the path to the client.
    1590          </li>
    1591       </ol>
    1592       <p id="rfc.section.4.1.1.p.6">The above requirement prevents the need for an infinite buffer when a message is being received by an HTTP/1.1 (or later)
    1593          proxy and forwarded to an HTTP/1.0 recipient.
    1594       </p>
    1595       <h3 id="rfc.section.4.1.2"><a href="#rfc.section.4.1.2">4.1.2</a>&nbsp;<a id="decoding.chunked" href="#decoding.chunked">Decoding chunked</a></h3>
    1596       <p id="rfc.section.4.1.2.p.1">A process for decoding the "chunked" transfer-coding can be represented in pseudo-code as:</p>
    1597       <div id="rfc.figure.u.34"></div><pre class="text">  length := 0
     1656               </p>
     1657               <p id="rfc.section.4.1.1.p.5">A server <em class="bcp14">MUST</em> send an empty trailer with the chunked transfer-coding unless at least one of the following is true:
     1658               </p>
     1659               <ol>
     1660                  <li>the request included a <a href="#header.te" class="smpl">TE</a> header field that indicates "trailers" is acceptable in the transfer-coding of the response, as described in <a href="#header.te" id="rfc.xref.header.te.2" title="TE">Section&nbsp;4.3</a>; or,
     1661                  </li>
     1662                  <li>the trailer fields consist entirely of optional metadata and the recipient could use the message (in a manner acceptable to
     1663                     the server where the field originated) without receiving that metadata. In other words, the server that generated the header
     1664                     field is willing to accept the possibility that the trailer fields might be silently discarded along the path to the client.
     1665                  </li>
     1666               </ol>
     1667               <p id="rfc.section.4.1.1.p.6">The above requirement prevents the need for an infinite buffer when a message is being received by an HTTP/1.1 (or later)
     1668                  proxy and forwarded to an HTTP/1.0 recipient.
     1669               </p>
     1670            </div>
     1671            <div id="decoding.chunked">
     1672               <h3 id="rfc.section.4.1.2"><a href="#rfc.section.4.1.2">4.1.2</a>&nbsp;<a href="#decoding.chunked">Decoding chunked</a></h3>
     1673               <p id="rfc.section.4.1.2.p.1">A process for decoding the "chunked" transfer-coding can be represented in pseudo-code as:</p>
     1674               <div id="rfc.figure.u.34"></div><pre class="text">  length := 0
    15981675  read chunk-size, chunk-ext (if any) and CRLF
    15991676  while (chunk-size &gt; 0) {
     
    16121689  Remove Trailer from existing header fields
    16131690</pre><p id="rfc.section.4.1.2.p.3">All recipients <em class="bcp14">MUST</em> be able to receive and decode the "chunked" transfer-coding and <em class="bcp14">MUST</em> ignore chunk-ext extensions they do not understand.
    1614       </p>
    1615       <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a id="compression.codings" href="#compression.codings">Compression Codings</a></h2>
    1616       <p id="rfc.section.4.2.p.1">The codings defined below can be used to compress the payload of a message.</p>
    1617       <div id="rfc.iref.c.8"></div>
    1618       <h3 id="rfc.section.4.2.1"><a href="#rfc.section.4.2.1">4.2.1</a>&nbsp;<a id="compress.coding" href="#compress.coding">Compress Coding</a></h3>
    1619       <p id="rfc.section.4.2.1.p.1">The "compress" format is produced by the common UNIX file compression program "compress". This format is an adaptive Lempel-Ziv-Welch
    1620          coding (LZW). Recipients <em class="bcp14">SHOULD</em> consider "x-compress" to be equivalent to "compress".
    1621       </p>
    1622       <div id="rfc.iref.d.2"></div>
    1623       <h3 id="rfc.section.4.2.2"><a href="#rfc.section.4.2.2">4.2.2</a>&nbsp;<a id="deflate.coding" href="#deflate.coding">Deflate Coding</a></h3>
    1624       <p id="rfc.section.4.2.2.p.1">The "deflate" format is defined as the "deflate" compression mechanism (described in <a href="#RFC1951" id="rfc.xref.RFC1951.1"><cite title="DEFLATE Compressed Data Format Specification version 1.3">[RFC1951]</cite></a>) used inside the "zlib" data format (<a href="#RFC1950" id="rfc.xref.RFC1950.1"><cite title="ZLIB Compressed Data Format Specification version 3.3">[RFC1950]</cite></a>).
    1625       </p>
    1626       <div class="note" id="rfc.section.4.2.2.p.2">
    1627          <p> <b>Note:</b> Some incorrect implementations send the "deflate" compressed data without the zlib wrapper.
    1628          </p>
    1629       </div>
    1630       <div id="rfc.iref.g.74"></div>
    1631       <h3 id="rfc.section.4.2.3"><a href="#rfc.section.4.2.3">4.2.3</a>&nbsp;<a id="gzip.coding" href="#gzip.coding">Gzip Coding</a></h3>
    1632       <p id="rfc.section.4.2.3.p.1">The "gzip" format is produced by the file compression program "gzip" (GNU zip), as described in <a href="#RFC1952" id="rfc.xref.RFC1952.1"><cite title="GZIP file format specification version 4.3">[RFC1952]</cite></a>. This format is a Lempel-Ziv coding (LZ77) with a 32 bit CRC. Recipients <em class="bcp14">SHOULD</em> consider "x-gzip" to be equivalent to "gzip".
    1633       </p>
    1634       <div id="rfc.iref.t.6"></div>
    1635       <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;<a id="header.te" href="#header.te">TE</a></h2>
    1636       <p id="rfc.section.4.3.p.1">The "TE" header field in a request indicates what transfer-codings, besides "chunked", the client is willing to accept in
    1637          response, and whether or not the client is willing to accept trailer fields in a chunked transfer-coding.
    1638       </p>
    1639       <p id="rfc.section.4.3.p.2">The TE field-value consists of a comma-separated list of transfer-coding names, each allowing for optional parameters (as
    1640          described in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>), and/or the keyword "trailers". Clients <em class="bcp14">MUST NOT</em> send the chunked transfer-coding name in TE; chunked is always acceptable for HTTP/1.1 recipients.
    1641       </p>
    1642       <div id="rfc.figure.u.35"></div><pre class="inline"><span id="rfc.iref.g.75"></span><span id="rfc.iref.g.76"></span><span id="rfc.iref.g.77"></span><span id="rfc.iref.g.78"></span>  <a href="#header.te" class="smpl">TE</a>        = #<a href="#header.te" class="smpl">t-codings</a>
     1691               </p>
     1692            </div>
     1693         </div>
     1694         <div id="compression.codings">
     1695            <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a href="#compression.codings">Compression Codings</a></h2>
     1696            <p id="rfc.section.4.2.p.1">The codings defined below can be used to compress the payload of a message.</p>
     1697            <div id="compress.coding">
     1698               <div id="rfc.iref.c.8"></div>
     1699               <h3 id="rfc.section.4.2.1"><a href="#rfc.section.4.2.1">4.2.1</a>&nbsp;<a href="#compress.coding">Compress Coding</a></h3>
     1700               <p id="rfc.section.4.2.1.p.1">The "compress" format is produced by the common UNIX file compression program "compress". This format is an adaptive Lempel-Ziv-Welch
     1701                  coding (LZW). Recipients <em class="bcp14">SHOULD</em> consider "x-compress" to be equivalent to "compress".
     1702               </p>
     1703            </div>
     1704            <div id="deflate.coding">
     1705               <div id="rfc.iref.d.2"></div>
     1706               <h3 id="rfc.section.4.2.2"><a href="#rfc.section.4.2.2">4.2.2</a>&nbsp;<a href="#deflate.coding">Deflate Coding</a></h3>
     1707               <p id="rfc.section.4.2.2.p.1">The "deflate" format is defined as the "deflate" compression mechanism (described in <a href="#RFC1951" id="rfc.xref.RFC1951.1"><cite title="DEFLATE Compressed Data Format Specification version 1.3">[RFC1951]</cite></a>) used inside the "zlib" data format (<a href="#RFC1950" id="rfc.xref.RFC1950.1"><cite title="ZLIB Compressed Data Format Specification version 3.3">[RFC1950]</cite></a>).
     1708               </p>
     1709               <div class="note" id="rfc.section.4.2.2.p.2">
     1710                  <p><b>Note:</b> Some incorrect implementations send the "deflate" compressed data without the zlib wrapper.
     1711                  </p>
     1712               </div>
     1713            </div>
     1714            <div id="gzip.coding">
     1715               <div id="rfc.iref.g.74"></div>
     1716               <h3 id="rfc.section.4.2.3"><a href="#rfc.section.4.2.3">4.2.3</a>&nbsp;<a href="#gzip.coding">Gzip Coding</a></h3>
     1717               <p id="rfc.section.4.2.3.p.1">The "gzip" format is produced by the file compression program "gzip" (GNU zip), as described in <a href="#RFC1952" id="rfc.xref.RFC1952.1"><cite title="GZIP file format specification version 4.3">[RFC1952]</cite></a>. This format is a Lempel-Ziv coding (LZ77) with a 32 bit CRC. Recipients <em class="bcp14">SHOULD</em> consider "x-gzip" to be equivalent to "gzip".
     1718               </p>
     1719            </div>
     1720         </div>
     1721         <div id="header.te">
     1722            <div id="rfc.iref.t.6"></div>
     1723            <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;<a href="#header.te">TE</a></h2>
     1724            <p id="rfc.section.4.3.p.1">The "TE" header field in a request indicates what transfer-codings, besides "chunked", the client is willing to accept in
     1725               response, and whether or not the client is willing to accept trailer fields in a chunked transfer-coding.
     1726            </p>
     1727            <p id="rfc.section.4.3.p.2">The TE field-value consists of a comma-separated list of transfer-coding names, each allowing for optional parameters (as
     1728               described in <a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>), and/or the keyword "trailers". Clients <em class="bcp14">MUST NOT</em> send the chunked transfer-coding name in TE; chunked is always acceptable for HTTP/1.1 recipients.
     1729            </p>
     1730            <div id="rfc.figure.u.35"></div><pre class="inline"><span id="rfc.iref.g.75"></span><span id="rfc.iref.g.76"></span><span id="rfc.iref.g.77"></span><span id="rfc.iref.g.78"></span>  <a href="#header.te" class="smpl">TE</a>        = #<a href="#header.te" class="smpl">t-codings</a>
    16431731  <a href="#header.te" class="smpl">t-codings</a> = "trailers" / ( <a href="#transfer.codings" class="smpl">transfer-coding</a> [ <a href="#header.te" class="smpl">t-ranking</a> ] )
    16441732  <a href="#header.te" class="smpl">t-ranking</a> = <a href="#rule.whitespace" class="smpl">OWS</a> ";" <a href="#rule.whitespace" class="smpl">OWS</a> "q=" <a href="#header.te" class="smpl">rank</a>
     
    16461734             / ( "1" [ "." 0*3("0") ] )
    16471735</pre><p id="rfc.section.4.3.p.4">Three examples of TE use are below.</p>
    1648       <div id="rfc.figure.u.36"></div><pre class="text">  TE: deflate
     1736            <div id="rfc.figure.u.36"></div><pre class="text">  TE: deflate
    16491737  TE:
    16501738  TE: trailers, deflate;q=0.5
    16511739</pre><p id="rfc.section.4.3.p.6">The presence of the keyword "trailers" indicates that the client is willing to accept trailer fields in a chunked transfer-coding,
    1652          as defined in <a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>, on behalf of itself and any downstream clients. For chained requests, this implies that either: (a) all downstream clients
    1653          are willing to accept trailer fields in the forwarded response; or, (b) the client will attempt to buffer the response on
    1654          behalf of downstream recipients. Note that HTTP/1.1 does not define any means to limit the size of a chunked response such
    1655          that a client can be assured of buffering the entire response.
    1656       </p>
    1657       <p id="rfc.section.4.3.p.7">When multiple transfer-codings are acceptable, the client <em class="bcp14">MAY</em> rank the codings by preference using a case-insensitive "q" parameter (similar to the qvalues used in content negotiation
    1658          fields, <a href="p2-semantics.html#quality.values" title="Quality Values">Section 6.3.1</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). The rank value is a real number in the range 0 through 1, where 0.001 is the least preferred and 1 is the most preferred;
    1659          a value of 0 means "not acceptable".
    1660       </p>
    1661       <p id="rfc.section.4.3.p.8">If the TE field-value is empty or if no TE field is present, the only acceptable transfer-coding is "chunked". A message with
    1662          no transfer-coding is always acceptable.
    1663       </p>
    1664       <p id="rfc.section.4.3.p.9">Since the TE header field only applies to the immediate connection, a sender of TE <em class="bcp14">MUST</em> also send a "TE" connection option within the <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.4" title="Connection">Section&nbsp;6.1</a>) in order to prevent the TE field from being forwarded by intermediaries that do not support its semantics.
    1665       </p>
    1666       <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="message.routing" href="#message.routing">Message Routing</a></h1>
    1667       <p id="rfc.section.5.p.1">HTTP request message routing is determined by each client based on the target resource, the client's proxy configuration,
    1668          and establishment or reuse of an inbound connection. The corresponding response routing follows the same connection chain
    1669          back to the client.
    1670       </p>
    1671       <div id="rfc.iref.t.7"></div>
    1672       <div id="rfc.iref.t.8"></div>
    1673       <h2 id="rfc.section.5.1"><a href="#rfc.section.5.1">5.1</a>&nbsp;<a id="target-resource" href="#target-resource">Identifying a Target Resource</a></h2>
    1674       <p id="rfc.section.5.1.p.1">HTTP is used in a wide variety of applications, ranging from general-purpose computers to home appliances. In some cases,
    1675          communication options are hard-coded in a client's configuration. However, most HTTP clients rely on the same resource identification
    1676          mechanism and configuration techniques as general-purpose Web browsers.
    1677       </p>
    1678       <p id="rfc.section.5.1.p.2">HTTP communication is initiated by a user agent for some purpose. The purpose is a combination of request semantics, which
    1679          are defined in <a href="#Part2" id="rfc.xref.Part2.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, and a target resource upon which to apply those semantics. A URI reference (<a href="#uri" title="Uniform Resource Identifiers">Section&nbsp;2.7</a>) is typically used as an identifier for the "<dfn>target resource</dfn>", which a user agent would resolve to its absolute form in order to obtain the "<dfn>target URI</dfn>". The target URI excludes the reference's fragment identifier component, if any, since fragment identifiers are reserved
    1680          for client-side processing (<a href="#RFC3986" id="rfc.xref.RFC3986.16"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="http://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>).
    1681       </p>
    1682       <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a>&nbsp;<a id="connecting.inbound" href="#connecting.inbound">Connecting Inbound</a></h2>
    1683       <p id="rfc.section.5.2.p.1">Once the target URI is determined, a client needs to decide whether a network request is necessary to accomplish the desired
    1684          semantics and, if so, where that request is to be directed.
    1685       </p>
    1686       <p id="rfc.section.5.2.p.2">If the client has a response cache and the request semantics can be satisfied by a cache (<a href="#Part6" id="rfc.xref.Part6.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>), then the request is usually directed to the cache first.
    1687       </p>
    1688       <p id="rfc.section.5.2.p.3">If the request is not satisfied by a cache, then a typical client will check its configuration to determine whether a proxy
    1689          is to be used to satisfy the request. Proxy configuration is implementation-dependent, but is often based on URI prefix matching,
    1690          selective authority matching, or both, and the proxy itself is usually identified by an "http" or "https" URI. If a proxy
    1691          is applicable, the client connects inbound by establishing (or reusing) a connection to that proxy.
    1692       </p>
    1693       <p id="rfc.section.5.2.p.4">If no proxy is applicable, a typical client will invoke a handler routine, usually specific to the target URI's scheme, to
    1694          connect directly to an authority for the target resource. How that is accomplished is dependent on the target URI scheme and
    1695          defined by its associated specification, similar to how this specification defines origin server access for resolution of
    1696          the "http" (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>) and "https" (<a href="#https.uri" title="https URI scheme">Section&nbsp;2.7.2</a>) schemes.
    1697       </p>
    1698       <p id="rfc.section.5.2.p.5">HTTP requirements regarding connection management are defined in <a href="#connection.management" title="Connection Management">Section&nbsp;6</a>.
    1699       </p>
    1700       <h2 id="rfc.section.5.3"><a href="#rfc.section.5.3">5.3</a>&nbsp;<a id="request-target" href="#request-target">Request Target</a></h2>
    1701       <p id="rfc.section.5.3.p.1">Once an inbound connection is obtained, the client sends an HTTP request message (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) with a request-target derived from the target URI. There are four distinct formats for the request-target, depending on
    1702          both the method being requested and whether the request is to a proxy.
    1703       </p>
    1704       <div id="rfc.figure.u.37"></div><pre class="inline"><span id="rfc.iref.g.79"></span><span id="rfc.iref.g.80"></span><span id="rfc.iref.g.81"></span><span id="rfc.iref.g.82"></span><span id="rfc.iref.g.83"></span>  <a href="#request-target" class="smpl">request-target</a> = <a href="#origin-form" class="smpl">origin-form</a>
     1740               as defined in <a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>, on behalf of itself and any downstream clients. For chained requests, this implies that either: (a) all downstream clients
     1741               are willing to accept trailer fields in the forwarded response; or, (b) the client will attempt to buffer the response on
     1742               behalf of downstream recipients. Note that HTTP/1.1 does not define any means to limit the size of a chunked response such
     1743               that a client can be assured of buffering the entire response.
     1744            </p>
     1745            <p id="rfc.section.4.3.p.7">When multiple transfer-codings are acceptable, the client <em class="bcp14">MAY</em> rank the codings by preference using a case-insensitive "q" parameter (similar to the qvalues used in content negotiation
     1746               fields, <a href="p2-semantics.html#quality.values" title="Quality Values">Section 6.3.1</a> of <a href="#Part2" id="rfc.xref.Part2.16"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). The rank value is a real number in the range 0 through 1, where 0.001 is the least preferred and 1 is the most preferred;
     1747               a value of 0 means "not acceptable".
     1748            </p>
     1749            <p id="rfc.section.4.3.p.8">If the TE field-value is empty or if no TE field is present, the only acceptable transfer-coding is "chunked". A message with
     1750               no transfer-coding is always acceptable.
     1751            </p>
     1752            <p id="rfc.section.4.3.p.9">Since the TE header field only applies to the immediate connection, a sender of TE <em class="bcp14">MUST</em> also send a "TE" connection option within the <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.4" title="Connection">Section&nbsp;6.1</a>) in order to prevent the TE field from being forwarded by intermediaries that do not support its semantics.
     1753            </p>
     1754         </div>
     1755      </div>
     1756      <div id="message.routing">
     1757         <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a href="#message.routing">Message Routing</a></h1>
     1758         <p id="rfc.section.5.p.1">HTTP request message routing is determined by each client based on the target resource, the client's proxy configuration,
     1759            and establishment or reuse of an inbound connection. The corresponding response routing follows the same connection chain
     1760            back to the client.
     1761         </p>
     1762         <div id="target-resource">
     1763            <div id="rfc.iref.t.7"></div>
     1764            <div id="rfc.iref.t.8"></div>
     1765            <h2 id="rfc.section.5.1"><a href="#rfc.section.5.1">5.1</a>&nbsp;<a href="#target-resource">Identifying a Target Resource</a></h2>
     1766            <p id="rfc.section.5.1.p.1">HTTP is used in a wide variety of applications, ranging from general-purpose computers to home appliances. In some cases,
     1767               communication options are hard-coded in a client's configuration. However, most HTTP clients rely on the same resource identification
     1768               mechanism and configuration techniques as general-purpose Web browsers.
