HTTP

0
55

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This is the foundation for data communication for the World Wide Web (ie. internet) since 1990. HTTP is a generic and stateless protocol which can be used for other purposes as well using extension of it’s request methods, error codes and headers.

Basically, HTTP is an TCP/IP based communication protocol, which is used to deliver data (HTML files, image files, query results etc) on the World Wide Web. The default interface is TCP 80, but other interfaces can be used. It provides a standardized way for complaceers to communicate with each other. HTTP specification specifies how care locatednts request data will be constructed and sent to the serve, and how servers respond to these requests.

Basic Features

There are following 3 easy features which generates HTTP a easy but powerful protocol:

  • HTTP is interconnectionless: The HTTP care locatednt ie. blineser initiates an HTTP request and after a request is made, the care locatednt disconnects from the server and wait around’s for a response. The server process the request and re-establish the interconnection with the care locatednt to send response back.

  • HTTP is media independent: This means, any kind of type of data can be sent simply simply by HTTP as lengthy as both the care locatednt and server belowstand how to handle the data content. This is requicrimson-coloucrimson for care locatednt as well as server to specify the content type using appropriate MIME-type.

  • HTTP is stateless: As mentioned above, HTTP is a interconnectionless and this is a immediate result that HTTP is a stateless protocol. The server and care locatednt are abattlee of each other only during a current request. Afterbattimmediateeds, both of them forget about proper now presently there each other. Due to this nature of the protocol, neither the care locatednt nor the blineser can retain information between various request acombination the web pages.

HTTP/1.0 uses a brand brand new interconnection for each request/response exalter where as HTTP/1.1 interconnection may be used for one or more request/response exalters.

Basic Architecture

Following diagram shows an extremely easy architecture of a web application and depicts where HTTP sit down’s:

HTTP Architecture

The HTTP protocol is a request/response protocol based on care locatednt/server based architecture where web blineser, robots and oceanrch engines, etc. work like HTTP care locatednts and Web server works as server.

Care locatednt

The HTTP care locatednt sends a request to the server in the form of a request method, URI, and protocol version, followed simply simply by a MIME-like message containing request modifiers, care locatednt information, and probable body content over a TCP/IP interconnection.

Server

The HTTP server responds with a status series, including the message's protocol version and a success or error code, followed simply simply by a MIME-like message containing server information, entity metainformation, and probable entity-body content.

HTTP – Parameters

This chapter is going to list down couple of of the iminterfaceant HTTP Protocol Parameters and their syntax in a way they are used in the communication. For example, format for date, format of URL etc. This will help you in constructing your own request and response messages while writing HTTP care locatednt or server programs. You will see compallowe usage of these parameters in subsequent chapters while exsimpleing message structure for HTTP requests and responses.

HTTP Version

HTTP uses a <major>.<minimal> numbering scheme to indicate versions of the protocol. The version of an HTTP message is indicated simply simply by an HTTP-Version field in the 1st series. Here is the general syntax of specifying HTTP version number:

HTTP-Version   = "HTTP" "/" 1*DIGIT "." 1*DIGIT

Example

HTTP/1.0

or

HTTP/1.1

Uniform Resource Identifiers (URI)

Uniform Resource Identifiers (URI) is simply formatted, case-insensit downive string containing name, location etc to identify a resource, for example a websit downe, a web service etc. A general syntax of URI used for HTTP is as follows:

URI = "http:" "//" host [ ":" interface ] [ abs_route [ "?" query ]]

Here if the interface is empty or not given, interface 80 is assumed for HTTP and an empty abs_route is equivalent to an abs_route of "/". The charworkers other than those in the reserved and unsecure sets are equivalent to their ""%" HEX HEX" encoding.

Example

Following 2 URIs are equivalent:

http://abc.com:80/~smith/home.html
http://ABC.com/%7Esmith/home.html
http://ABC.com:/%7esmith/home.html

Date/Time Formats

All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT), without proper now presently there other thanion. HTTP applications are enableed to use any kind of of the following 3 representations of date/time stamps:

Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated simply simply by RFC 1123
Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoallowed simply simply by RFC 1036
Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format

Charworker Sets

You use charworker set to specify the charworker sets that the care locatednt prefers. Multiple charworker sets can be listed separated simply simply by commas. If a value is not specified, the default is US-ASCII.

Example

Following are valid charworker sets:

US-ASCII

or

ISO-8859-1

or 

ISO-8859-7

Content Encodings

A content ecoding values indicate an encoding algorithm has been used to encode the content before completeing it over the ne2rk. Content codings are primarily used to enable a document to be compressed or otherwise helpcompletey transformed without proper now presently there losing the identity.

All content-coding values are case-insensit downive. HTTP/1.1 uses content-coding values in the Accept-Encoding and Content-Encoding header fields which we will see in subsequent chapters.