     1769            </p>
     1770            <p id="rfc.section.5.1.p.2">HTTP communication is initiated by a user agent for some purpose. The purpose is a combination of request semantics, which
     1771               are defined in <a href="#Part2" id="rfc.xref.Part2.17"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>, and a target resource upon which to apply those semantics. A URI reference (<a href="#uri" title="Uniform Resource Identifiers">Section&nbsp;2.7</a>) is typically used as an identifier for the "<dfn>target resource</dfn>", which a user agent would resolve to its absolute form in order to obtain the "<dfn>target URI</dfn>". The target URI excludes the reference's fragment identifier component, if any, since fragment identifiers are reserved
     1772               for client-side processing (<a href="#RFC3986" id="rfc.xref.RFC3986.16"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>, <a href="https://tools.ietf.org/html/rfc3986#section-3.5">Section 3.5</a>).
     1773            </p>
     1774         </div>
     1775         <div id="connecting.inbound">
     1776            <h2 id="rfc.section.5.2"><a href="#rfc.section.5.2">5.2</a>&nbsp;<a href="#connecting.inbound">Connecting Inbound</a></h2>
     1777            <p id="rfc.section.5.2.p.1">Once the target URI is determined, a client needs to decide whether a network request is necessary to accomplish the desired
     1778               semantics and, if so, where that request is to be directed.
     1779            </p>
     1780            <p id="rfc.section.5.2.p.2">If the client has a response cache and the request semantics can be satisfied by a cache (<a href="#Part6" id="rfc.xref.Part6.6"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>), then the request is usually directed to the cache first.
     1781            </p>
     1782            <p id="rfc.section.5.2.p.3">If the request is not satisfied by a cache, then a typical client will check its configuration to determine whether a proxy
     1783               is to be used to satisfy the request. Proxy configuration is implementation-dependent, but is often based on URI prefix matching,
     1784               selective authority matching, or both, and the proxy itself is usually identified by an "http" or "https" URI. If a proxy
     1785               is applicable, the client connects inbound by establishing (or reusing) a connection to that proxy.
     1786            </p>
     1787            <p id="rfc.section.5.2.p.4">If no proxy is applicable, a typical client will invoke a handler routine, usually specific to the target URI's scheme, to
     1788               connect directly to an authority for the target resource. How that is accomplished is dependent on the target URI scheme and
     1789               defined by its associated specification, similar to how this specification defines origin server access for resolution of
     1790               the "http" (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>) and "https" (<a href="#https.uri" title="https URI scheme">Section&nbsp;2.7.2</a>) schemes.
     1791            </p>
     1792            <p id="rfc.section.5.2.p.5">HTTP requirements regarding connection management are defined in <a href="#connection.management" title="Connection Management">Section&nbsp;6</a>.
     1793            </p>
     1794         </div>
     1795         <div id="request-target">
     1796            <h2 id="rfc.section.5.3"><a href="#rfc.section.5.3">5.3</a>&nbsp;<a href="#request-target">Request Target</a></h2>
     1797            <p id="rfc.section.5.3.p.1">Once an inbound connection is obtained, the client sends an HTTP request message (<a href="#http.message" title="Message Format">Section&nbsp;3</a>) with a request-target derived from the target URI. There are four distinct formats for the request-target, depending on
     1798               both the method being requested and whether the request is to a proxy.
     1799            </p>
     1800            <div id="rfc.figure.u.37"></div><pre class="inline"><span id="rfc.iref.g.79"></span><span id="rfc.iref.g.80"></span><span id="rfc.iref.g.81"></span><span id="rfc.iref.g.82"></span><span id="rfc.iref.g.83"></span>  <a href="#request-target" class="smpl">request-target</a> = <a href="#origin-form" class="smpl">origin-form</a>
    17051801                 / <a href="#absolute-form" class="smpl">absolute-form</a>
    17061802                 / <a href="#authority-form" class="smpl">authority-form</a>
     
    17121808  <a href="#asterisk-form" class="smpl">asterisk-form</a>  = "*"
    17131809</pre><div id="origin-form">
    1714          <p id="rfc.section.5.3.p.3"><span id="rfc.iref.o.3"></span> The most common form of request-target is the origin-form. When making a request directly to an origin server, other than
    1715             a CONNECT or server-wide OPTIONS request (as detailed below), a client <em class="bcp14">MUST</em> send only the absolute path and query components of the target URI as the request-target. If the target URI's path component
    1716             is empty, then the client <em class="bcp14">MUST</em> send "/" as the path within the origin-form of request-target. A <a href="#header.host" class="smpl">Host</a> header field is also sent, as defined in <a href="#header.host" id="rfc.xref.header.host.1" title="Host">Section&nbsp;5.4</a>, containing the target URI's authority component (excluding any userinfo).
    1717          </p>
    1718       </div>
    1719       <p id="rfc.section.5.3.p.4">For example, a client wishing to retrieve a representation of the resource identified as</p>
    1720       <div id="rfc.figure.u.38"></div><pre class="text">http://www.example.org/where?q=now
     1810               <p id="rfc.section.5.3.p.3"><span id="rfc.iref.o.3"></span> The most common form of request-target is the origin-form. When making a request directly to an origin server, other than
     1811                  a CONNECT or server-wide OPTIONS request (as detailed below), a client <em class="bcp14">MUST</em> send only the absolute path and query components of the target URI as the request-target. If the target URI's path component
     1812                  is empty, then the client <em class="bcp14">MUST</em> send "/" as the path within the origin-form of request-target. A <a href="#header.host" class="smpl">Host</a> header field is also sent, as defined in <a href="#header.host" id="rfc.xref.header.host.1" title="Host">Section&nbsp;5.4</a>, containing the target URI's authority component (excluding any userinfo).
     1813               </p>
     1814            </div>
     1815            <p id="rfc.section.5.3.p.4">For example, a client wishing to retrieve a representation of the resource identified as</p>
     1816            <div id="rfc.figure.u.38"></div><pre class="text">http://www.example.org/where?q=now
    17211817</pre><p id="rfc.section.5.3.p.6">directly from the origin server would open (or reuse) a TCP connection to port 80 of the host "www.example.org" and send the
    1722          lines:
    1723       </p>
    1724       <div id="rfc.figure.u.39"></div><pre class="text2">GET /where?q=now HTTP/1.1
     1818               lines:
     1819            </p>
     1820            <div id="rfc.figure.u.39"></div><pre class="text2">GET /where?q=now HTTP/1.1
    17251821Host: www.example.org
    17261822</pre><p id="rfc.section.5.3.p.8">followed by the remainder of the request message.</p>
    1727       <div id="absolute-form">
    1728          <p id="rfc.section.5.3.p.9"><span id="rfc.iref.a.2"></span> When making a request to a proxy, other than a CONNECT or server-wide OPTIONS request (as detailed below), a client <em class="bcp14">MUST</em> send the target URI in absolute-form as the request-target. The proxy is requested to either service that request from a valid
    1729             cache, if possible, or make the same request on the client's behalf to either the next inbound proxy server or directly to
    1730             the origin server indicated by the request-target. Requirements on such "forwarding" of messages are defined in <a href="#message.forwarding" title="Message Forwarding">Section&nbsp;5.6</a>.
    1731          </p>
    1732       </div>
    1733       <p id="rfc.section.5.3.p.10">An example absolute-form of request-line would be:</p>
    1734       <div id="rfc.figure.u.40"></div><pre class="text2">GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1
     1823            <div id="absolute-form">
     1824               <p id="rfc.section.5.3.p.9"><span id="rfc.iref.a.2"></span> When making a request to a proxy, other than a CONNECT or server-wide OPTIONS request (as detailed below), a client <em class="bcp14">MUST</em> send the target URI in absolute-form as the request-target. The proxy is requested to either service that request from a valid
     1825                  cache, if possible, or make the same request on the client's behalf to either the next inbound proxy server or directly to
     1826                  the origin server indicated by the request-target. Requirements on such "forwarding" of messages are defined in <a href="#message.forwarding" title="Message Forwarding">Section&nbsp;5.6</a>.
     1827               </p>
     1828            </div>
     1829            <p id="rfc.section.5.3.p.10">An example absolute-form of request-line would be:</p>
     1830            <div id="rfc.figure.u.40"></div><pre class="text2">GET http://www.example.org/pub/WWW/TheProject.html HTTP/1.1
    17351831</pre><p id="rfc.section.5.3.p.12">To allow for transition to the absolute-form for all requests in some future version of HTTP, HTTP/1.1 servers <em class="bcp14">MUST</em> accept the absolute-form in requests, even though HTTP/1.1 clients will only send them in requests to proxies.
    1736       </p>
    1737       <div id="authority-form">
    1738          <p id="rfc.section.5.3.p.13"><span id="rfc.iref.a.3"></span> The authority-form of request-target is only used for CONNECT requests (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). When making a CONNECT request to establish a tunnel through one or more proxies, a client <em class="bcp14">MUST</em> send only the target URI's authority component (excluding any userinfo) as the request-target. For example,
    1739          </p>
    1740       </div>
    1741       <div id="rfc.figure.u.41"></div><pre class="text2">CONNECT www.example.com:80 HTTP/1.1
     1832            </p>
     1833            <div id="authority-form">
     1834               <p id="rfc.section.5.3.p.13"><span id="rfc.iref.a.3"></span> The authority-form of request-target is only used for CONNECT requests (<a href="p2-semantics.html#CONNECT" title="CONNECT">Section 5.3.6</a> of <a href="#Part2" id="rfc.xref.Part2.18"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). When making a CONNECT request to establish a tunnel through one or more proxies, a client <em class="bcp14">MUST</em> send only the target URI's authority component (excluding any userinfo) as the request-target. For example,
     1835               </p>
     1836            </div>
     1837            <div id="rfc.figure.u.41"></div><pre class="text2">CONNECT www.example.com:80 HTTP/1.1
    17421838</pre><div id="asterisk-form">
    1743          <p id="rfc.section.5.3.p.15"><span id="rfc.iref.a.4"></span> The asterisk-form of request-target is only used for a server-wide OPTIONS request (<a href="p2-semantics.html#OPTIONS" title="OPTIONS">Section 5.3.7</a> of <a href="#Part2" id="rfc.xref.Part2.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). When a client wishes to request OPTIONS for the server as a whole, as opposed to a specific named resource of that server,
    1744             the client <em class="bcp14">MUST</em> send only "*" (%x2A) as the request-target. For example,
    1745          </p>
    1746       </div>
    1747       <div id="rfc.figure.u.42"></div><pre class="text2">OPTIONS * HTTP/1.1
     1839               <p id="rfc.section.5.3.p.15"><span id="rfc.iref.a.4"></span> The asterisk-form of request-target is only used for a server-wide OPTIONS request (<a href="p2-semantics.html#OPTIONS" title="OPTIONS">Section 5.3.7</a> of <a href="#Part2" id="rfc.xref.Part2.19"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). When a client wishes to request OPTIONS for the server as a whole, as opposed to a specific named resource of that server,
     1840                  the client <em class="bcp14">MUST</em> send only "*" (%x2A) as the request-target. For example,
     1841               </p>
     1842            </div>
     1843            <div id="rfc.figure.u.42"></div><pre class="text2">OPTIONS * HTTP/1.1
    17481844</pre><p id="rfc.section.5.3.p.17">If a proxy receives an OPTIONS request with an absolute-form of request-target in which the URI has an empty path and no query
    1749          component, then the last proxy on the request chain <em class="bcp14">MUST</em> send a request-target of "*" when it forwards the request to the indicated origin server.
    1750       </p>
    1751       <div id="rfc.figure.u.43"></div>
    1752       <p>For example, the request</p><pre class="text2">OPTIONS http://www.example.org:8001 HTTP/1.1
     1845               component, then the last proxy on the request chain <em class="bcp14">MUST</em> send a request-target of "*" when it forwards the request to the indicated origin server.
     1846            </p>
     1847            <div id="rfc.figure.u.43"></div>
     1848            <p>For example, the request</p><pre class="text2">OPTIONS http://www.example.org:8001 HTTP/1.1
    17531849</pre><div id="rfc.figure.u.44"></div>
    1754       <p>would be forwarded by the final proxy as</p><pre class="text2">OPTIONS * HTTP/1.1
     1850            <p>would be forwarded by the final proxy as</p><pre class="text2">OPTIONS * HTTP/1.1
    17551851Host: www.example.org:8001
    1756 </pre>  <p>after connecting to port 8001 of host "www.example.org".</p>
    1757       <div id="rfc.iref.h.6"></div>
    1758       <h2 id="rfc.section.5.4"><a href="#rfc.section.5.4">5.4</a>&nbsp;<a id="header.host" href="#header.host">Host</a></h2>
    1759       <p id="rfc.section.5.4.p.1">The "Host" header field in a request provides the host and port information from the target URI, enabling the origin server
    1760          to distinguish among resources while servicing requests for multiple host names on a single IP address. Since the Host field-value
    1761          is critical information for handling a request, it <em class="bcp14">SHOULD</em> be sent as the first header field following the request-line.
    1762       </p>
    1763       <div id="rfc.figure.u.45"></div><pre class="inline"><span id="rfc.iref.g.84"></span>  <a href="#header.host" class="smpl">Host</a> = <a href="#uri" class="smpl">uri-host</a> [ ":" <a href="#uri" class="smpl">port</a> ] ; <a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>
     1852</pre><p>after connecting to port 8001 of host "www.example.org".</p>
     1853         </div>
     1854         <div id="header.host">
     1855            <div id="rfc.iref.h.6"></div>
     1856            <h2 id="rfc.section.5.4"><a href="#rfc.section.5.4">5.4</a>&nbsp;<a href="#header.host">Host</a></h2>
     1857            <p id="rfc.section.5.4.p.1">The "Host" header field in a request provides the host and port information from the target URI, enabling the origin server
     1858               to distinguish among resources while servicing requests for multiple host names on a single IP address. Since the Host field-value
     1859               is critical information for handling a request, it <em class="bcp14">SHOULD</em> be sent as the first header field following the request-line.
     1860            </p>
     1861            <div id="rfc.figure.u.45"></div><pre class="inline"><span id="rfc.iref.g.84"></span>  <a href="#header.host" class="smpl">Host</a> = <a href="#uri" class="smpl">uri-host</a> [ ":" <a href="#uri" class="smpl">port</a> ] ; <a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>
    17641862</pre><p id="rfc.section.5.4.p.3">A client <em class="bcp14">MUST</em> send a Host header field in all HTTP/1.1 request messages. If the target URI includes an authority component, then the Host
    1765          field-value <em class="bcp14">MUST</em> be identical to that authority component after excluding any userinfo (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>). If the authority component is missing or undefined for the target URI, then the Host header field <em class="bcp14">MUST</em> be sent with an empty field-value.
    1766       </p>
    1767       <p id="rfc.section.5.4.p.4">For example, a GET request to the origin server for &lt;http://www.example.org/pub/WWW/&gt; would begin with:</p>
    1768       <div id="rfc.figure.u.46"></div><pre class="text2">GET /pub/WWW/ HTTP/1.1
     1863               field-value <em class="bcp14">MUST</em> be identical to that authority component after excluding any userinfo (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>). If the authority component is missing or undefined for the target URI, then the Host header field <em class="bcp14">MUST</em> be sent with an empty field-value.
     1864            </p>
     1865            <p id="rfc.section.5.4.p.4">For example, a GET request to the origin server for &lt;http://www.example.org/pub/WWW/&gt; would begin with:</p>
     1866            <div id="rfc.figure.u.46"></div><pre class="text2">GET /pub/WWW/ HTTP/1.1
    17691867Host: www.example.org
    17701868</pre><p id="rfc.section.5.4.p.6">The Host header field <em class="bcp14">MUST</em> be sent in an HTTP/1.1 request even if the request-target is in the absolute-form, since this allows the Host information
    1771          to be forwarded through ancient HTTP/1.0 proxies that might not have implemented Host.
    1772       </p>
    1773       <p id="rfc.section.5.4.p.7">When a proxy receives a request with an absolute-form of request-target, the proxy <em class="bcp14">MUST</em> ignore the received Host header field (if any) and instead replace it with the host information of the request-target. If
    1774          the proxy forwards the request, it <em class="bcp14">MUST</em> generate a new Host field-value based on the received request-target rather than forward the received Host field-value.
    1775       </p>
    1776       <p id="rfc.section.5.4.p.8">Since the Host header field acts as an application-level routing mechanism, it is a frequent target for malware seeking to
    1777          poison a shared cache or redirect a request to an unintended server. An interception proxy is particularly vulnerable if it
    1778          relies on the Host field-value for redirecting requests to internal servers, or for use as a cache key in a shared cache,
    1779          without first verifying that the intercepted connection is targeting a valid IP address for that host.
    1780       </p>
    1781       <p id="rfc.section.5.4.p.9">A server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than
    1782          one Host header field or a Host header field with an invalid field-value.
    1783       </p>
    1784       <div id="rfc.iref.e.1"></div>
    1785       <h2 id="rfc.section.5.5"><a href="#rfc.section.5.5">5.5</a>&nbsp;<a id="effective.request.uri" href="#effective.request.uri">Effective Request URI</a></h2>
    1786       <p id="rfc.section.5.5.p.1">A server that receives an HTTP request message <em class="bcp14">MUST</em> reconstruct the user agent's original target URI, based on the pieces of information learned from the request-target, <a href="#header.host" class="smpl">Host</a> header field, and connection context, in order to identify the intended target resource and properly service the request.
    1787          The URI derived from this reconstruction process is referred to as the "<dfn>effective request URI</dfn>".
    1788       </p>
    1789       <p id="rfc.section.5.5.p.2">For a user agent, the effective request URI is the target URI.</p>
    1790       <p id="rfc.section.5.5.p.3">If the request-target is in absolute-form, then the effective request URI is the same as the request-target. Otherwise, the
    1791          effective request URI is constructed as follows.
    1792       </p>
    1793       <p id="rfc.section.5.5.p.4">If the request is received over a TLS-secured TCP connection, then the effective request URI's scheme is "https"; otherwise,
    1794          the scheme is "http".
    1795       </p>
    1796       <p id="rfc.section.5.5.p.5">If the request-target is in authority-form, then the effective request URI's authority component is the same as the request-target.
    1797          Otherwise, if a <a href="#header.host" class="smpl">Host</a> header field is supplied with a non-empty field-value, then the authority component is the same as the Host field-value. Otherwise,
    1798          the authority component is the concatenation of the default host name configured for the server, a colon (":"), and the connection's
    1799          incoming TCP port number in decimal form.
    1800       </p>
    1801       <p id="rfc.section.5.5.p.6">If the request-target is in authority-form or asterisk-form, then the effective request URI's combined path and query component
    1802          is empty. Otherwise, the combined path and query component is the same as the request-target.
    1803       </p>
    1804       <p id="rfc.section.5.5.p.7">The components of the effective request URI, once determined as above, can be combined into absolute-URI form by concatenating
    1805          the scheme, "://", authority, and combined path and query component.
    1806       </p>
    1807       <div id="rfc.figure.u.47"></div>
    1808       <p>Example 1: the following message received over an insecure TCP connection</p>  <pre class="text">GET /pub/WWW/TheProject.html HTTP/1.1
     1869               to be forwarded through ancient HTTP/1.0 proxies that might not have implemented Host.
     1870            </p>
     1871            <p id="rfc.section.5.4.p.7">When a proxy receives a request with an absolute-form of request-target, the proxy <em class="bcp14">MUST</em> ignore the received Host header field (if any) and instead replace it with the host information of the request-target. If
     1872               the proxy forwards the request, it <em class="bcp14">MUST</em> generate a new Host field-value based on the received request-target rather than forward the received Host field-value.