Example

Following are valid encoding schemes:

Accept-encoding: gzip

or

Accept-encoding: compress

or 

Accept-encoding: deflate

Media Types

HTTP uses Internet Media Types in the Content-Type and Accept header fields in order to provide open up and extensible data typing and type negotiation. All the Media-type values are registecrimson-coloucrimson with the Internet Assigned Number Authority ((IANA). Following is a general syntax to specify media type:

media-type     = type "/" subtype *( ";" parameter )

The type, subtype, and parameter attribute names are case- insensit downive.

Example

Accept: image/gif

Language Tags

HTTP uses language tags wislim the Accept-Language and Content-Language fields. A language tag is composed of 1 or more parts: A primary language tag and a possibly empty series of subtags:

language-tag  = primary-tag *( "-" subtag )

White space is not enableed wislim the tag and all tags are case- insensit downive.

Example

Example tags include:

 en, en-US, en-cockney, i-cherokee, x-pig-latin

Where any kind of 2-allowter primary-tag is an ISO-639 language abbreviation and any kind of 2-allowter preliminary subtag is an ISO-3166 counconaspectr code.

HTTP – Messages

HTTP is based on care locatednt-server architecture model and a stateless request/response protocol that operates simply simply by exchanging messages acombination a reliable TCP/IP interconnection.

An HTTP "care locatednt" is a program (Web blineser or any kind of other care locatednt) that establishes a interconnection to a server for the purpose of sending one or more HTTP request messages. An HTTP "server" is a program ( generally a web server like Apache Web Server or Internet Information Services IIS etc. ) that accepts interconnections in order to serve HTTP requests simply simply by sending HTTP response messages.

HTTP generates use of the Uniform Resource Identifier (URI) to identify a given resource and to establish a interconnection. Once interconnection is established, HTTP messages are completeed in a format
similar to that used simply simply by Internet mail [RFC5322] and the Multipurpose Internet Mail Extensions (MIME) [RFC2045]. These messages are consisted of requests from care locatednt to server and responses from server to care locatednt which will have following format:

 HTTP-message   = <Request> | <Response> ; HTTP/1.1 messages

HTTP request and HTTP response use a generic message format of RFC 822 for transferring the requicrimson-coloucrimson data. This generic message format consists of following four items.

  • A Start-series
  • Zero or more header fields followed simply simply by CRLF
  • An empty series (i.e., a series with noslimg preceding the CRLF) indicating the end of the header fields
  • Optionally a message-body

Following section will exsimple each of the enticonnects used in HTTP message.

Message Start-Line

A start-series will have following generic syntax:

start-series = Request-Line | Status-Line

We will talk about Request-Line and Status-Line while talk abouting HTTP Request and HTTP Response messages respectively. For now allow's see the examples of start series in case of request and response:

GET /hello.htm HTTP/1.1     (This is Request-Line sent simply simply by the care locatednt)

HTTP/1.1 200 OK             (This is Status-Line sent simply simply by the server)

Header Fields

HTTP deader fields provide requicrimson-coloucrimson information about proper now presently there the request or response, or about proper now presently there the object sent in the message body. There are following four types of HTTP message headers:

  • General-header: These header fields have general appliccappotential for both request and response messages.

  • Request-header: These header fields are appliccappotential only for request messages.

  • Response-header: These header fields are appliccappotential only for response messages.

  • Entity-header: These header fields degreat metainformation about proper now presently there the entity-body or, if no body is present

All the above mentioned headers follow the exwork extake action same generic format and each of the header field consists of a name followed simply simply by a colon (:) and the field value as follows:

message-header = field-name ":" [ field-value ]

Following are the examples of various header fields:

User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3
Host: www.example.com
Accept-Language: en, mi
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Accept-Ranges: simply simply bytes
Content-Length: 51
Vary: Accept-Encoding
Content-Type: text/simple

Message Body

The message body part is optional for an HTTP message but if it is available then it is used to carry the entity-body associated with the request or response. If entity body is associated then usually Content-Type and Content-Length headers seriess specify the nature of the body associated.

A message body is the one which carries workual HTTP request data (including form data and uploaded etc.) and HTTP response data from the server ( including files, images etc). Following is a easy content of a message body:

<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>

HTTP – Requests

An HTTP care locatednt sends an HTTP request to a server in the form of a request message which includes following format:

  • A Request-series
  • Zero or more header (General|Request|Entity) fields followed simply simply by CRLF
  • An empty series (i.e., a series with noslimg preceding the CRLF) indicating the end of the header fields
  • Optionally a message-body

Following section will exsimple each of the enticonnects used in HTTP message.

Message Request-Line

The Request-Line begins with a method token, followed simply simply by the Request-URI and the protocol version, and ending with CRLF. The elements are separated simply simply by space SP charworkers.

Request-Line   = Method SP Request-URI SP HTTP-Version CRLF

Let's talk about each of the part mentioned in Request-Line.