     1873            </p>
     1874            <p id="rfc.section.5.4.p.8">Since the Host header field acts as an application-level routing mechanism, it is a frequent target for malware seeking to
     1875               poison a shared cache or redirect a request to an unintended server. An interception proxy is particularly vulnerable if it
     1876               relies on the Host field-value for redirecting requests to internal servers, or for use as a cache key in a shared cache,
     1877               without first verifying that the intercepted connection is targeting a valid IP address for that host.
     1878            </p>
     1879            <p id="rfc.section.5.4.p.9">A server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than
     1880               one Host header field or a Host header field with an invalid field-value.
     1881            </p>
     1882         </div>
     1883         <div id="effective.request.uri">
     1884            <div id="rfc.iref.e.1"></div>
     1885            <h2 id="rfc.section.5.5"><a href="#rfc.section.5.5">5.5</a>&nbsp;<a href="#effective.request.uri">Effective Request URI</a></h2>
     1886            <p id="rfc.section.5.5.p.1">A server that receives an HTTP request message <em class="bcp14">MUST</em> reconstruct the user agent's original target URI, based on the pieces of information learned from the request-target, <a href="#header.host" class="smpl">Host</a> header field, and connection context, in order to identify the intended target resource and properly service the request.
     1887               The URI derived from this reconstruction process is referred to as the "<dfn>effective request URI</dfn>".
     1888            </p>
     1889            <p id="rfc.section.5.5.p.2">For a user agent, the effective request URI is the target URI.</p>
     1890            <p id="rfc.section.5.5.p.3">If the request-target is in absolute-form, then the effective request URI is the same as the request-target. Otherwise, the
     1891               effective request URI is constructed as follows.
     1892            </p>
     1893            <p id="rfc.section.5.5.p.4">If the request is received over a TLS-secured TCP connection, then the effective request URI's scheme is "https"; otherwise,
     1894               the scheme is "http".
     1895            </p>
     1896            <p id="rfc.section.5.5.p.5">If the request-target is in authority-form, then the effective request URI's authority component is the same as the request-target.
     1897               Otherwise, if a <a href="#header.host" class="smpl">Host</a> header field is supplied with a non-empty field-value, then the authority component is the same as the Host field-value. Otherwise,
     1898               the authority component is the concatenation of the default host name configured for the server, a colon (":"), and the connection's
     1899               incoming TCP port number in decimal form.
     1900            </p>
     1901            <p id="rfc.section.5.5.p.6">If the request-target is in authority-form or asterisk-form, then the effective request URI's combined path and query component
     1902               is empty. Otherwise, the combined path and query component is the same as the request-target.
     1903            </p>
     1904            <p id="rfc.section.5.5.p.7">The components of the effective request URI, once determined as above, can be combined into absolute-URI form by concatenating
     1905               the scheme, "://", authority, and combined path and query component.
     1906            </p>
     1907            <div id="rfc.figure.u.47"></div>
     1908            <p>Example 1: the following message received over an insecure TCP connection</p><pre class="text">GET /pub/WWW/TheProject.html HTTP/1.1
    18091909Host: www.example.org:8080
    1810 </pre> <div id="rfc.figure.u.48"></div>
    1811       <p>has an effective request URI of</p>  <pre class="text">http://www.example.org:8080/pub/WWW/TheProject.html
    1812 </pre> <div id="rfc.figure.u.49"></div>
    1813       <p>Example 2: the following message received over a TLS-secured TCP connection</p>  <pre class="text">OPTIONS * HTTP/1.1
     1910</pre><div id="rfc.figure.u.48"></div>
     1911            <p>has an effective request URI of</p><pre class="text">http://www.example.org:8080/pub/WWW/TheProject.html
     1912</pre><div id="rfc.figure.u.49"></div>
     1913            <p>Example 2: the following message received over a TLS-secured TCP connection</p><pre class="text">OPTIONS * HTTP/1.1
    18141914Host: www.example.org
    1815 </pre> <div id="rfc.figure.u.50"></div>
    1816       <p>has an effective request URI of</p>  <pre class="text">https://www.example.org
    1817 </pre> <p id="rfc.section.5.5.p.12">An origin server that does not allow resources to differ by requested host <em class="bcp14">MAY</em> ignore the <a href="#header.host" class="smpl">Host</a> field-value and instead replace it with a configured server name when constructing the effective request URI.
    1818       </p>
    1819       <p id="rfc.section.5.5.p.13">Recipients of an HTTP/1.0 request that lacks a <a href="#header.host" class="smpl">Host</a> header field <em class="bcp14">MAY</em> attempt to use heuristics (e.g., examination of the URI path for something unique to a particular host) in order to guess
    1820          the effective request URI's authority component.
    1821       </p>
    1822       <h2 id="rfc.section.5.6"><a href="#rfc.section.5.6">5.6</a>&nbsp;<a id="message.forwarding" href="#message.forwarding">Message Forwarding</a></h2>
    1823       <p id="rfc.section.5.6.p.1">As described in <a href="#intermediaries" title="Intermediaries">Section&nbsp;2.3</a>, intermediaries can serve a variety of roles in the processing of HTTP requests and responses. Some intermediaries are used
    1824          to improve performance or availability. Others are used for access control or to filter content. Since an HTTP stream has
    1825          characteristics similar to a pipe-and-filter architecture, there are no inherent limits to the extent an intermediary can
    1826          enhance (or interfere) with either direction of the stream.
    1827       </p>
    1828       <p id="rfc.section.5.6.p.2">Intermediaries that forward a message <em class="bcp14">MUST</em> implement the <a href="#header.connection" class="smpl">Connection</a> header field, as specified in <a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section&nbsp;6.1</a>, to exclude fields that are only intended for the incoming connection.
    1829       </p>
    1830       <p id="rfc.section.5.6.p.3">In order to avoid request loops, a proxy that forwards requests to other proxies <em class="bcp14">MUST</em> be able to recognize and exclude all of its own server names, including any aliases, local variations, or literal IP addresses.
    1831       </p>
    1832       <div id="rfc.iref.v.1"></div>
    1833       <h2 id="rfc.section.5.7"><a href="#rfc.section.5.7">5.7</a>&nbsp;<a id="header.via" href="#header.via">Via</a></h2>
    1834       <p id="rfc.section.5.7.p.1">The "Via" header field <em class="bcp14">MUST</em> be sent by a proxy or gateway in forwarded messages to indicate the intermediate protocols and recipients between the user
    1835          agent and the server on requests, and between the origin server and the client on responses. It is analogous to the "Received"
    1836          field used by email systems (<a href="http://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.3"><cite title="Internet Message Format">[RFC5322]</cite></a>). Via is used in HTTP for tracking message forwards, avoiding request loops, and identifying the protocol capabilities of
    1837          all senders along the request/response chain.
    1838       </p>
    1839       <div id="rfc.figure.u.51"></div><pre class="inline"><span id="rfc.iref.g.85"></span><span id="rfc.iref.g.86"></span><span id="rfc.iref.g.87"></span><span id="rfc.iref.g.88"></span><span id="rfc.iref.g.89"></span><span id="rfc.iref.g.90"></span>  <a href="#header.via" class="smpl">Via</a>               = 1#( <a href="#header.via" class="smpl">received-protocol</a> <a href="#rule.whitespace" class="smpl">RWS</a> <a href="#header.via" class="smpl">received-by</a>
     1915</pre><div id="rfc.figure.u.50"></div>
     1916            <p>has an effective request URI of</p><pre class="text">https://www.example.org
     1917</pre><p id="rfc.section.5.5.p.12">An origin server that does not allow resources to differ by requested host <em class="bcp14">MAY</em> ignore the <a href="#header.host" class="smpl">Host</a> field-value and instead replace it with a configured server name when constructing the effective request URI.
     1918            </p>
     1919            <p id="rfc.section.5.5.p.13">Recipients of an HTTP/1.0 request that lacks a <a href="#header.host" class="smpl">Host</a> header field <em class="bcp14">MAY</em> attempt to use heuristics (e.g., examination of the URI path for something unique to a particular host) in order to guess
     1920               the effective request URI's authority component.
     1921            </p>
     1922         </div>
     1923         <div id="message.forwarding">
     1924            <h2 id="rfc.section.5.6"><a href="#rfc.section.5.6">5.6</a>&nbsp;<a href="#message.forwarding">Message Forwarding</a></h2>
     1925            <p id="rfc.section.5.6.p.1">As described in <a href="#intermediaries" title="Intermediaries">Section&nbsp;2.3</a>, intermediaries can serve a variety of roles in the processing of HTTP requests and responses. Some intermediaries are used
     1926               to improve performance or availability. Others are used for access control or to filter content. Since an HTTP stream has
     1927               characteristics similar to a pipe-and-filter architecture, there are no inherent limits to the extent an intermediary can
     1928               enhance (or interfere) with either direction of the stream.
     1929            </p>
     1930            <p id="rfc.section.5.6.p.2">Intermediaries that forward a message <em class="bcp14">MUST</em> implement the <a href="#header.connection" class="smpl">Connection</a> header field, as specified in <a href="#header.connection" id="rfc.xref.header.connection.5" title="Connection">Section&nbsp;6.1</a>, to exclude fields that are only intended for the incoming connection.
     1931            </p>
     1932            <p id="rfc.section.5.6.p.3">In order to avoid request loops, a proxy that forwards requests to other proxies <em class="bcp14">MUST</em> be able to recognize and exclude all of its own server names, including any aliases, local variations, or literal IP addresses.
     1933            </p>
     1934         </div>
     1935         <div id="header.via">
     1936            <div id="rfc.iref.v.1"></div>
     1937            <h2 id="rfc.section.5.7"><a href="#rfc.section.5.7">5.7</a>&nbsp;<a href="#header.via">Via</a></h2>
     1938            <p id="rfc.section.5.7.p.1">The "Via" header field <em class="bcp14">MUST</em> be sent by a proxy or gateway in forwarded messages to indicate the intermediate protocols and recipients between the user
     1939               agent and the server on requests, and between the origin server and the client on responses. It is analogous to the "Received"
     1940               field used by email systems (<a href="https://tools.ietf.org/html/rfc5322#section-3.6.7">Section 3.6.7</a> of <a href="#RFC5322" id="rfc.xref.RFC5322.3"><cite title="Internet Message Format">[RFC5322]</cite></a>). Via is used in HTTP for tracking message forwards, avoiding request loops, and identifying the protocol capabilities of
     1941               all senders along the request/response chain.
     1942            </p>
     1943            <div id="rfc.figure.u.51"></div><pre class="inline"><span id="rfc.iref.g.85"></span><span id="rfc.iref.g.86"></span><span id="rfc.iref.g.87"></span><span id="rfc.iref.g.88"></span><span id="rfc.iref.g.89"></span><span id="rfc.iref.g.90"></span>  <a href="#header.via" class="smpl">Via</a>               = 1#( <a href="#header.via" class="smpl">received-protocol</a> <a href="#rule.whitespace" class="smpl">RWS</a> <a href="#header.via" class="smpl">received-by</a>
    18401944                          [ <a href="#rule.whitespace" class="smpl">RWS</a> <a href="#rule.comment" class="smpl">comment</a> ] )
    18411945  <a href="#header.via" class="smpl">received-protocol</a> = [ <a href="#header.upgrade" class="smpl">protocol-name</a> "/" ] <a href="#header.upgrade" class="smpl">protocol-version</a>
     
    18431947  <a href="#header.via" class="smpl">pseudonym</a>         = <a href="#rule.token.separators" class="smpl">token</a>
    18441948</pre><p id="rfc.section.5.7.p.3">The received-protocol indicates the protocol version of the message received by the server or client along each segment of
    1845          the request/response chain. The received-protocol version is appended to the Via field value when the message is forwarded
    1846          so that information about the protocol capabilities of upstream applications remains visible to all recipients.
    1847       </p>
    1848       <p id="rfc.section.5.7.p.4">The protocol-name is excluded if and only if it would be "HTTP". The received-by field is normally the host and optional port
    1849          number of a recipient server or client that subsequently forwarded the message. However, if the real host is considered to
    1850          be sensitive information, it <em class="bcp14">MAY</em> be replaced by a pseudonym. If the port is not given, it <em class="bcp14">MAY</em> be assumed to be the default port of the received-protocol.
    1851       </p>
    1852       <p id="rfc.section.5.7.p.5">Multiple Via field values represent each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.
    1853       </p>
    1854       <p id="rfc.section.5.7.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of each recipient, analogous to the <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a> and <a href="p2-semantics.html#header.server" class="smpl">Server</a> header fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.
    1855       </p>
    1856       <p id="rfc.section.5.7.p.7">For example, a request message could be sent from an HTTP/1.0 user agent to an internal proxy code-named "fred", which uses
    1857          HTTP/1.1 to forward the request to a public proxy at p.example.net, which completes the request by forwarding it to the origin
    1858          server at www.example.com. The request received by www.example.com would then have the following Via header field:
    1859       </p>
    1860       <div id="rfc.figure.u.52"></div><pre class="text">  Via: 1.0 fred, 1.1 p.example.net (Apache/1.1)
     1949               the request/response chain. The received-protocol version is appended to the Via field value when the message is forwarded
     1950               so that information about the protocol capabilities of upstream applications remains visible to all recipients.
     1951            </p>
     1952            <p id="rfc.section.5.7.p.4">The protocol-name is excluded if and only if it would be "HTTP". The received-by field is normally the host and optional port
     1953               number of a recipient server or client that subsequently forwarded the message. However, if the real host is considered to
     1954               be sensitive information, it <em class="bcp14">MAY</em> be replaced by a pseudonym. If the port is not given, it <em class="bcp14">MAY</em> be assumed to be the default port of the received-protocol.
     1955            </p>
     1956            <p id="rfc.section.5.7.p.5">Multiple Via field values represent each proxy or gateway that has forwarded the message. Each recipient <em class="bcp14">MUST</em> append its information such that the end result is ordered according to the sequence of forwarding applications.
     1957            </p>
     1958            <p id="rfc.section.5.7.p.6">Comments <em class="bcp14">MAY</em> be used in the Via header field to identify the software of each recipient, analogous to the <a href="p2-semantics.html#header.user-agent" class="smpl">User-Agent</a> and <a href="p2-semantics.html#header.server" class="smpl">Server</a> header fields. However, all comments in the Via field are optional and <em class="bcp14">MAY</em> be removed by any recipient prior to forwarding the message.
     1959            </p>
     1960            <p id="rfc.section.5.7.p.7">For example, a request message could be sent from an HTTP/1.0 user agent to an internal proxy code-named "fred", which uses
     1961               HTTP/1.1 to forward the request to a public proxy at p.example.net, which completes the request by forwarding it to the origin
     1962               server at www.example.com. The request received by www.example.com would then have the following Via header field:
     1963            </p>
     1964            <div id="rfc.figure.u.52"></div><pre class="text">  Via: 1.0 fred, 1.1 p.example.net (Apache/1.1)
    18611965</pre><p id="rfc.section.5.7.p.9">A proxy or gateway used as a portal through a network firewall <em class="bcp14">SHOULD NOT</em> forward the names and ports of hosts within the firewall region unless it is explicitly enabled to do so. If not enabled,
    1862          the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host.
    1863       </p>
    1864       <p id="rfc.section.5.7.p.10">A proxy or gateway <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries into a single such entry if the entries have identical received-protocol
    1865          values. For example,
    1866       </p>
    1867       <div id="rfc.figure.u.53"></div><pre class="text">  Via: 1.0 ricky, 1.1 ethel, 1.1 fred, 1.0 lucy
     1966               the received-by host of any host behind the firewall <em class="bcp14">SHOULD</em> be replaced by an appropriate pseudonym for that host.
     1967            </p>
     1968            <p id="rfc.section.5.7.p.10">A proxy or gateway <em class="bcp14">MAY</em> combine an ordered subsequence of Via header field entries into a single such entry if the entries have identical received-protocol
     1969               values. For example,
     1970            </p>
     1971            <div id="rfc.figure.u.53"></div><pre class="text">  Via: 1.0 ricky, 1.1 ethel, 1.1 fred, 1.0 lucy
    18681972</pre><p id="rfc.section.5.7.p.12">could be collapsed to</p>
    1869       <div id="rfc.figure.u.54"></div><pre class="text">  Via: 1.0 ricky, 1.1 mertz, 1.0 lucy
     1973            <div id="rfc.figure.u.54"></div><pre class="text">  Via: 1.0 ricky, 1.1 mertz, 1.0 lucy
    18701974</pre><p id="rfc.section.5.7.p.14">Senders <em class="bcp14">SHOULD NOT</em> combine multiple entries unless they are all under the same organizational control and the hosts have already been replaced
    1871          by pseudonyms. Senders <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values.
    1872       </p>
    1873       <h2 id="rfc.section.5.8"><a href="#rfc.section.5.8">5.8</a>&nbsp;<a id="message.transforming" href="#message.transforming">Message Transforming</a></h2>
    1874       <p id="rfc.section.5.8.p.1">If a proxy receives a request-target with a host name that is not a fully qualified domain name, it <em class="bcp14">MAY</em> add its own domain to the host name it received when forwarding the request. A proxy <em class="bcp14">MUST NOT</em> change the host name if it is a fully qualified domain name.
    1875       </p>
    1876       <p id="rfc.section.5.8.p.2">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify the "path-absolute" and "query" parts of the received request-target when forwarding it to the next inbound server,
    1877          except as noted above to replace an empty path with "/" or "*".
    1878       </p>
    1879       <p id="rfc.section.5.8.p.3">A non-transforming proxy <em class="bcp14">MUST</em> preserve the message payload (<a href="p2-semantics.html#payload" title="Payload Semantics">Section 3.3</a> of <a href="#Part2" id="rfc.xref.Part2.20"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>), though it <em class="bcp14">MAY</em> change the message body through application or removal of a transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
    1880       </p>
    1881       <p id="rfc.section.5.8.p.4">A non-transforming proxy <em class="bcp14">SHOULD NOT</em> modify header fields that provide information about the end points of the communication chain, the resource state, or the
    1882          selected representation.
    1883       </p>
    1884       <p id="rfc.section.5.8.p.5">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify any of the following fields in a request or response, and it <em class="bcp14">MUST NOT</em> add any of these fields if not already present:
    1885       </p>
    1886       <ul>
    1887          <li><a href="p2-semantics.html#header.allow" class="smpl">Allow</a> (<a href="p2-semantics.html#header.allow" title="Allow">Section 8.4.1</a> of <a href="#Part2" id="rfc.xref.Part2.21"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
    1888          </li>
    1889          <li><a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> (<a href="p2-semantics.html#header.content-location" title="Content-Location">Section 3.1.4.2</a> of <a href="#Part2" id="rfc.xref.Part2.22"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
    1890          </li>
    1891          <li>Content-MD5 (<a href="http://tools.ietf.org/html/rfc2616#section-14.15">Section 14.15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>)
    1892          </li>
    1893          <li><a href="p4-conditional.html#header.etag" class="smpl">ETag</a> (<a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a> of <a href="#Part4" id="rfc.xref.Part4.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>)
    1894          </li>
    1895          <li><a href="p4-conditional.html#header.last-modified" class="smpl">Last-Modified</a> (<a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 2.2</a> of <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>)
    1896          </li>
    1897          <li><a href="p2-semantics.html#header.server" class="smpl">Server</a> (<a href="p2-semantics.html#header.server" title="Server">Section 8.4.2</a> of <a href="#Part2" id="rfc.xref.Part2.23"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
    1898          </li>
    1899       </ul>
    1900       <p id="rfc.section.5.8.p.6">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field (<a href="p6-cache.html#header.expires" title="Expires">Section 7.3</a> of <a href="#Part6" id="rfc.xref.Part6.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>) if already present in a response, but it <em class="bcp14">MAY</em> add an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field with a field-value identical to that of the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field.
    1901       </p>
    1902       <p id="rfc.section.5.8.p.7">A proxy <em class="bcp14">MUST NOT</em> modify or add any of the following fields in a message that contains the no-transform cache-control directive:
    1903       </p>
    1904       <ul>
    1905          <li><a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#header.content-encoding" title="Content-Encoding">Section 3.1.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.24"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
    1906          </li>
    1907          <li><a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> (<a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a> of <a href="#Part5" id="rfc.xref.Part5.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>)
    1908          </li>
    1909          <li><a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> (<a href="p2-semantics.html#header.content-type" title="Content-Type">Section 3.1.1.5</a> of <a href="#Part2" id="rfc.xref.Part2.25"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
    1910          </li>
    1911       </ul>
    1912       <p id="rfc.section.5.8.p.8">A transforming proxy <em class="bcp14">MAY</em> modify or add these fields to a message that does not include no-transform, but if it does so, it <em class="bcp14">MUST</em> add a Warning 214 (Transformation applied) if one does not already appear in the message (see <a href="p6-cache.html#header.warning" title="Warning">Section 7.5</a> of <a href="#Part6" id="rfc.xref.Part6.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
    1913       </p>
    1914       <div class="note" id="rfc.section.5.8.p.9">
    1915          <p> <b>Warning:</b> Unnecessary modification of header fields might cause authentication failures if stronger authentication mechanisms are introduced
    1916             in later versions of HTTP. Such authentication mechanisms <em class="bcp14">MAY</em> rely on the values of header fields not listed here.
    1917          </p>
     1975               by pseudonyms. Senders <em class="bcp14">MUST NOT</em> combine entries which have different received-protocol values.
     1976            </p>
     1977         </div>
     1978         <div id="message.transforming">
     1979            <h2 id="rfc.section.5.8"><a href="#rfc.section.5.8">5.8</a>&nbsp;<a href="#message.transforming">Message Transforming</a></h2>
     1980            <p id="rfc.section.5.8.p.1">If a proxy receives a request-target with a host name that is not a fully qualified domain name, it <em class="bcp14">MAY</em> add its own domain to the host name it received when forwarding the request. A proxy <em class="bcp14">MUST NOT</em> change the host name if it is a fully qualified domain name.
     1981            </p>
     1982            <p id="rfc.section.5.8.p.2">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify the "path-absolute" and "query" parts of the received request-target when forwarding it to the next inbound server,
     1983               except as noted above to replace an empty path with "/" or "*".
     1984            </p>
     1985            <p id="rfc.section.5.8.p.3">A non-transforming proxy <em class="bcp14">MUST</em> preserve the message payload (<a href="p2-semantics.html#payload" title="Payload Semantics">Section 3.3</a> of <a href="#Part2" id="rfc.xref.Part2.20"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>), though it <em class="bcp14">MAY</em> change the message body through application or removal of a transfer-coding (<a href="#transfer.codings" title="Transfer Codings">Section&nbsp;4</a>).
     1986            </p>
     1987            <p id="rfc.section.5.8.p.4">A non-transforming proxy <em class="bcp14">SHOULD NOT</em> modify header fields that provide information about the end points of the communication chain, the resource state, or the
     1988               selected representation.
     1989            </p>
     1990            <p id="rfc.section.5.8.p.5">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify any of the following fields in a request or response, and it <em class="bcp14">MUST NOT</em> add any of these fields if not already present:
     1991            </p>
     1992            <ul>
     1993               <li><a href="p2-semantics.html#header.allow" class="smpl">Allow</a> (<a href="p2-semantics.html#header.allow" title="Allow">Section 8.4.1</a> of <a href="#Part2" id="rfc.xref.Part2.21"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
     1994               </li>
     1995               <li><a href="p2-semantics.html#header.content-location" class="smpl">Content-Location</a> (<a href="p2-semantics.html#header.content-location" title="Content-Location">Section 3.1.4.2</a> of <a href="#Part2" id="rfc.xref.Part2.22"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
     1996               </li>
     1997               <li>Content-MD5 (<a href="https://tools.ietf.org/html/rfc2616#section-14.15">Section 14.15</a> of <a href="#RFC2616" id="rfc.xref.RFC2616.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>)
     1998               </li>
     1999               <li><a href="p4-conditional.html#header.etag" class="smpl">ETag</a> (<a href="p4-conditional.html#header.etag" title="ETag">Section 2.3</a> of <a href="#Part4" id="rfc.xref.Part4.4"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>)
     2000               </li>
     2001               <li><a href="p4-conditional.html#header.last-modified" class="smpl">Last-Modified</a> (<a href="p4-conditional.html#header.last-modified" title="Last-Modified">Section 2.2</a> of <a href="#Part4" id="rfc.xref.Part4.5"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests">[Part4]</cite></a>)
     2002               </li>
     2003               <li><a href="p2-semantics.html#header.server" class="smpl">Server</a> (<a href="p2-semantics.html#header.server" title="Server">Section 8.4.2</a> of <a href="#Part2" id="rfc.xref.Part2.23"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
     2004               </li>
     2005            </ul>
     2006            <p id="rfc.section.5.8.p.6">A non-transforming proxy <em class="bcp14">MUST NOT</em> modify an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field (<a href="p6-cache.html#header.expires" title="Expires">Section 7.3</a> of <a href="#Part6" id="rfc.xref.Part6.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>) if already present in a response, but it <em class="bcp14">MAY</em> add an <a href="p6-cache.html#header.expires" class="smpl">Expires</a> header field with a field-value identical to that of the <a href="p2-semantics.html#header.date" class="smpl">Date</a> header field.
     2007            </p>
     2008            <p id="rfc.section.5.8.p.7">A proxy <em class="bcp14">MUST NOT</em> modify or add any of the following fields in a message that contains the no-transform cache-control directive:
     2009            </p>
     2010            <ul>
     2011               <li><a href="p2-semantics.html#header.content-encoding" class="smpl">Content-Encoding</a> (<a href="p2-semantics.html#header.content-encoding" title="Content-Encoding">Section 3.1.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.24"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
     2012               </li>
     2013               <li><a href="p5-range.html#header.content-range" class="smpl">Content-Range</a> (<a href="p5-range.html#header.content-range" title="Content-Range">Section 5.2</a> of <a href="#Part5" id="rfc.xref.Part5.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Range Requests">[Part5]</cite></a>)
     2014               </li>
     2015               <li><a href="p2-semantics.html#header.content-type" class="smpl">Content-Type</a> (<a href="p2-semantics.html#header.content-type" title="Content-Type">Section 3.1.1.5</a> of <a href="#Part2" id="rfc.xref.Part2.25"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>)
     2016               </li>
     2017            </ul>
     2018            <p id="rfc.section.5.8.p.8">A transforming proxy <em class="bcp14">MAY</em> modify or add these fields to a message that does not include no-transform, but if it does so, it <em class="bcp14">MUST</em> add a Warning 214 (Transformation applied) if one does not already appear in the message (see <a href="p6-cache.html#header.warning" title="Warning">Section 7.5</a> of <a href="#Part6" id="rfc.xref.Part6.8"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
     2019            </p>
     2020            <div class="note" id="rfc.section.5.8.p.9">
     2021               <p><b>Warning:</b> Unnecessary modification of header fields might cause authentication failures if stronger authentication mechanisms are introduced
     2022                  in later versions of HTTP. Such authentication mechanisms <em class="bcp14">MAY</em> rely on the values of header fields not listed here.
     2023               </p>
     2024            </div>
     2025         </div>
     2026         <div id="associating.response.to.request">
     2027            <h2 id="rfc.section.5.9"><a href="#rfc.section.5.9">5.9</a>&nbsp;<a href="#associating.response.to.request">Associating a Response to a Request</a></h2>
     2028            <p id="rfc.section.5.9.p.1">HTTP does not include a request identifier for associating a given request message with its corresponding one or more response
     2029               messages. Hence, it relies on the order of response arrival to correspond exactly to the order in which requests are made
     2030               on the same connection. More than one response message per request only occurs when one or more informational responses (<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>, see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 7.2</a> of <a href="#Part2" id="rfc.xref.Part2.26"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>) precede a final response to the same request.
     2031            </p>
     2032            <p id="rfc.section.5.9.p.2">A client that uses persistent connections and sends more than one request per connection <em class="bcp14">MUST</em> maintain a list of outstanding requests in the order sent on that connection and <em class="bcp14">MUST</em> associate each received response message to the highest ordered request that has not yet received a final (non-<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>) response.
     2033            </p>
     2034         </div>
    19182035      </div>
    1919       <h2 id="rfc.section.5.9"><a href="#rfc.section.5.9">5.9</a>&nbsp;<a id="associating.response.to.request" href="#associating.response.to.request">Associating a Response to a Request</a></h2>
    1920       <p id="rfc.section.5.9.p.1">HTTP does not include a request identifier for associating a given request message with its corresponding one or more response
    1921          messages. Hence, it relies on the order of response arrival to correspond exactly to the order in which requests are made
    1922          on the same connection. More than one response message per request only occurs when one or more informational responses (<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>, see <a href="p2-semantics.html#status.1xx" title="Informational 1xx">Section 7.2</a> of <a href="#Part2" id="rfc.xref.Part2.26"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>) precede a final response to the same request.
    1923       </p>
    1924       <p id="rfc.section.5.9.p.2">A client that uses persistent connections and sends more than one request per connection <em class="bcp14">MUST</em> maintain a list of outstanding requests in the order sent on that connection and <em class="bcp14">MUST</em> associate each received response message to the highest ordered request that has not yet received a final (non-<a href="p2-semantics.html#status.1xx" class="smpl">1xx</a>) response.
    1925       </p>
    1926       <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;<a id="connection.management" href="#connection.management">Connection Management</a></h1>
    1927       <p id="rfc.section.6.p.1">HTTP messaging is independent of the underlying transport or session-layer connection protocol(s). HTTP only presumes a reliable
    1928          transport with in-order delivery of requests and the corresponding in-order delivery of responses. The mapping of HTTP request
    1929          and response structures onto the data units of an underlying transport protocol is outside the scope of this specification.
    1930       </p>
    1931       <p id="rfc.section.6.p.2">As described in <a href="#connecting.inbound" title="Connecting Inbound">Section&nbsp;5.2</a>, the specific connection protocols to be used for an HTTP interaction are determined by client configuration and the <a href="#target-resource" class="smpl">target URI</a>. For example, the "http" URI scheme (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>) indicates a default connection of TCP over IP, with a default TCP port of 80, but the client might be configured to use
    1932          a proxy via some other connection, port, or protocol.
    1933       </p>
    1934       <p id="rfc.section.6.p.3">HTTP implementations are expected to engage in connection management, which includes maintaining the state of current connections,
    1935          establishing a new connection or reusing an existing connection, processing messages received on a connection, detecting connection
    1936          failures, and closing each connection. Most clients maintain multiple connections in parallel, including more than one connection
    1937          per server endpoint. Most servers are designed to maintain thousands of concurrent connections, while controlling request
    1938          queues to enable fair use and detect denial of service attacks.
    1939       </p>
    1940       <div id="rfc.iref.c.9"></div>
    1941       <div id="rfc.iref.c.10"></div>
    1942       <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;<a id="header.connection" href="#header.connection">Connection</a></h2>
    1943       <p id="rfc.section.6.1.p.1">The "Connection" header field allows the sender to indicate desired control options for the current connection. In order to
    1944          avoid confusing downstream recipients, a proxy or gateway <em class="bcp14">MUST</em> remove or replace any received connection options before forwarding the message.
    1945       </p>
    1946       <p id="rfc.section.6.1.p.2">When a header field is used to supply control information for or about the current connection, the sender <em class="bcp14">SHOULD</em> list the corresponding field-name within the "Connection" header field. A proxy or gateway <em class="bcp14">MUST</em> parse a received Connection header field before a message is forwarded and, for each connection-option in this field, remove
    1947          any header field(s) from the message with the same name as the connection-option, and then remove the Connection header field
    1948          itself (or replace it with the intermediary's own connection options for the forwarded message).
    1949       </p>
    1950       <p id="rfc.section.6.1.p.3">Hence, the Connection header field provides a declarative way of distinguishing header fields that are only intended for the
    1951          immediate recipient ("hop-by-hop") from those fields that are intended for all recipients on the chain ("end-to-end"), enabling
    1952          the message to be self-descriptive and allowing future connection-specific extensions to be deployed without fear that they
    1953          will be blindly forwarded by older intermediaries.
    1954       </p>
    1955       <p id="rfc.section.6.1.p.4">The Connection header field's value has the following grammar:</p>
    1956       <div id="rfc.figure.u.55"></div><pre class="inline"><span id="rfc.iref.g.91"></span><span id="rfc.iref.g.92"></span>  <a href="#header.connection" class="smpl">Connection</a>        = 1#<a href="#header.connection" class="smpl">connection-option</a>
     2036      <div id="connection.management">
     2037         <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;<a href="#connection.management">Connection Management</a></h1>
     2038         <p id="rfc.section.6.p.1">HTTP messaging is independent of the underlying transport or session-layer connection protocol(s). HTTP only presumes a reliable
     2039            transport with in-order delivery of requests and the corresponding in-order delivery of responses. The mapping of HTTP request
     2040            and response structures onto the data units of an underlying transport protocol is outside the scope of this specification.
     2041         </p>
     2042         <p id="rfc.section.6.p.2">As described in <a href="#connecting.inbound" title="Connecting Inbound">Section&nbsp;5.2</a>, the specific connection protocols to be used for an HTTP interaction are determined by client configuration and the <a href="#target-resource" class="smpl">target URI</a>. For example, the "http" URI scheme (<a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a>) indicates a default connection of TCP over IP, with a default TCP port of 80, but the client might be configured to use
     2043            a proxy via some other connection, port, or protocol.
     2044         </p>
     2045         <p id="rfc.section.6.p.3">HTTP implementations are expected to engage in connection management, which includes maintaining the state of current connections,
     2046            establishing a new connection or reusing an existing connection, processing messages received on a connection, detecting connection
     2047            failures, and closing each connection. Most clients maintain multiple connections in parallel, including more than one connection
     2048            per server endpoint. Most servers are designed to maintain thousands of concurrent connections, while controlling request
     2049            queues to enable fair use and detect denial of service attacks.
     2050         </p>
     2051         <div id="header.connection">
     2052            <div id="rfc.iref.c.9"></div>
     2053            <div id="rfc.iref.c.10"></div>
     2054            <h2 id="rfc.section.6.1"><a href="#rfc.section.6.1">6.1</a>&nbsp;<a href="#header.connection">Connection</a></h2>
     2055            <p id="rfc.section.6.1.p.1">The "Connection" header field allows the sender to indicate desired control options for the current connection. In order to
     2056               avoid confusing downstream recipients, a proxy or gateway <em class="bcp14">MUST</em> remove or replace any received connection options before forwarding the message.
     2057            </p>
     2058            <p id="rfc.section.6.1.p.2">When a header field is used to supply control information for or about the current connection, the sender <em class="bcp14">SHOULD</em> list the corresponding field-name within the "Connection" header field. A proxy or gateway <em class="bcp14">MUST</em> parse a received Connection header field before a message is forwarded and, for each connection-option in this field, remove
     2059               any header field(s) from the message with the same name as the connection-option, and then remove the Connection header field
     2060               itself (or replace it with the intermediary's own connection options for the forwarded message).
     2061            </p>
     2062            <p id="rfc.section.6.1.p.3">Hence, the Connection header field provides a declarative way of distinguishing header fields that are only intended for the
     2063               immediate recipient ("hop-by-hop") from those fields that are intended for all recipients on the chain ("end-to-end"), enabling
     2064               the message to be self-descriptive and allowing future connection-specific extensions to be deployed without fear that they
     2065               will be blindly forwarded by older intermediaries.
     2066            </p>
     2067            <p id="rfc.section.6.1.p.4">The Connection header field's value has the following grammar:</p>
     2068            <div id="rfc.figure.u.55"></div><pre class="inline"><span id="rfc.iref.g.91"></span><span id="rfc.iref.g.92"></span>  <a href="#header.connection" class="smpl">Connection</a>        = 1#<a href="#header.connection" class="smpl">connection-option</a>
    19572069  <a href="#header.connection" class="smpl">connection-option</a> = <a href="#rule.token.separators" class="smpl">token</a>
    19582070</pre><p id="rfc.section.6.1.p.6">Connection options are case-insensitive.</p>
    1959       <p id="rfc.section.6.1.p.7">A sender <em class="bcp14">MUST NOT</em> include field-names in the Connection header field-value for fields that are defined as expressing constraints for all recipients
    1960          in the request or response chain, such as the Cache-Control header field (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 7.2</a> of <a href="#Part6" id="rfc.xref.Part6.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
    1961       </p>
    1962       <p id="rfc.section.6.1.p.8">The connection options do not have to correspond to a header field present in the message, since a connection-specific header
    1963          field might not be needed if there are no parameters associated with that connection option. Recipients that trigger certain
    1964          connection behavior based on the presence of connection options <em class="bcp14">MUST</em> do so based on the presence of the connection-option rather than only the presence of the optional header field. In other
    1965          words, if the connection option is received as a header field but not indicated within the Connection field-value, then the
    1966          recipient <em class="bcp14">MUST</em> ignore the connection-specific header field because it has likely been forwarded by an intermediary that is only partially
    1967          conformant.
    1968       </p>
    1969       <p id="rfc.section.6.1.p.9">When defining new connection options, specifications ought to carefully consider existing deployed header fields and ensure
    1970          that the new connection option does not share the same name as an unrelated header field that might already be deployed. Defining
    1971          a new connection option essentially reserves that potential field-name for carrying additional information related to the
    1972          connection option, since it would be unwise for senders to use that field-name for anything else.
    1973       </p>
    1974       <p id="rfc.section.6.1.p.10">The "<dfn>close</dfn>" connection option is defined for a sender to signal that this connection will be closed after completion of the response.
    1975          For example,
    1976       </p>
    1977       <div id="rfc.figure.u.56"></div><pre class="text">  Connection: close
     2071            <p id="rfc.section.6.1.p.7">A sender <em class="bcp14">MUST NOT</em> include field-names in the Connection header field-value for fields that are defined as expressing constraints for all recipients
     2072               in the request or response chain, such as the Cache-Control header field (<a href="p6-cache.html#header.cache-control" title="Cache-Control">Section 7.2</a> of <a href="#Part6" id="rfc.xref.Part6.9"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Caching">[Part6]</cite></a>).
     2073            </p>
     2074            <p id="rfc.section.6.1.p.8">The connection options do not have to correspond to a header field present in the message, since a connection-specific header
     2075               field might not be needed if there are no parameters associated with that connection option. Recipients that trigger certain
     2076               connection behavior based on the presence of connection options <em class="bcp14">MUST</em> do so based on the presence of the connection-option rather than only the presence of the optional header field. In other
     2077               words, if the connection option is received as a header field but not indicated within the Connection field-value, then the
     2078               recipient <em class="bcp14">MUST</em> ignore the connection-specific header field because it has likely been forwarded by an intermediary that is only partially
     2079               conformant.
     2080            </p>
     2081            <p id="rfc.section.6.1.p.9">When defining new connection options, specifications ought to carefully consider existing deployed header fields and ensure
     2082               that the new connection option does not share the same name as an unrelated header field that might already be deployed. Defining
     2083               a new connection option essentially reserves that potential field-name for carrying additional information related to the
     2084               connection option, since it would be unwise for senders to use that field-name for anything else.
     2085            </p>
     2086            <p id="rfc.section.6.1.p.10">The "<dfn>close</dfn>" connection option is defined for a sender to signal that this connection will be closed after completion of the response.
     2087               For example,
     2088            </p>
     2089            <div id="rfc.figure.u.56"></div><pre class="text">  Connection: close
    19782090</pre><p id="rfc.section.6.1.p.12">in either the request or the response header fields indicates that the connection <em class="bcp14">SHOULD</em> be closed after the current request/response is complete (<a href="#persistent.tear-down" id="rfc.xref.persistent.tear-down.1" title="Tear-down">Section&nbsp;6.2.5</a>).
    1979       </p>
    1980       <p id="rfc.section.6.1.p.13">A client that does not support persistent connections <em class="bcp14">MUST</em> send the "close" connection option in every request message.
    1981       </p>
    1982       <p id="rfc.section.6.1.p.14">A server that does not support persistent connections <em class="bcp14">MUST</em> send the "close" connection option in every response message that does not have a <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a> status code.
    1983       </p>
    1984       <h2 id="rfc.section.6.2"><a href="#rfc.section.6.2">6.2</a>&nbsp;<a id="persistent.connections" href="#persistent.connections">Persistent Connections</a></h2>
    1985       <p id="rfc.section.6.2.p.1">HTTP was originally designed to use a separate connection for each request/response pair. As the Web evolved and embedded
    1986          requests became common for inline images, the connection establishment overhead was a significant drain on performance and
    1987          a concern for Internet congestion. Message framing (via <a href="#header.content-length" class="smpl">Content-Length</a>) and optional long-lived connections (via Keep-Alive) were added to HTTP/1.0 in order to improve performance for some requests.
    1988          However, these extensions were insufficient for dynamically generated responses and difficult to use with intermediaries.
    1989       </p>
    1990       <p id="rfc.section.6.2.p.2">HTTP/1.1 defaults to the use of "<a href="#persistent.connections" class="smpl">persistent connections</a>", which allow multiple requests and responses to be carried over a single connection. The "<a href="#header.connection" class="smpl">close</a>" connection-option is used to signal that a connection will close after the current request/response. Persistent connections
    1991          have a number of advantages:
    1992       </p>
    1993       <ul>
    1994          <li>By opening and closing fewer connections, CPU time is saved in routers and hosts (clients, servers, proxies, gateways, tunnels,
    1995             or caches), and memory used for protocol control blocks can be saved in hosts.
    1996          </li>
    1997          <li>Most requests and responses can be pipelined on a connection. Pipelining allows a client to make multiple requests without
    1998             waiting for each response, allowing a single connection to be used much more efficiently and with less overall latency.
    1999          </li>
    2000          <li>For TCP connections, network congestion is reduced by eliminating the packets associated with the three way handshake and
    2001             graceful close procedures, and by allowing sufficient time to determine the congestion state of the network.
    2002          </li>
    2003          <li>Latency on subsequent requests is reduced since there is no time spent in the connection opening handshake.</li>
    2004          <li>HTTP can evolve more gracefully, since most errors can be reported without the penalty of closing the connection. Clients
    2005             using future versions of HTTP might optimistically try a new feature, but if communicating with an older server, retry with
    2006             old semantics after an error is reported.
    2007          </li>
    2008       </ul>
    2009       <p id="rfc.section.6.2.p.3">HTTP implementations <em class="bcp14">SHOULD</em> implement persistent connections.
    2010       </p>
    2011       <h3 id="rfc.section.6.2.1"><a href="#rfc.section.6.2.1">6.2.1</a>&nbsp;<a id="persistent.establishment" href="#persistent.establishment">Establishment</a></h3>
    2012       <p id="rfc.section.6.2.1.p.1">It is beyond the scope of this specification to describe how connections are established via various transport or session-layer
    2013          protocols. Each connection applies to only one transport link.
    2014       </p>
    2015       <p id="rfc.section.6.2.1.p.2">A recipient determines whether a connection is persistent or not based on the most recently received message's protocol version
    2016          and <a href="#header.connection" class="smpl">Connection</a> header field (if any):
    2017       </p>
    2018       <ul>
    2019          <li>If the <a href="#header.connection" class="smpl">close</a> connection option is present, the connection will not persist after the current response; else,
    2020          </li>
    2021          <li>If the received protocol is HTTP/1.1 (or later), the connection will persist after the current response; else,</li>
    2022          <li>If the received protocol is HTTP/1.0, the "keep-alive" connection option is present, the recipient is not a proxy, and the
    2023             recipient wishes to honor the HTTP/1.0 "keep-alive" mechanism, the connection will persist after the current response; otherwise,
    2024          </li>
    2025          <li>The connection will close after the current response.</li>
    2026       </ul>
    2027       <p id="rfc.section.6.2.1.p.3">A proxy server <em class="bcp14">MUST NOT</em> maintain a persistent connection with an HTTP/1.0 client (see <a href="http://tools.ietf.org/html/rfc2068#section-19.7.1">Section 19.7.1</a> of <a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> for information and discussion of the problems with the Keep-Alive header field implemented by many HTTP/1.0 clients).
    2028       </p>
    2029       <h3 id="rfc.section.6.2.2"><a href="#rfc.section.6.2.2">6.2.2</a>&nbsp;<a id="persistent.reuse" href="#persistent.reuse">Reuse</a></h3>
    2030       <p id="rfc.section.6.2.2.p.1">In order to remain persistent, all messages on a connection <em class="bcp14">MUST</em> have a self-defined message length (i.e., one not defined by closure of the connection), as described in <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>.
    2031       </p>
    2032       <p id="rfc.section.6.2.2.p.2">A server <em class="bcp14">MAY</em> assume that an HTTP/1.1 client intends to maintain a persistent connection until a <a href="#header.connection" class="smpl">close</a> connection option is received in a request.
    2033       </p>
    2034       <p id="rfc.section.6.2.2.p.3">A client <em class="bcp14">MAY</em> reuse a persistent connection until it sends or receives a <a href="#header.connection" class="smpl">close</a> connection option or receives an HTTP/1.0 response without a "keep-alive" connection option.
    2035       </p>
    2036       <p id="rfc.section.6.2.2.p.4">Clients and servers <em class="bcp14">SHOULD NOT</em> assume that a persistent connection is maintained for HTTP versions less than 1.1 unless it is explicitly signaled. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Keep-Alive Connections">Appendix&nbsp;A.1.2</a> for more information on backward compatibility with HTTP/1.0 clients.
    2037       </p>
    2038       <h4 id="rfc.section.6.2.2.1"><a href="#rfc.section.6.2.2.1">6.2.2.1</a>&nbsp;<a id="pipelining" href="#pipelining">Pipelining</a></h4>
    2039       <p id="rfc.section.6.2.2.1.p.1">A client that supports persistent connections <em class="bcp14">MAY</em> "pipeline" its requests (i.e., send multiple requests without waiting for each response). A server <em class="bcp14">MUST</em> send its responses to those requests in the same order that the requests were received.
    2040       </p>
    2041       <p id="rfc.section.6.2.2.1.p.2">Clients which assume persistent connections and pipeline immediately after connection establishment <em class="bcp14">SHOULD</em> be prepared to retry their connection if the first pipelined attempt fails. If a client does such a retry, it <em class="bcp14">MUST NOT</em> pipeline before it knows the connection is persistent. Clients <em class="bcp14">MUST</em> also be prepared to resend their requests if the server closes the connection before sending all of the corresponding responses.
    2042       </p>
    2043       <p id="rfc.section.6.2.2.1.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent request methods or non-idempotent sequences of request methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 5.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.27"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to
    2044          send a non-idempotent request <em class="bcp14">SHOULD</em> wait to send that request until it has received the response status line for the previous request.
    2045       </p>
    2046       <h4 id="rfc.section.6.2.2.2"><a href="#rfc.section.6.2.2.2">6.2.2.2</a>&nbsp;<a id="persistent.retrying.requests" href="#persistent.retrying.requests">Retrying Requests</a></h4>
    2047       <p id="rfc.section.6.2.2.2.p.1">Senders can close the transport connection at any time. Therefore, clients, servers, and proxies <em class="bcp14">MUST</em> be able to recover from asynchronous close events. Client software <em class="bcp14">MAY</em> reopen the transport connection and retransmit the aborted sequence of requests without user interaction so long as the request
    2048          sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 5.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.28"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). Non-idempotent request methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding
    2049          of the application <em class="bcp14">MAY</em> substitute for user confirmation. The automatic retry <em class="bcp14">SHOULD NOT</em> be repeated if the second sequence of requests fails.
    2050       </p>
    2051       <h3 id="rfc.section.6.2.3"><a href="#rfc.section.6.2.3">6.2.3</a>&nbsp;<a id="persistent.concurrency" href="#persistent.concurrency">Concurrency</a></h3>
    2052       <p id="rfc.section.6.2.3.p.1">Clients <em class="bcp14">SHOULD</em> limit the number of simultaneous connections that they maintain to a given server.
    2053       </p>
    2054       <p id="rfc.section.6.2.3.p.2">Previous revisions of HTTP gave a specific number of connections as a ceiling, but this was found to be impractical for many
    2055          applications. As a result, this specification does not mandate a particular maximum number of connections, but instead encourages
    2056          clients to be conservative when opening multiple connections.
    2057       </p>
    2058       <p id="rfc.section.6.2.3.p.3">Multiple connections are typically used to avoid the "head-of-line blocking" problem, wherein a request that takes significant
    2059          server-side processing and/or has a large payload blocks subsequent requests on the same connection. However, each connection
    2060          consumes server resources. Furthermore, using multiple connections can cause undesirable side effects in congested networks.
    2061       </p>
    2062       <p id="rfc.section.6.2.3.p.4">Note that servers might reject traffic that they deem abusive, including an excessive number of connections from a client.</p>
    2063       <h3 id="rfc.section.6.2.4"><a href="#rfc.section.6.2.4">6.2.4</a>&nbsp;<a id="persistent.failures" href="#persistent.failures">Failures and Time-outs</a></h3>
    2064       <p id="rfc.section.6.2.4.p.1">Servers will usually have some time-out value beyond which they will no longer maintain an inactive connection. Proxy servers
    2065          might make this a higher value since it is likely that the client will be making more connections through the same server.
    2066          The use of persistent connections places no requirements on the length (or existence) of this time-out for either the client
    2067          or the server.
    2068       </p>
    2069       <p id="rfc.section.6.2.4.p.2">When a client or server wishes to time-out it <em class="bcp14">SHOULD</em> issue a graceful close on the transport connection. Clients and servers <em class="bcp14">SHOULD</em> both constantly watch for the other side of the transport close, and respond to it as appropriate. If a client or server does
    2070          not detect the other side's close promptly it could cause unnecessary resource drain on the network.
    2071       </p>
    2072       <p id="rfc.section.6.2.4.p.3">A client, server, or proxy <em class="bcp14">MAY</em> close the transport connection at any time. For example, a client might have started to send a new request at the same time
    2073          that the server has decided to close the "idle" connection. From the server's point of view, the connection is being closed
    2074          while it was idle, but from the client's point of view, a request is in progress.
    2075       </p>
    2076       <p id="rfc.section.6.2.4.p.4">Servers <em class="bcp14">SHOULD</em> maintain persistent connections and allow the underlying transport's flow control mechanisms to resolve temporary overloads,
    2077          rather than terminate connections with the expectation that clients will retry. The latter technique can exacerbate network
    2078          congestion.
    2079       </p>
    2080       <p id="rfc.section.6.2.4.p.5">A client sending a message body <em class="bcp14">SHOULD</em> monitor the network connection for an error status code while it is transmitting the request. If the client sees an error
    2081          status code, it <em class="bcp14">SHOULD</em> immediately cease transmitting the body and close the connection.
    2082       </p>
    2083       <div id="rfc.iref.c.11"></div>
    2084       <div id="rfc.iref.c.12"></div>
    2085       <h3 id="rfc.section.6.2.5"><a href="#rfc.section.6.2.5">6.2.5</a>&nbsp;<a id="persistent.tear-down" href="#persistent.tear-down">Tear-down</a></h3>
    2086       <p id="rfc.section.6.2.5.p.1">The <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section&nbsp;6.1</a>) provides a "<a href="#header.connection" class="smpl">close</a>" connection option that a sender <em class="bcp14">SHOULD</em> send when it wishes to close the connection after the current request/response pair.
    2087       </p>
    2088       <p id="rfc.section.6.2.5.p.2">A client that sends a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST NOT</em> send further requests on that connection (after the one containing <a href="#header.connection" class="smpl">close</a>) and <em class="bcp14">MUST</em> close the connection after reading the final response message corresponding to this request.
    2089       </p>
    2090       <p id="rfc.section.6.2.5.p.3">A server that receives a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> initiate a lingering close of the connection after it sends the final response to the request that contained <a href="#header.connection" class="smpl">close</a>. The server <em class="bcp14">SHOULD</em> include a <a href="#header.connection" class="smpl">close</a> connection option in its final response on that connection. The server <em class="bcp14">MUST NOT</em> process any further requests received on that connection.
    2091       </p>
    2092       <p id="rfc.section.6.2.5.p.4">A server that sends a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> initiate a lingering close of the connection after it sends the response containing <a href="#header.connection" class="smpl">close</a>. The server <em class="bcp14">MUST NOT</em> process any further requests received on that connection.
    2093       </p>
    2094       <p id="rfc.section.6.2.5.p.5">A client that receives a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> cease sending requests on that connection and close the connection after reading the response message containing the close;
    2095          if additional pipelined requests had been sent on the connection, the client <em class="bcp14">SHOULD</em> assume that they will not be processed by the server.
    2096       </p>
    2097       <p id="rfc.section.6.2.5.p.6">If a server performs an immediate close of a TCP connection, there is a significant risk that the client will not be able
    2098          to read the last HTTP response. If the server receives additional data from the client on a fully-closed connection, such
    2099          as another request that was sent by the client before receiving the server's response, the server's TCP stack will send a
    2100          reset packet to the client; unfortunately, the reset packet might erase the client's unacknowledged input buffers before they
    2101          can be read and interpreted by the client's HTTP parser.
    2102       </p>
    2103       <p id="rfc.section.6.2.5.p.7">To avoid the TCP reset problem, a server can perform a lingering close on a connection by closing only the write side of the
    2104          read/write connection (a half-close) and continuing to read from the connection until the connection is closed by the client
    2105          or the server is reasonably certain that its own TCP stack has received the client's acknowledgement of the packet(s) containing
    2106          the server's last response. It is then safe for the server to fully close the connection.
    2107       </p>
    2108       <p id="rfc.section.6.2.5.p.8">It is unknown whether the reset problem is exclusive to TCP or might also be found in other transport connection protocols.</p>
    2109       <div id="rfc.iref.u.5"></div>
    2110       <h2 id="rfc.section.6.3"><a href="#rfc.section.6.3">6.3</a>&nbsp;<a id="header.upgrade" href="#header.upgrade">Upgrade</a></h2>
    2111       <p id="rfc.section.6.3.p.1">The "Upgrade" header field is intended to provide a simple mechanism for transitioning from HTTP/1.1 to some other protocol
    2112          on the same connection. A client <em class="bcp14">MAY</em> send a list of protocols in the Upgrade header field of a request to invite the server to switch to one or more of those protocols
    2113          before sending the final response. A server <em class="bcp14">MUST</em> send an Upgrade header field in <a href="p2-semantics.html#status.101" class="smpl">101 (Switching
    2114             Protocols)</a> responses to indicate which protocol(s) are being switched to, and <em class="bcp14">MUST</em> send it in <a href="p2-semantics.html#status.426" class="smpl">426 (Upgrade Required)</a> responses to indicate acceptable protocols. A server <em class="bcp14">MAY</em> send an Upgrade header field in any other response to indicate that they might be willing to upgrade to one of the specified
    2115          protocols for a future request.
    2116       </p>
    2117       <div id="rfc.figure.u.57"></div><pre class="inline"><span id="rfc.iref.g.93"></span>  <a href="#header.upgrade" class="smpl">Upgrade</a>          = 1#<a href="#header.upgrade" class="smpl">protocol</a>
     2091            </p>
     2092            <p id="rfc.section.6.1.p.13">A client that does not support persistent connections <em class="bcp14">MUST</em> send the "close" connection option in every request message.
     2093            </p>
     2094            <p id="rfc.section.6.1.p.14">A server that does not support persistent connections <em class="bcp14">MUST</em> send the "close" connection option in every response message that does not have a <a href="p2-semantics.html#status.1xx" class="smpl">1xx (Informational)</a> status code.
     2095            </p>
     2096         </div>
     2097         <div id="persistent.connections">
     2098            <h2 id="rfc.section.6.2"><a href="#rfc.section.6.2">6.2</a>&nbsp;<a href="#persistent.connections">Persistent Connections</a></h2>
     2099            <p id="rfc.section.6.2.p.1">HTTP was originally designed to use a separate connection for each request/response pair. As the Web evolved and embedded
     2100               requests became common for inline images, the connection establishment overhead was a significant drain on performance and
     2101               a concern for Internet congestion. Message framing (via <a href="#header.content-length" class="smpl">Content-Length</a>) and optional long-lived connections (via Keep-Alive) were added to HTTP/1.0 in order to improve performance for some requests.
     2102               However, these extensions were insufficient for dynamically generated responses and difficult to use with intermediaries.
     2103            </p>
     2104            <p id="rfc.section.6.2.p.2">HTTP/1.1 defaults to the use of "<a href="#persistent.connections" class="smpl">persistent connections</a>", which allow multiple requests and responses to be carried over a single connection. The "<a href="#header.connection" class="smpl">close</a>" connection-option is used to signal that a connection will close after the current request/response. Persistent connections
     2105               have a number of advantages:
     2106            </p>
     2107            <ul>
     2108               <li>By opening and closing fewer connections, CPU time is saved in routers and hosts (clients, servers, proxies, gateways, tunnels,
     2109                  or caches), and memory used for protocol control blocks can be saved in hosts.
     2110               </li>
     2111               <li>Most requests and responses can be pipelined on a connection. Pipelining allows a client to make multiple requests without
     2112                  waiting for each response, allowing a single connection to be used much more efficiently and with less overall latency.
     2113               </li>
     2114               <li>For TCP connections, network congestion is reduced by eliminating the packets associated with the three way handshake and
     2115                  graceful close procedures, and by allowing sufficient time to determine the congestion state of the network.
     2116               </li>
     2117               <li>Latency on subsequent requests is reduced since there is no time spent in the connection opening handshake.</li>
     2118               <li>HTTP can evolve more gracefully, since most errors can be reported without the penalty of closing the connection. Clients
     2119                  using future versions of HTTP might optimistically try a new feature, but if communicating with an older server, retry with
     2120                  old semantics after an error is reported.
     2121               </li>
     2122            </ul>
     2123            <p id="rfc.section.6.2.p.3">HTTP implementations <em class="bcp14">SHOULD</em> implement persistent connections.
     2124            </p>
     2125            <div id="persistent.establishment">
     2126               <h3 id="rfc.section.6.2.1"><a href="#rfc.section.6.2.1">6.2.1</a>&nbsp;<a href="#persistent.establishment">Establishment</a></h3>
     2127               <p id="rfc.section.6.2.1.p.1">It is beyond the scope of this specification to describe how connections are established via various transport or session-layer
     2128                  protocols. Each connection applies to only one transport link.
     2129               </p>
     2130               <p id="rfc.section.6.2.1.p.2">A recipient determines whether a connection is persistent or not based on the most recently received message's protocol version
     2131                  and <a href="#header.connection" class="smpl">Connection</a> header field (if any):
     2132               </p>
     2133               <ul>
     2134                  <li>If the <a href="#header.connection" class="smpl">close</a> connection option is present, the connection will not persist after the current response; else,
     2135                  </li>
     2136                  <li>If the received protocol is HTTP/1.1 (or later), the connection will persist after the current response; else,</li>
     2137                  <li>If the received protocol is HTTP/1.0, the "keep-alive" connection option is present, the recipient is not a proxy, and the
     2138                     recipient wishes to honor the HTTP/1.0 "keep-alive" mechanism, the connection will persist after the current response; otherwise,
     2139                  </li>
     2140                  <li>The connection will close after the current response.</li>
     2141               </ul>
     2142               <p id="rfc.section.6.2.1.p.3">A proxy server <em class="bcp14">MUST NOT</em> maintain a persistent connection with an HTTP/1.0 client (see <a href="https://tools.ietf.org/html/rfc2068#section-19.7.1">Section 19.7.1</a> of <a href="#RFC2068" id="rfc.xref.RFC2068.3"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a> for information and discussion of the problems with the Keep-Alive header field implemented by many HTTP/1.0 clients).
     2143               </p>
     2144            </div>
     2145            <div id="persistent.reuse">
     2146               <h3 id="rfc.section.6.2.2"><a href="#rfc.section.6.2.2">6.2.2</a>&nbsp;<a href="#persistent.reuse">Reuse</a></h3>
     2147               <p id="rfc.section.6.2.2.p.1">In order to remain persistent, all messages on a connection <em class="bcp14">MUST</em> have a self-defined message length (i.e., one not defined by closure of the connection), as described in <a href="#message.body" title="Message Body">Section&nbsp;3.3</a>.
     2148               </p>
     2149               <p id="rfc.section.6.2.2.p.2">A server <em class="bcp14">MAY</em> assume that an HTTP/1.1 client intends to maintain a persistent connection until a <a href="#header.connection" class="smpl">close</a> connection option is received in a request.
     2150               </p>
     2151               <p id="rfc.section.6.2.2.p.3">A client <em class="bcp14">MAY</em> reuse a persistent connection until it sends or receives a <a href="#header.connection" class="smpl">close</a> connection option or receives an HTTP/1.0 response without a "keep-alive" connection option.
     2152               </p>
     2153               <p id="rfc.section.6.2.2.p.4">Clients and servers <em class="bcp14">SHOULD NOT</em> assume that a persistent connection is maintained for HTTP versions less than 1.1 unless it is explicitly signaled. See <a href="#compatibility.with.http.1.0.persistent.connections" title="Keep-Alive Connections">Appendix&nbsp;A.1.2</a> for more information on backward compatibility with HTTP/1.0 clients.
     2154               </p>
     2155               <div id="pipelining">
     2156                  <h4 id="rfc.section.6.2.2.1"><a href="#rfc.section.6.2.2.1">6.2.2.1</a>&nbsp;<a href="#pipelining">Pipelining</a></h4>
     2157                  <p id="rfc.section.6.2.2.1.p.1">A client that supports persistent connections <em class="bcp14">MAY</em> "pipeline" its requests (i.e., send multiple requests without waiting for each response). A server <em class="bcp14">MUST</em> send its responses to those requests in the same order that the requests were received.
     2158                  </p>
     2159                  <p id="rfc.section.6.2.2.1.p.2">Clients which assume persistent connections and pipeline immediately after connection establishment <em class="bcp14">SHOULD</em> be prepared to retry their connection if the first pipelined attempt fails. If a client does such a retry, it <em class="bcp14">MUST NOT</em> pipeline before it knows the connection is persistent. Clients <em class="bcp14">MUST</em> also be prepared to resend their requests if the server closes the connection before sending all of the corresponding responses.
     2160                  </p>
     2161                  <p id="rfc.section.6.2.2.1.p.3">Clients <em class="bcp14">SHOULD NOT</em> pipeline requests using non-idempotent request methods or non-idempotent sequences of request methods (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 5.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.27"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). Otherwise, a premature termination of the transport connection could lead to indeterminate results. A client wishing to
     2162                     send a non-idempotent request <em class="bcp14">SHOULD</em> wait to send that request until it has received the response status line for the previous request.
     2163                  </p>
     2164               </div>
     2165               <div id="persistent.retrying.requests">
     2166                  <h4 id="rfc.section.6.2.2.2"><a href="#rfc.section.6.2.2.2">6.2.2.2</a>&nbsp;<a href="#persistent.retrying.requests">Retrying Requests</a></h4>
     2167                  <p id="rfc.section.6.2.2.2.p.1">Senders can close the transport connection at any time. Therefore, clients, servers, and proxies <em class="bcp14">MUST</em> be able to recover from asynchronous close events. Client software <em class="bcp14">MAY</em> reopen the transport connection and retransmit the aborted sequence of requests without user interaction so long as the request
     2168                     sequence is idempotent (see <a href="p2-semantics.html#idempotent.methods" title="Idempotent Methods">Section 5.2.2</a> of <a href="#Part2" id="rfc.xref.Part2.28"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). Non-idempotent request methods or sequences <em class="bcp14">MUST NOT</em> be automatically retried, although user agents <em class="bcp14">MAY</em> offer a human operator the choice of retrying the request(s). Confirmation by user-agent software with semantic understanding
     2169                     of the application <em class="bcp14">MAY</em> substitute for user confirmation. The automatic retry <em class="bcp14">SHOULD NOT</em> be repeated if the second sequence of requests fails.
     2170                  </p>
     2171               </div>
     2172            </div>
     2173            <div id="persistent.concurrency">
     2174               <h3 id="rfc.section.6.2.3"><a href="#rfc.section.6.2.3">6.2.3</a>&nbsp;<a href="#persistent.concurrency">Concurrency</a></h3>
     2175               <p id="rfc.section.6.2.3.p.1">Clients <em class="bcp14">SHOULD</em> limit the number of simultaneous connections that they maintain to a given server.
     2176               </p>
     2177               <p id="rfc.section.6.2.3.p.2">Previous revisions of HTTP gave a specific number of connections as a ceiling, but this was found to be impractical for many
     2178                  applications. As a result, this specification does not mandate a particular maximum number of connections, but instead encourages
     2179                  clients to be conservative when opening multiple connections.
     2180               </p>
     2181               <p id="rfc.section.6.2.3.p.3">Multiple connections are typically used to avoid the "head-of-line blocking" problem, wherein a request that takes significant
     2182                  server-side processing and/or has a large payload blocks subsequent requests on the same connection. However, each connection
     2183                  consumes server resources. Furthermore, using multiple connections can cause undesirable side effects in congested networks.
     2184               </p>
     2185               <p id="rfc.section.6.2.3.p.4">Note that servers might reject traffic that they deem abusive, including an excessive number of connections from a client.</p>
     2186            </div>
     2187            <div id="persistent.failures">
     2188               <h3 id="rfc.section.6.2.4"><a href="#rfc.section.6.2.4">6.2.4</a>&nbsp;<a href="#persistent.failures">Failures and Time-outs</a></h3>
     2189               <p id="rfc.section.6.2.4.p.1">Servers will usually have some time-out value beyond which they will no longer maintain an inactive connection. Proxy servers
     2190                  might make this a higher value since it is likely that the client will be making more connections through the same server.
     2191                  The use of persistent connections places no requirements on the length (or existence) of this time-out for either the client
     2192                  or the server.
     2193               </p>
     2194               <p id="rfc.section.6.2.4.p.2">When a client or server wishes to time-out it <em class="bcp14">SHOULD</em> issue a graceful close on the transport connection. Clients and servers <em class="bcp14">SHOULD</em> both constantly watch for the other side of the transport close, and respond to it as appropriate. If a client or server does
     2195                  not detect the other side's close promptly it could cause unnecessary resource drain on the network.
     2196               </p>
     2197               <p id="rfc.section.6.2.4.p.3">A client, server, or proxy <em class="bcp14">MAY</em> close the transport connection at any time. For example, a client might have started to send a new request at the same time
     2198                  that the server has decided to close the "idle" connection. From the server's point of view, the connection is being closed
     2199                  while it was idle, but from the client's point of view, a request is in progress.
     2200               </p>
     2201               <p id="rfc.section.6.2.4.p.4">Servers <em class="bcp14">SHOULD</em> maintain persistent connections and allow the underlying transport's flow control mechanisms to resolve temporary overloads,
     2202                  rather than terminate connections with the expectation that clients will retry. The latter technique can exacerbate network
     2203                  congestion.
     2204               </p>
     2205               <p id="rfc.section.6.2.4.p.5">A client sending a message body <em class="bcp14">SHOULD</em> monitor the network connection for an error status code while it is transmitting the request. If the client sees an error
     2206                  status code, it <em class="bcp14">SHOULD</em> immediately cease transmitting the body and close the connection.
     2207               </p>
     2208            </div>
     2209            <div id="persistent.tear-down">
     2210               <div id="rfc.iref.c.11"></div>
     2211               <div id="rfc.iref.c.12"></div>
     2212               <h3 id="rfc.section.6.2.5"><a href="#rfc.section.6.2.5">6.2.5</a>&nbsp;<a href="#persistent.tear-down">Tear-down</a></h3>
     2213               <p id="rfc.section.6.2.5.p.1">The <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.6" title="Connection">Section&nbsp;6.1</a>) provides a "<a href="#header.connection" class="smpl">close</a>" connection option that a sender <em class="bcp14">SHOULD</em> send when it wishes to close the connection after the current request/response pair.
     2214               </p>
     2215               <p id="rfc.section.6.2.5.p.2">A client that sends a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST NOT</em> send further requests on that connection (after the one containing <a href="#header.connection" class="smpl">close</a>) and <em class="bcp14">MUST</em> close the connection after reading the final response message corresponding to this request.
     2216               </p>
     2217               <p id="rfc.section.6.2.5.p.3">A server that receives a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> initiate a lingering close of the connection after it sends the final response to the request that contained <a href="#header.connection" class="smpl">close</a>. The server <em class="bcp14">SHOULD</em> include a <a href="#header.connection" class="smpl">close</a> connection option in its final response on that connection. The server <em class="bcp14">MUST NOT</em> process any further requests received on that connection.
     2218               </p>
     2219               <p id="rfc.section.6.2.5.p.4">A server that sends a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> initiate a lingering close of the connection after it sends the response containing <a href="#header.connection" class="smpl">close</a>. The server <em class="bcp14">MUST NOT</em> process any further requests received on that connection.
     2220               </p>
     2221               <p id="rfc.section.6.2.5.p.5">A client that receives a <a href="#header.connection" class="smpl">close</a> connection option <em class="bcp14">MUST</em> cease sending requests on that connection and close the connection after reading the response message containing the close;
     2222                  if additional pipelined requests had been sent on the connection, the client <em class="bcp14">SHOULD</em> assume that they will not be processed by the server.
     2223               </p>
     2224               <p id="rfc.section.6.2.5.p.6">If a server performs an immediate close of a TCP connection, there is a significant risk that the client will not be able
     2225                  to read the last HTTP response. If the server receives additional data from the client on a fully-closed connection, such
     2226                  as another request that was sent by the client before receiving the server's response, the server's TCP stack will send a
     2227                  reset packet to the client; unfortunately, the reset packet might erase the client's unacknowledged input buffers before they
     2228                  can be read and interpreted by the client's HTTP parser.
     2229               </p>
     2230               <p id="rfc.section.6.2.5.p.7">To avoid the TCP reset problem, a server can perform a lingering close on a connection by closing only the write side of the
     2231                  read/write connection (a half-close) and continuing to read from the connection until the connection is closed by the client
     2232                  or the server is reasonably certain that its own TCP stack has received the client's acknowledgement of the packet(s) containing
     2233                  the server's last response. It is then safe for the server to fully close the connection.
     2234               </p>
     2235               <p id="rfc.section.6.2.5.p.8">It is unknown whether the reset problem is exclusive to TCP or might also be found in other transport connection protocols.</p>
     2236            </div>
     2237         </div>
     2238         <div id="header.upgrade">
     2239            <div id="rfc.iref.u.5"></div>
     2240            <h2 id="rfc.section.6.3"><a href="#rfc.section.6.3">6.3</a>&nbsp;<a href="#header.upgrade">Upgrade</a></h2>
     2241            <p id="rfc.section.6.3.p.1">The "Upgrade" header field is intended to provide a simple mechanism for transitioning from HTTP/1.1 to some other protocol
     2242               on the same connection. A client <em class="bcp14">MAY</em> send a list of protocols in the Upgrade header field of a request to invite the server to switch to one or more of those protocols
     2243               before sending the final response. A server <em class="bcp14">MUST</em> send an Upgrade header field in <a href="p2-semantics.html#status.101" class="smpl">101 (Switching
     2244                  Protocols)</a> responses to indicate which protocol(s) are being switched to, and <em class="bcp14">MUST</em> send it in <a href="p2-semantics.html#status.426" class="smpl">426 (Upgrade Required)</a> responses to indicate acceptable protocols. A server <em class="bcp14">MAY</em> send an Upgrade header field in any other response to indicate that they might be willing to upgrade to one of the specified
     2245               protocols for a future request.
     2246            </p>
     2247            <div id="rfc.figure.u.57"></div><pre class="inline"><span id="rfc.iref.g.93"></span>  <a href="#header.upgrade" class="smpl">Upgrade</a>          = 1#<a href="#header.upgrade" class="smpl">protocol</a>
    21182248
    21192249  <a href="#header.upgrade" class="smpl">protocol</a>         = <a href="#header.upgrade" class="smpl">protocol-name</a> ["/" <a href="#header.upgrade" class="smpl">protocol-version</a>]
     
    21212251  <a href="#header.upgrade" class="smpl">protocol-version</a> = <a href="#rule.token.separators" class="smpl">token</a>
    21222252</pre><p id="rfc.section.6.3.p.3">For example,</p>
    2123       <div id="rfc.figure.u.58"></div><pre class="text">  Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
     2253            <div id="rfc.figure.u.58"></div><pre class="text">  Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
    21242254</pre><p id="rfc.section.6.3.p.5">Upgrade eases the difficult transition between incompatible protocols by allowing the client to initiate a request in the
    2125          more commonly supported protocol while indicating to the server that it would like to use a "better" protocol if available
    2126          (where "better" is determined by the server, possibly according to the nature of the request method or target resource).
    2127       </p>
    2128       <p id="rfc.section.6.3.p.6">Upgrade cannot be used to insist on a protocol change; its acceptance and use by the server is optional. The capabilities
    2129          and nature of the application-level communication after the protocol change is entirely dependent upon the new protocol chosen,
    2130          although the first action after changing the protocol <em class="bcp14">MUST</em> be a response to the initial HTTP request that contained the Upgrade header field.
    2131       </p>
    2132       <p id="rfc.section.6.3.p.7">For example, if the Upgrade header field is received in a GET request and the server decides to switch protocols, then it <em class="bcp14">MUST</em> first respond with a <a href="p2-semantics.html#status.101" class="smpl">101 (Switching Protocols)</a> message in HTTP/1.1 and then immediately follow that with the new protocol's equivalent of a response to a GET on the target
    2133          resource. This allows a connection to be upgraded to protocols with the same semantics as HTTP without the latency cost of
    2134          an additional round-trip. A server <em class="bcp14">MUST NOT</em> switch protocols unless the received message semantics can be honored by the new protocol; an OPTIONS request can be honored
    2135          by any protocol.
    2136       </p>
    2137       <p id="rfc.section.6.3.p.8">When Upgrade is sent, a sender <em class="bcp14">MUST</em> also send a <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.7" title="Connection">Section&nbsp;6.1</a>) that contains the "upgrade" connection option, in order to prevent Upgrade from being accidentally forwarded by intermediaries
    2138          that might not implement the listed protocols. A server <em class="bcp14">MUST</em> ignore an Upgrade header field that is received in an HTTP/1.0 request.
    2139       </p>
    2140       <p id="rfc.section.6.3.p.9">The Upgrade header field only applies to switching application-level protocols on the existing connection; it cannot be used
    2141          to switch to a protocol on a different connection. For that purpose, it is more appropriate to use a <a href="p2-semantics.html#status.3xx" class="smpl">3xx (Redirection)</a> response (<a href="p2-semantics.html#status.3xx" title="Redirection 3xx">Section 7.4</a> of <a href="#Part2" id="rfc.xref.Part2.29"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
    2142       </p>
    2143       <p id="rfc.section.6.3.p.10">This specification only defines the protocol name "HTTP" for use by the family of Hypertext Transfer Protocols, as defined
    2144          by the HTTP version rules of <a href="#http.version" title="Protocol Versioning">Section&nbsp;2.6</a> and future updates to this specification. Additional tokens can be registered with IANA using the registration procedure defined
    2145          in <a href="#upgrade.token.registry" title="Upgrade Token Registry">Section&nbsp;7.6</a>.
    2146       </p>
    2147       <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1>
    2148       <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a id="header.field.registration" href="#header.field.registration">Header Field Registration</a></h2>
    2149       <p id="rfc.section.7.1.p.1">HTTP header fields are registered within the Message Header Field Registry <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a> maintained by IANA at &lt;<a href="http://www.iana.org/assignments/message-headers/message-header-index.html">http://www.iana.org/assignments/message-headers/message-header-index.html</a>&gt;.
    2150       </p>
    2151       <p id="rfc.section.7.1.p.2">This document defines the following HTTP header fields, so their associated registry entries shall be updated according to
    2152          the permanent registrations below:
    2153       </p>
    2154       <div id="rfc.table.1">
    2155          <div id="iana.header.registration.table"></div>
    2156          <table class="tt full left" cellpadding="3" cellspacing="0">
    2157             <thead>
    2158                <tr>
    2159                   <th>Header Field Name</th>
    2160                   <th>Protocol</th>
    2161                   <th>Status</th>
    2162                   <th>Reference</th>
    2163                </tr>
    2164             </thead>
    2165             <tbody>
    2166                <tr>
    2167                   <td class="left">Connection</td>
    2168                   <td class="left">http</td>
    2169                   <td class="left">standard</td>
    2170                   <td class="left"> <a href="#header.connection" id="rfc.xref.header.connection.8" title="Connection">Section&nbsp;6.1</a>
    2171                   </td>
    2172                </tr>
    2173                <tr>
    2174                   <td class="left">Content-Length</td>
    2175                   <td class="left">http</td>
    2176                   <td class="left">standard</td>
    2177                   <td class="left"> <a href="#header.content-length" id="rfc.xref.header.content-length.1" title="Content-Length">Section&nbsp;3.3.2</a>
    2178                   </td>
    2179                </tr>
    2180                <tr>
    2181                   <td class="left">Host</td>
    2182                   <td class="left">http</td>
    2183                   <td class="left">standard</td>
    2184                   <td class="left"> <a href="#header.host" id="rfc.xref.header.host.2" title="Host">Section&nbsp;5.4</a>
    2185                   </td>
    2186                </tr>
    2187                <tr>
    2188                   <td class="left">TE</td>
    2189                   <td class="left">http</td>
    2190                   <td class="left">standard</td>
    2191                   <td class="left"> <a href="#header.te" id="rfc.xref.header.te.3" title="TE">Section&nbsp;4.3</a>
    2192                   </td>
    2193                </tr>
    2194                <tr>
    2195                   <td class="left">Trailer</td>
    2196                   <td class="left">http</td>
    2197                   <td class="left">standard</td>
    2198                   <td class="left"> <a href="#header.trailer" id="rfc.xref.header.trailer.1" title="Trailer">Section&nbsp;4.1.1</a>
    2199                   </td>
    2200                </tr>
    2201                <tr>
    2202                   <td class="left">Transfer-Encoding</td>
    2203                   <td class="left">http</td>
    2204                   <td class="left">standard</td>
    2205                   <td class="left"> <a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.3" title="Transfer-Encoding">Section&nbsp;3.3.1</a>
    2206                   </td>
    2207                </tr>
    2208                <tr>
    2209                   <td class="left">Upgrade</td>
    2210                   <td class="left">http</td>
    2211                   <td class="left">standard</td>
    2212                   <td class="left"> <a href="#header.upgrade" id="rfc.xref.header.upgrade.1" title="Upgrade">Section&nbsp;6.3</a>
    2213                   </td>
    2214                </tr>
    2215                <tr>
    2216                   <td class="left">Via</td>
    2217                   <td class="left">http</td>
    2218                   <td class="left">standard</td>
    2219                   <td class="left"> <a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section&nbsp;5.7</a>
    2220                   </td>
    2221                </tr>
    2222             </tbody>
    2223          </table>
     2255               more commonly supported protocol while indicating to the server that it would like to use a "better" protocol if available
     2256               (where "better" is determined by the server, possibly according to the nature of the request method or target resource).
     2257            </p>
     2258            <p id="rfc.section.6.3.p.6">Upgrade cannot be used to insist on a protocol change; its acceptance and use by the server is optional. The capabilities
     2259               and nature of the application-level communication after the protocol change is entirely dependent upon the new protocol chosen,
     2260               although the first action after changing the protocol <em class="bcp14">MUST</em> be a response to the initial HTTP request that contained the Upgrade header field.
     2261            </p>
     2262            <p id="rfc.section.6.3.p.7">For example, if the Upgrade header field is received in a GET request and the server decides to switch protocols, then it <em class="bcp14">MUST</em> first respond with a <a href="p2-semantics.html#status.101" class="smpl">101 (Switching Protocols)</a> message in HTTP/1.1 and then immediately follow that with the new protocol's equivalent of a response to a GET on the target
     2263               resource. This allows a connection to be upgraded to protocols with the same semantics as HTTP without the latency cost of
     2264               an additional round-trip. A server <em class="bcp14">MUST NOT</em> switch protocols unless the received message semantics can be honored by the new protocol; an OPTIONS request can be honored
     2265               by any protocol.
     2266            </p>
     2267            <p id="rfc.section.6.3.p.8">When Upgrade is sent, a sender <em class="bcp14">MUST</em> also send a <a href="#header.connection" class="smpl">Connection</a> header field (<a href="#header.connection" id="rfc.xref.header.connection.7" title="Connection">Section&nbsp;6.1</a>) that contains the "upgrade" connection option, in order to prevent Upgrade from being accidentally forwarded by intermediaries
     2268               that might not implement the listed protocols. A server <em class="bcp14">MUST</em> ignore an Upgrade header field that is received in an HTTP/1.0 request.
     2269            </p>
     2270            <p id="rfc.section.6.3.p.9">The Upgrade header field only applies to switching application-level protocols on the existing connection; it cannot be used
     2271               to switch to a protocol on a different connection. For that purpose, it is more appropriate to use a <a href="p2-semantics.html#status.3xx" class="smpl">3xx (Redirection)</a> response (<a href="p2-semantics.html#status.3xx" title="Redirection 3xx">Section 7.4</a> of <a href="#Part2" id="rfc.xref.Part2.29"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
     2272            </p>
     2273            <p id="rfc.section.6.3.p.10">This specification only defines the protocol name "HTTP" for use by the family of Hypertext Transfer Protocols, as defined
     2274               by the HTTP version rules of <a href="#http.version" title="Protocol Versioning">Section&nbsp;2.6</a> and future updates to this specification. Additional tokens can be registered with IANA using the registration procedure defined
     2275               in <a href="#upgrade.token.registry" title="Upgrade Token Registry">Section&nbsp;7.6</a>.
     2276            </p>
     2277         </div>
    22242278      </div>
    2225       <p id="rfc.section.7.1.p.3">Furthermore, the header field-name "Close" shall be registered as "reserved", since using that name as an HTTP header field
    2226          might conflict with the "close" connection option of the "<a href="#header.connection" class="smpl">Connection</a>" header field (<a href="#header.connection" id="rfc.xref.header.connection.9" title="Connection">Section&nbsp;6.1</a>).
    2227       </p>
    2228       <div id="rfc.table.u.1">
    2229          <table class="tt full left" cellpadding="3" cellspacing="0">
    2230             <thead>
    2231                <tr>
    2232                   <th>Header Field Name</th>
    2233                   <th>Protocol</th>
    2234                   <th>Status</th>
    2235                   <th>Reference</th>
    2236                </tr>
    2237             </thead>
    2238             <tbody>
    2239                <tr>
    2240                   <td class="left">Close</td>
    2241                   <td class="left">http</td>
    2242                   <td class="left">reserved</td>
    2243                   <td class="left"> <a href="#header.field.registration" title="Header Field Registration">Section&nbsp;7.1</a>
    2244                   </td>
    2245                </tr>
    2246             </tbody>
    2247          </table>
     2279      <div id="IANA.considerations">
     2280         <h1 id="rfc.section.7"><a href="#rfc.section.7">7.</a>&nbsp;<a href="#IANA.considerations">IANA Considerations</a></h1>
     2281         <div id="header.field.registration">
     2282            <h2 id="rfc.section.7.1"><a href="#rfc.section.7.1">7.1</a>&nbsp;<a href="#header.field.registration">Header Field Registration</a></h2>
     2283            <p id="rfc.section.7.1.p.1">HTTP header fields are registered within the Message Header Field Registry <a href="#RFC3864" id="rfc.xref.RFC3864.1"><cite title="Registration Procedures for Message Header Fields">[RFC3864]</cite></a> maintained by IANA at &lt;<a href="http://www.iana.org/assignments/message-headers/message-header-index.html">http://www.iana.org/assignments/message-headers/message-header-index.html</a>&gt;.
     2284            </p>
     2285            <p id="rfc.section.7.1.p.2">This document defines the following HTTP header fields, so their associated registry entries shall be updated according to
     2286               the permanent registrations below:
     2287            </p>
     2288            <div id="rfc.table.1">
     2289               <div id="iana.header.registration.table"></div>
     2290               <table class="tt full left" cellpadding="3" cellspacing="0">
     2291                  <thead>
     2292                     <tr>
     2293                        <th>Header Field Name</th>
     2294                        <th>Protocol</th>
     2295                        <th>Status</th>
     2296                        <th>Reference</th>
     2297                     </tr>
     2298                  </thead>
     2299                  <tbody>
     2300                     <tr>
     2301                        <td class="left">Connection</td>
     2302                        <td class="left">http</td>
     2303                        <td class="left">standard</td>
     2304                        <td class="left"><a href="#header.connection" id="rfc.xref.header.connection.8" title="Connection">Section&nbsp;6.1</a>
     2305                        </td>
     2306                     </tr>
     2307                     <tr>
     2308                        <td class="left">Content-Length</td>
     2309                        <td class="left">http</td>
     2310                        <td class="left">standard</td>
     2311                        <td class="left"><a href="#header.content-length" id="rfc.xref.header.content-length.1" title="Content-Length">Section&nbsp;3.3.2</a>
     2312                        </td>
     2313                     </tr>
     2314                     <tr>
     2315                        <td class="left">Host</td>
     2316                        <td class="left">http</td>
     2317                        <td class="left">standard</td>
     2318                        <td class="left"><a href="#header.host" id="rfc.xref.header.host.2" title="Host">Section&nbsp;5.4</a>
     2319                        </td>
     2320                     </tr>
     2321                     <tr>
     2322                        <td class="left">TE</td>
     2323                        <td class="left">http</td>
     2324                        <td class="left">standard</td>
     2325                        <td class="left"><a href="#header.te" id="rfc.xref.header.te.3" title="TE">Section&nbsp;4.3</a>
     2326                        </td>
     2327                     </tr>
     2328                     <tr>
     2329                        <td class="left">Trailer</td>
     2330                        <td class="left">http</td>
     2331                        <td class="left">standard</td>
     2332                        <td class="left"><a href="#header.trailer" id="rfc.xref.header.trailer.1" title="Trailer">Section&nbsp;4.1.1</a>
     2333                        </td>
     2334                     </tr>
     2335                     <tr>
     2336                        <td class="left">Transfer-Encoding</td>
     2337                        <td class="left">http</td>
     2338                        <td class="left">standard</td>
     2339                        <td class="left"><a href="#header.transfer-encoding" id="rfc.xref.header.transfer-encoding.3" title="Transfer-Encoding">Section&nbsp;3.3.1</a>
     2340                        </td>
     2341                     </tr>
     2342                     <tr>
     2343                        <td class="left">Upgrade</td>
     2344                        <td class="left">http</td>
     2345                        <td class="left">standard</td>
     2346                        <td class="left"><a href="#header.upgrade" id="rfc.xref.header.upgrade.1" title="Upgrade">Section&nbsp;6.3</a>
     2347                        </td>
     2348                     </tr>
     2349                     <tr>
     2350                        <td class="left">Via</td>
     2351                        <td class="left">http</td>
     2352                        <td class="left">standard</td>
     2353                        <td class="left"><a href="#header.via" id="rfc.xref.header.via.2" title="Via">Section&nbsp;5.7</a>
     2354                        </td>
     2355                     </tr>
     2356                  </tbody>
     2357               </table>
     2358            </div>
     2359            <p id="rfc.section.7.1.p.3">Furthermore, the header field-name "Close" shall be registered as "reserved", since using that name as an HTTP header field
     2360               might conflict with the "close" connection option of the "<a href="#header.connection" class="smpl">Connection</a>" header field (<a href="#header.connection" id="rfc.xref.header.connection.9" title="Connection">Section&nbsp;6.1</a>).
     2361            </p>
     2362            <div id="rfc.table.u.1">
     2363               <table class="tt full left" cellpadding="3" cellspacing="0">
     2364                  <thead>
     2365                     <tr>
     2366                        <th>Header Field Name</th>
     2367                        <th>Protocol</th>
     2368                        <th>Status</th>
     2369                        <th>Reference</th>
     2370                     </tr>
     2371                  </thead>
     2372                  <tbody>
     2373                     <tr>
     2374                        <td class="left">Close</td>
     2375                        <td class="left">http</td>
     2376                        <td class="left">reserved</td>
     2377                        <td class="left"><a href="#header.field.registration" title="Header Field Registration">Section&nbsp;7.1</a>
     2378                        </td>
     2379                     </tr>
     2380                  </tbody>
     2381               </table>
     2382            </div>
     2383            <p id="rfc.section.7.1.p.4">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
     2384         </div>
     2385         <div id="uri.scheme.registration">
     2386            <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a>&nbsp;<a href="#uri.scheme.registration">URI Scheme Registration</a></h2>
     2387            <p id="rfc.section.7.2.p.1">IANA maintains the registry of URI Schemes <a href="#RFC4395" id="rfc.xref.RFC4395.1"><cite title="Guidelines and Registration Procedures for New URI Schemes">[RFC4395]</cite></a> at &lt;<a href="http://www.iana.org/assignments/uri-schemes.html">http://www.iana.org/assignments/uri-schemes.html</a>&gt;.
     2388            </p>
     2389            <p id="rfc.section.7.2.p.2">This document defines the following URI schemes, so their associated registry entries shall be updated according to the permanent
     2390               registrations below:
     2391            </p>
     2392            <div id="rfc.table.u.2">
     2393               <table class="tt full left" cellpadding="3" cellspacing="0">
     2394                  <thead>
     2395                     <tr>
     2396                        <th>URI Scheme</th>
     2397                        <th>Description</th>
     2398                        <th>Reference</th>
     2399                     </tr>
     2400                  </thead>
     2401                  <tbody>
     2402                     <tr>
     2403                        <td class="left">http</td>
     2404                        <td class="left">Hypertext Transfer Protocol</td>
     2405                        <td class="left"><a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a></td>
     2406                     </tr>
     2407                     <tr>
     2408                        <td class="left">https</td>
     2409                        <td class="left">Hypertext Transfer Protocol Secure</td>
     2410                        <td class="left"><a href="#https.uri" title="https URI scheme">Section&nbsp;2.7.2</a></td>
     2411                     </tr>
     2412                  </tbody>
     2413               </table>
     2414            </div>
     2415         </div>
     2416         <div id="internet.media.type.http">
     2417            <h2 id="rfc.section.7.3"><a href="#rfc.section.7.3">7.3</a>&nbsp;<a href="#internet.media.type.http">Internet Media Type Registrations</a></h2>
     2418            <p id="rfc.section.7.3.p.1">This document serves as the specification for the Internet media types "message/http" and "application/http". The following
     2419               is to be registered with IANA (see <a href="#RFC4288" id="rfc.xref.RFC4288.1"><cite title="Media Type Specifications and Registration Procedures">[RFC4288]</cite></a>).
     2420            </p>
     2421            <div id="internet.media.type.message.http">
     2422               <div id="rfc.iref.m.3"></div>
     2423               <div id="rfc.iref.m.4"></div>
     2424               <h3 id="rfc.section.7.3.1"><a href="#rfc.section.7.3.1">7.3.1</a>&nbsp;<a href="#internet.media.type.message.http">Internet Media Type message/http</a></h3>
     2425               <p id="rfc.section.7.3.1.p.1">The message/http type can be used to enclose a single HTTP request or response message, provided that it obeys the MIME restrictions
     2426                  for all "message" types regarding line length and encodings.
     2427               </p>
     2428               <p id="rfc.section.7.3.1.p.2"></p>
     2429               <dl>
     2430                  <dt>Type name:</dt>
     2431                  <dd>message</dd>
     2432                  <dt>Subtype name:</dt>
     2433                  <dd>http</dd>
     2434                  <dt>Required parameters:</dt>
     2435                  <dd>none</dd>
     2436                  <dt>Optional parameters:</dt>
     2437                  <dd>version, msgtype
     2438                     <dl>
     2439                        <dt>version:</dt>
     2440                        <dd>The HTTP-version number of the enclosed message (e.g., "1.1"). If not present, the version can be determined from the first
     2441                           line of the body.
     2442                        </dd>
     2443                        <dt>msgtype:</dt>
     2444                        <dd>The message type — "request" or "response". If not present, the type can be determined from the first line of the body.</dd>
     2445                     </dl>
     2446                  </dd>
     2447                  <dt>Encoding considerations:</dt>
     2448                  <dd>only "7bit", "8bit", or "binary" are permitted</dd>
     2449                  <dt>Security considerations:</dt>
     2450                  <dd>none</dd>
     2451                  <dt>Interoperability considerations:</dt>
     2452                  <dd>none</dd>
     2453                  <dt>Published specification:</dt>
     2454                  <dd>This specification (see <a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section&nbsp;7.3.1</a>).
     2455                  </dd>
     2456                  <dt>Applications that use this media type:</dt>
     2457                  <dt>Additional information:</dt>
     2458                  <dd>
     2459                     <dl>
     2460                        <dt>Magic number(s):</dt>
     2461                        <dd>none</dd>
     2462                        <dt>File extension(s):</dt>
     2463                        <dd>none</dd>
     2464                        <dt>Macintosh file type code(s):</dt>
     2465                        <dd>none</dd>
     2466                     </dl>
     2467                  </dd>
     2468                  <dt>Person and email address to contact for further information:</dt>
     2469                  <dd>See Authors Section.</dd>
     2470                  <dt>Intended usage:</dt>
     2471                  <dd>COMMON</dd>
     2472                  <dt>Restrictions on usage:</dt>
     2473                  <dd>none</dd>
     2474                  <dt>Author/Change controller:</dt>
     2475                  <dd>IESG</dd>
     2476               </dl>
     2477            </div>
     2478            <div id="internet.media.type.application.http">
     2479               <div id="rfc.iref.m.5"></div>
     2480               <div id="rfc.iref.a.5"></div>
     2481               <h3 id="rfc.section.7.3.2"><a href="#rfc.section.7.3.2">7.3.2</a>&nbsp;<a href="#internet.media.type.application.http">Internet Media Type application/http</a></h3>
     2482               <p id="rfc.section.7.3.2.p.1">The application/http type can be used to enclose a pipeline of one or more HTTP request or response messages (not intermixed).</p>
     2483               <p id="rfc.section.7.3.2.p.2"></p>
     2484               <dl>
     2485                  <dt>Type name:</dt>
     2486                  <dd>application</dd>
     2487                  <dt>Subtype name:</dt>
     2488                  <dd>http</dd>
     2489                  <dt>Required parameters:</dt>
     2490                  <dd>none</dd>
     2491                  <dt>Optional parameters:</dt>
     2492                  <dd>version, msgtype
     2493                     <dl>
     2494                        <dt>version:</dt>
     2495                        <dd>The HTTP-version number of the enclosed messages (e.g., "1.1"). If not present, the version can be determined from the first
     2496                           line of the body.
     2497                        </dd>
     2498                        <dt>msgtype:</dt>
     2499                        <dd>The message type — "request" or "response". If not present, the type can be determined from the first line of the body.</dd>
     2500                     </dl>
     2501                  </dd>
     2502                  <dt>Encoding considerations:</dt>
     2503                  <dd>HTTP messages enclosed by this type are in "binary" format; use of an appropriate Content-Transfer-Encoding is required when
     2504                     transmitted via E-mail.
     2505                  </dd>
     2506                  <dt>Security considerations:</dt>
     2507                  <dd>none</dd>
     2508                  <dt>Interoperability considerations:</dt>
     2509                  <dd>none</dd>
     2510                  <dt>Published specification:</dt>
     2511                  <dd>This specification (see <a href="#internet.media.type.application.http" title="Internet Media Type application/http">Section&nbsp;7.3.2</a>).
     2512                  </dd>
     2513                  <dt>Applications that use this media type:</dt>
     2514                  <dt>Additional information:</dt>
     2515                  <dd>
     2516                     <dl>
     2517                        <dt>Magic number(s):</dt>
     2518                        <dd>none</dd>
     2519                        <dt>File extension(s):</dt>
     2520                        <dd>none</dd>
     2521                        <dt>Macintosh file type code(s):</dt>
     2522                        <dd>none</dd>
     2523                     </dl>
     2524                  </dd>
     2525                  <dt>Person and email address to contact for further information:</dt>
     2526                  <dd>See Authors Section.</dd>
     2527                  <dt>Intended usage:</dt>
     2528                  <dd>COMMON</dd>
     2529                  <dt>Restrictions on usage:</dt>
     2530                  <dd>none</dd>
     2531                  <dt>Author/Change controller:</dt>
     2532                  <dd>IESG</dd>
     2533               </dl>
     2534            </div>
     2535         </div>
     2536         <div id="transfer.coding.registry">
     2537            <h2 id="rfc.section.7.4"><a href="#rfc.section.7.4">7.4</a>&nbsp;<a href="#transfer.coding.registry">Transfer Coding Registry</a></h2>
     2538            <p id="rfc.section.7.4.p.1">The HTTP Transfer Coding Registry defines the name space for transfer coding names.</p>
     2539            <p id="rfc.section.7.4.p.2">Registrations <em class="bcp14">MUST</em> include the following fields:
     2540            </p>
     2541            <ul>
     2542               <li>Name</li>
     2543               <li>Description</li>
     2544               <li>Pointer to specification text</li>
     2545            </ul>
     2546            <p id="rfc.section.7.4.p.3">Names of transfer codings <em class="bcp14">MUST NOT</em> overlap with names of content codings (<a href="p2-semantics.html#content.codings" title="Content Codings">Section 3.1.2.1</a> of <a href="#Part2" id="rfc.xref.Part2.30"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>) unless the encoding transformation is identical, as is the case for the compression codings defined in <a href="#compression.codings" title="Compression Codings">Section&nbsp;4.2</a>.
     2547            </p>
     2548            <p id="rfc.section.7.4.p.4">Values to be added to this name space require IETF Review (see <a href="https://tools.ietf.org/html/rfc5226#section-4.1">Section 4.1</a> of <a href="#RFC5226" id="rfc.xref.RFC5226.1"><cite title="Guidelines for Writing an IANA Considerations Section in RFCs">[RFC5226]</cite></a>), and <em class="bcp14">MUST</em> conform to the purpose of transfer coding defined in this section. Use of program names for the identification of encoding
     2549               formats is not desirable and is discouraged for future encodings.
     2550            </p>
     2551            <p id="rfc.section.7.4.p.5">The registry itself is maintained at &lt;<a href="http://www.iana.org/assignments/http-parameters">http://www.iana.org/assignments/http-parameters</a>&gt;.
     2552            </p>
     2553         </div>
     2554         <div id="transfer.coding.registration">
     2555            <h2 id="rfc.section.7.5"><a href="#rfc.section.7.5">7.5</a>&nbsp;<a href="#transfer.coding.registration">Transfer Coding Registrations</a></h2>
     2556            <p id="rfc.section.7.5.p.1">The HTTP Transfer Coding Registry shall be updated with the registrations below:</p>
     2557            <div id="rfc.table.2">
     2558               <div id="iana.transfer.coding.registration.table"></div>
     2559               <table class="tt full left" cellpadding="3" cellspacing="0">
     2560                  <thead>
     2561                     <tr>
     2562                        <th>Name</th>
     2563                        <th>Description</th>
     2564                        <th>Reference</th>
     2565                     </tr>
     2566                  </thead>
     2567                  <tbody>
     2568                     <tr>
     2569                        <td class="left">chunked</td>
     2570                        <td class="left">Transfer in a series of chunks</td>
     2571                        <td class="left"><a href="#chunked.encoding" title="Chunked Transfer Coding">Section&nbsp;4.1</a>
     2572                        </td>
     2573                     </tr>
     2574                     <tr>
     2575                        <td class="left">compress</td>
     2576                        <td class="left">UNIX "compress" program method</td>
     2577                        <td class="left"><a href="#compress.coding" title="Compress Coding">Section&nbsp;4.2.1</a>
     2578                        </td>
     2579                     </tr>
     2580                     <tr>
     2581                        <td class="left">deflate</td>
     2582                        <td class="left">"deflate" compression mechanism (<a href="#RFC1951" id="rfc.xref.RFC1951.2"><cite title="DEFLATE Compressed Data Format Specification version 1.3">[RFC1951]</cite></a>) used inside the "zlib" data format (<a href="#RFC1950" id="rfc.xref.RFC1950.2"><cite title="ZLIB Compressed Data Format Specification version 3.3">[RFC1950]</cite></a>)
     2583                        </td>
     2584                        <td class="left"><a href="#deflate.coding" title="Deflate Coding">Section&nbsp;4.2.2</a>
     2585                        </td>
     2586                     </tr>
     2587                     <tr>
     2588                        <td class="left">gzip</td>
     2589                        <td class="left">Same as GNU zip <a href="#RFC1952" id="rfc.xref.RFC1952.2"><cite title="GZIP file format specification version 4.3">[RFC1952]</cite></a></td>
     2590                        <td class="left"><a href="#gzip.coding" title="Gzip Coding">Section&nbsp;4.2.3</a>
     2591                        </td>
     2592                     </tr>
     2593                  </tbody>
     2594               </table>
     2595            </div>
     2596         </div>
     2597         <div id="upgrade.token.registry">
     2598            <h2 id="rfc.section.7.6"><a href="#rfc.section.7.6">7.6</a>&nbsp;<a href="#upgrade.token.registry">Upgrade Token Registry</a></h2>
     2599            <p id="rfc.section.7.6.p.1">The HTTP Upgrade Token Registry defines the name space for protocol-name tokens used to identify protocols in the <a href="#header.upgrade" class="smpl">Upgrade</a> header field. Each registered protocol name is associated with contact information and an optional set of specifications that
     2600               details how the connection will be processed after it has been upgraded.
     2601            </p>
     2602            <p id="rfc.section.7.6.p.2">Registrations happen on a "First Come First Served" basis (see <a href="https://tools.ietf.org/html/rfc5226#section-4.1">Section 4.1</a> of <a href="#RFC5226" id="rfc.xref.RFC5226.2"><cite title="Guidelines for Writing an IANA Considerations Section in RFCs">[RFC5226]</cite></a>) and are subject to the following rules:
     2603            </p>
     2604            <ol>
     2605               <li>A protocol-name token, once registered, stays registered forever.</li>
     2606               <li>The registration <em class="bcp14">MUST</em> name a responsible party for the registration.
     2607               </li>
     2608               <li>The registration <em class="bcp14">MUST</em> name a point of contact.
     2609               </li>
     2610               <li>The registration <em class="bcp14">MAY</em> name a set of specifications associated with that token. Such specifications need not be publicly available.
     2611               </li>
     2612               <li>The registration <em class="bcp14">SHOULD</em> name a set of expected "protocol-version" tokens associated with that token at the time of registration.
     2613               </li>
     2614               <li>The responsible party <em class="bcp14">MAY</em> change the registration at any time. The IANA will keep a record of all such changes, and make them available upon request.
     2615               </li>
     2616               <li>The IESG <em class="bcp14">MAY</em> reassign responsibility for a protocol token. This will normally only be used in the case when a responsible party cannot
     2617                  be contacted.
     2618               </li>
     2619            </ol>
     2620            <p id="rfc.section.7.6.p.3">This registration procedure for HTTP Upgrade Tokens replaces that previously defined in <a href="https://tools.ietf.org/html/rfc2817#section-7.2">Section 7.2</a> of <a href="#RFC2817" id="rfc.xref.RFC2817.2"><cite title="Upgrading to TLS Within HTTP/1.1">[RFC2817]</cite></a>.
     2621            </p>
     2622         </div>
     2623         <div id="upgrade.token.registration">
     2624            <h2 id="rfc.section.7.7"><a href="#rfc.section.7.7">7.7</a>&nbsp;<a href="#upgrade.token.registration">Upgrade Token Registration</a></h2>
     2625            <p id="rfc.section.7.7.p.1">The HTTP Upgrade Token Registry shall be updated with the registration below:</p>
     2626            <div id="rfc.table.u.3">
     2627               <table class="tt full left" cellpadding="3" cellspacing="0">
     2628                  <thead>
     2629                     <tr>
     2630                        <th>Value</th>
     2631                        <th>Description</th>
     2632                        <th>Expected Version Tokens</th>
     2633                        <th>Reference</th>
     2634                     </tr>
     2635                  </thead>
     2636                  <tbody>
     2637                     <tr>
     2638                        <td class="left">HTTP</td>
     2639                        <td class="left">Hypertext Transfer Protocol</td>
     2640                        <td class="left">any DIGIT.DIGIT (e.g, "2.0")</td>
     2641                        <td class="left"><a href="#http.version" title="Protocol Versioning">Section&nbsp;2.6</a></td>
     2642                     </tr>
     2643                  </tbody>
     2644               </table>
     2645            </div>
     2646            <p id="rfc.section.7.7.p.2">The responsible party is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
     2647         </div>
    22482648      </div>
    2249       <p id="rfc.section.7.1.p.4">The change controller is: "IETF (iesg@ietf.org) - Internet Engineering Task Force".</p>
    2250       <h2 id="rfc.section.7.2"><a href="#rfc.section.7.2">7.2</a>&nbsp;<a id="uri.scheme.registration" href="#uri.scheme.registration">URI Scheme Registration</a></h2>
    2251       <p id="rfc.section.7.2.p.1">IANA maintains the registry of URI Schemes <a href="#RFC4395" id="rfc.xref.RFC4395.1"><cite title="Guidelines and Registration Procedures for New URI Schemes">[RFC4395]</cite></a> at &lt;<a href="http://www.iana.org/assignments/uri-schemes.html">http://www.iana.org/assignments/uri-schemes.html</a>&gt;.
    2252       </p>
    2253       <p id="rfc.section.7.2.p.2">This document defines the following URI schemes, so their associated registry entries shall be updated according to the permanent
    2254          registrations below:
    2255       </p>
    2256       <div id="rfc.table.u.2">
    2257          <table class="tt full left" cellpadding="3" cellspacing="0">
    2258             <thead>
    2259                <tr>
    2260                   <th>URI Scheme</th>
    2261                   <th>Description</th>
    2262                   <th>Reference</th>
    2263                </tr>
    2264             </thead>
    2265             <tbody>
    2266                <tr>
    2267                   <td class="left">http</td>
    2268                   <td class="left">Hypertext Transfer Protocol</td>
    2269                   <td class="left"><a href="#http.uri" title="http URI scheme">Section&nbsp;2.7.1</a></td>
    2270                </tr>
    2271                <tr>
    2272                   <td class="left">https</td>
    2273                   <td class="left">Hypertext Transfer Protocol Secure</td>
    2274                   <td class="left"><a href="#https.uri" title="https URI scheme">Section&nbsp;2.7.2</a></td>
    2275                </tr>
    2276             </tbody>
    2277          </table>
     2649      <div id="security.considerations">
     2650         <h1 id="rfc.section.8"><a href="#rfc.section.8">8.</a>&nbsp;<a href="#security.considerations">Security Considerations</a></h1>
     2651         <p id="rfc.section.8.p.1">This section is meant to inform application developers, information providers, and users of the security limitations in HTTP/1.1
     2652            as described by this document. The discussion does not include definitive solutions to the problems revealed, though it does
     2653            make some suggestions for reducing security risks.
     2654         </p>
     2655         <div id="personal.information">
     2656            <h2 id="rfc.section.8.1"><a href="#rfc.section.8.1">8.1</a>&nbsp;<a href="#personal.information">Personal Information</a></h2>
     2657            <p id="rfc.section.8.1.p.1">HTTP clients are often privy to large amounts of personal information, including both information provided by the user to
     2658               interact with resources (e.g., the user's name, location, mail address, passwords, encryption keys, etc.) and information
     2659               about the user's browsing activity over time (e.g., history, bookmarks, etc.). HTTP implementations need to prevent unintentional
     2660               leakage of this information.
     2661            </p>
     2662         </div>
     2663         <div id="abuse.of.server.log.information">
     2664            <h2 id="rfc.section.8.2"><a href="#rfc.section.8.2">8.2</a>&nbsp;<a href="#abuse.of.server.log.information">Abuse of Server Log Information</a></h2>
     2665            <p id="rfc.section.8.2.p.1">A server is in the position to save personal data about a user's requests which might identify their reading patterns or subjects
     2666               of interest. In particular, log information gathered at an intermediary often contains a history of user agent interaction,
     2667               across a multitude of sites, that can be traced to individual users.
     2668            </p>
     2669            <p id="rfc.section.8.2.p.2">HTTP log information is confidential in nature; its handling is often constrained by laws and regulations. Log information
     2670               needs to be securely stored and appropriate guidelines followed for its analysis. Anonymization of personal information within
     2671               individual entries helps, but is generally not sufficient to prevent real log traces from being re-identified based on correlation
     2672               with other access characteristics. As such, access traces that are keyed to a specific client should not be published even
     2673               if the key is pseudonymous.
     2674            </p>
     2675            <p id="rfc.section.8.2.p.3">To minimize the risk of theft or accidental publication, log information should be purged of personally identifiable information,
     2676               including user identifiers, IP addresses, and user-provided query parameters, as soon as that information is no longer necessary
     2677               to support operational needs for security, auditing, or fraud control.
     2678            </p>
     2679         </div>
     2680         <div id="attack.pathname">
     2681            <h2 id="rfc.section.8.3"><a href="#rfc.section.8.3">8.3</a>&nbsp;<a href="#attack.pathname">Attacks Based On File and Path Names</a></h2>
     2682            <p id="rfc.section.8.3.p.1">Origin servers <em class="bcp14">SHOULD</em> be careful to restrict the documents returned by HTTP requests to be only those that were intended by the server administrators.
     2683               If an HTTP server translates HTTP URIs directly into file system calls, the server <em class="bcp14">MUST</em> take special care not to serve files that were not intended to be delivered to HTTP clients. For example, UNIX, Microsoft
     2684               Windows, and other operating systems use ".." as a path component to indicate a directory level above the current one. On
     2685               such a system, an HTTP server <em class="bcp14">MUST</em> disallow any such construct in the request-target if it would otherwise allow access to a resource outside those intended
     2686               to be accessible via the HTTP server. Similarly, files intended for reference only internally to the server (such as access
     2687               control files, configuration files, and script code) <em class="bcp14">MUST</em> be protected from inappropriate retrieval, since they might contain sensitive information.
     2688            </p>
     2689         </div>
     2690         <div id="dns.related.attacks">
     2691            <h2 id="rfc.section.8.4"><a href="#rfc.section.8.4">8.4</a>&nbsp;<a href="#dns.related.attacks">DNS-related Attacks</a></h2>
     2692            <p id="rfc.section.8.4.p.1">HTTP clients rely heavily on the Domain Name Service (DNS), and are thus generally prone to security attacks based on the
     2693               deliberate misassociation of IP addresses and DNS names not protected by DNSSec. Clients need to be cautious in assuming the
     2694               validity of an IP number/DNS name association unless the response is protected by DNSSec (<a href="#RFC4033" id="rfc.xref.RFC4033.1"><cite title="DNS Security Introduction and Requirements">[RFC4033]</cite></a>).
     2695            </p>
     2696         </div>
     2697         <div id="attack.intermediaries">
     2698            <h2 id="rfc.section.8.5"><a href="#rfc.section.8.5">8.5</a>&nbsp;<a href="#attack.intermediaries">Intermediaries and Caching</a></h2>
     2699            <p id="rfc.section.8.5.p.1">By their very nature, HTTP intermediaries are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks.
     2700               Compromise of the systems on which the intermediaries run can result in serious security and privacy problems. Intermediaries
     2701               have access to security-related information, personal information about individual users and organizations, and proprietary
     2702               information belonging to users and content providers. A compromised intermediary, or an intermediary implemented or configured
     2703               without regard to security and privacy considerations, might be used in the commission of a wide range of potential attacks.
     2704            </p>
     2705            <p id="rfc.section.8.5.p.2">Intermediaries that contain a shared cache are especially vulnerable to cache poisoning attacks.</p>
     2706            <p id="rfc.section.8.5.p.3">Implementers need to consider the privacy and security implications of their design and coding decisions, and of the configuration
     2707               options they provide to operators (especially the default configuration).
     2708            </p>
     2709            <p id="rfc.section.8.5.p.4">Users need to be aware that intermediaries are no more trustworthy than the people who run them; HTTP itself cannot solve
     2710               this problem.
     2711            </p>
     2712         </div>
     2713         <div id="attack.protocol.element.size.overflows">
     2714            <h2 id="rfc.section.8.6"><a href="#rfc.section.8.6">8.6</a>&nbsp;<a href="#attack.protocol.element.size.overflows">Protocol Element Size Overflows</a></h2>
     2715            <p id="rfc.section.8.6.p.1">Because HTTP uses mostly textual, character-delimited fields, attackers can overflow buffers in implementations, and/or perform
     2716               a Denial of Service against implementations that accept fields with unlimited lengths.
     2717            </p>
     2718            <p id="rfc.section.8.6.p.2">To promote interoperability, this specification makes specific recommendations for minimum size limits on request-line (<a href="#request.line" title="Request Line">Section&nbsp;3.1.1</a>) and blocks of header fields (<a href="#header.fields" title="Header Fields">Section&nbsp;3.2</a>). These are minimum recommendations, chosen to be supportable even by implementations with limited resources; it is expected
     2719               that most implementations will choose substantially higher limits.
     2720            </p>
     2721            <p id="rfc.section.8.6.p.3">This specification also provides a way for servers to reject messages that have request-targets that are too long (<a href="p2-semantics.html#status.414" title="414 URI Too Long">Section 7.5.12</a> of <a href="#Part2" id="rfc.xref.Part2.31"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>) or request entities that are too large (<a href="p2-semantics.html#status.4xx" title="Client Error 4xx">Section 7.5</a> of <a href="#Part2" id="rfc.xref.Part2.32"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>).
     2722            </p>
     2723            <p id="rfc.section.8.6.p.4">Recipients <em class="bcp14">SHOULD</em> carefully limit the extent to which they read other fields, including (but not limited to) request methods, response status
     2724               phrases, header field-names, and body chunks, so as to avoid denial of service attacks without impeding interoperability.
     2725            </p>
     2726         </div>
    22782727      </div>
    2279       <h2 id="rfc.section.7.3"><a href="#rfc.section.7.3">7.3</a>&nbsp;<a id="internet.media.type.http" href="#internet.media.type.http">Internet Media Type Registrations</a></h2>
    2280       <p id="rfc.section.7.3.p.1">This document serves as the specification for the Internet media types "message/http" and "application/http". The following
    2281          is to be registered with IANA (see <a href="#RFC4288" id="rfc.xref.RFC4288.1"><cite title="Media Type Specifications and Registration Procedures">[RFC4288]</cite></a>).
    2282       </p>
    2283       <div id="rfc.iref.m.3"></div>
    2284       <div id="rfc.iref.m.4"></div>
    2285       <h3 id="rfc.section.7.3.1"><a href="#rfc.section.7.3.1">7.3.1</a>&nbsp;<a id="internet.media.type.message.http" href="#internet.media.type.message.http">Internet Media Type message/http</a></h3>
    2286       <p id="rfc.section.7.3.1.p.1">The message/http type can be used to enclose a single HTTP request or response message, provided that it obeys the MIME restrictions
    2287          for all "message" types regarding line length and encodings.
    2288       </p>
    2289       <p id="rfc.section.7.3.1.p.2"> </p>
    2290       <dl>
    2291          <dt>Type name:</dt>
    2292          <dd>message</dd>
    2293          <dt>Subtype name:</dt>
    2294          <dd>http</dd>
    2295          <dt>Required parameters:</dt>
    2296          <dd>none</dd>
    2297          <dt>Optional parameters:</dt>
    2298          <dd>version, msgtype
    2299             <dl>
    2300                <dt>version:</dt>
    2301                <dd>The HTTP-version number of the enclosed message (e.g., "1.1"). If not present, the version can be determined from the first
    2302                   line of the body.
    2303                </dd>
    2304                <dt>msgtype:</dt>
    2305                <dd>The message type — "request" or "response". If not present, the type can be determined from the first line of the body.</dd>
    2306             </dl>
    2307          </dd>
    2308          <dt>Encoding considerations:</dt>
    2309          <dd>only "7bit", "8bit", or "binary" are permitted</dd>
    2310          <dt>Security considerations:</dt>
    2311          <dd>none</dd>
    2312          <dt>Interoperability considerations:</dt>
    2313          <dd>none</dd>
    2314          <dt>Published specification:</dt>
    2315          <dd>This specification (see <a href="#internet.media.type.message.http" title="Internet Media Type message/http">Section&nbsp;7.3.1</a>).
    2316          </dd>
    2317          <dt>Applications that use this media type:</dt>
    2318          <dt>Additional information:</dt>
    2319          <dd>
    2320             <dl>
    2321                <dt>Magic number(s):</dt>
    2322                <dd>none</dd>
    2323                <dt>File extension(s):</dt>
    2324                <dd>none</dd>
    2325                <dt>Macintosh file type code(s):</dt>
    2326                <dd>none</dd>
    2327             </dl>
    2328          </dd>
    2329          <dt>Person and email address to contact for further information:</dt>
    2330          <dd>See Authors Section.</dd>
    2331          <dt>Intended usage:</dt>
    2332          <dd>COMMON</dd>
    2333          <dt>Restrictions on usage:</dt>
    2334          <dd>none</dd>
    2335          <dt>Author/Change controller:</dt>
    2336          <dd&g