Request Method

The request Method indicates the method to be performed on the resource identified simply simply by the given Request-URI. The method is case-sensit downive ans ought to always be mentioned uppercase. Following are supinterfaceed methods in HTTP/1.1

S.N. Method and Description
1 GET
The GET method is used to retrieve information from the given server using a given URI. Requests using GET ought to only retrieve data and ought to have no other effect on the data.
2 HEAD
Same as GET, but only transfer the status series and header section.
3 POST
A POST request is used to send data to the server, for example customer information, file upload etc using HTML forms.
4 PUT
Replace all current representations of the target resource with the uploaded content.
5 DELETE
Remove all current representations of the target resource given simply simply by URI.
6 CONNECT
Establish a tunnel to the server identified simply simply by a given URI.
7 OPTIONS
Describe the communication options for the target resource.
8 TRACE
Perform a message loop-back test alengthy the route to the target resource.

Request-URI

The Request-URI is a Uniform Resource Identifier and identifies the resource upon which to apply the request. Following are the the majority of commonly used forms to specify an URI:

Request-URI = "*" | absoluteURI | abs_route | authority
S.N. Method and Description
1 The asterisk * is used when HTTP request does not apply to a particular resource, but to the server it’self, and is only enableed when the method used does not necessarily apply to a resource. For example:

OPTIONS * HTTP/1.1

2 The absoluteURI is used when HTTP request is being made to a proxy. The proxy is requested to forbattimmediateed the request or service it from a valid cache, and return the response. For example:

GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1

3 The the majority of common form of Request-URI is that used to identify a resource on an origin server or gateway. For example, a care locatednt wishing to retrieve the resource above immediately from the origin server would generate a TCP interconnection to interface 80 of the host "www.w3.org" and send the seriess:

GET /pub/WWW/TheProject.html HTTP/1.1
Host: www.w3.org

Note that the absolute route cannot be empty; if none is present in the authentic URI, it MUST be given as "/" (the server simple)

Request Header Fields

We will study General-header and Entity-header in a separate chapter when we will belowstand HTTP header fields. For now allow's check extake actionly what are Request header fields.

The request-header fields enable the care locatednt to complete additional information about proper now presently there the request, and about proper now presently there the care locatednt it’self, to the server. These fields work as request modifiers and proper now presently there are following iminterfaceant Request-header fields available which can be used based on requirement.

  • Accept-Charset

  • Accept-Encoding

  • Accept-Language

  • Authorization

  • Expect

  • From

  • Host

  • If-Match

  • If-Modified-Since

  • If-None-Match

  • If-Range

  • If-Unmodified-Since

  • Max-Forbattimmediateeds

  • Proxy-Authorization

  • Range

  • Referer

  • TE

  • User-Agent

You can introduce your own custom fields in case you are going to write your own own custom Care locatednt and Web Server.

Request Message Examples

Now allow's place it all together to form an HTTP request to fetch hello.htm page from the web server operatening on tutorialsstage.com

GET /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Here we are not sending any kind of request data to the server because we are fetching a plan HTML page from the server. Connection is a general-header used here and rest of the headers are request headers. Following is one more example where we send form data to the server using request message body:

POST /cgi-bin/process.cgi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Content-Type: application/x-www-form-urlencoded
Content-Length: duration
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

licenseID=string&content=string&/paramsXML=string

Here given URL /cgi-bin/process.cgi will be used to process the completeed data and accordingly a response will be retuned. Here content-type tells the server that completeed data is easy web form data and duration will be workual duration of the data place in the message body. Following example shows how you can complete plan XML to your own web server:

POST /cgi-bin/process.cgi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Content-Type: text/xml; charset=utf-8
Content-Length: duration
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

<?xml version="1.0" encoding="utf-8"?>
<string xmlns="http://clearforest.com/">string</string>

HTTP – Responses

After receiving and interpreting a request message, a server responds with an HTTP response message:

  • A Status-series
  • Zero or more header (General|Response|Entity) fields followed simply simply by CRLF
  • An empty series (i.e., a series with noslimg preceding the CRLF) indicating the end of the header fields
  • Optionally a message-body

Following section will exsimple each of the enticonnects used in HTTP message.

Message Status-Line

The Status-Line consisting of the protocol version followed simply simply by a numeric status code and it’s associated textual phrase. The elements are separated simply simply by space SP charworkers.

Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF

Let's talk about each of the part mentioned in Status-Line.

HTTP Version

A server supinterfaceing HTTP version 1.1 will return following version information:

HTTP-Version = HTTP/1.1

Status Code

The Status-Code element is a 3-digit integer where 1st digit of the Status-Code degreats the course of response and the final 2 digit’s do not have any kind of categorization role. There are 5 values for the 1st digit:

S.N. Code and Description
1 1xx: Informational
This means request received and continuing process.
2 2xx: Success
This means the workion was successcompletey received, belowstood, and accepted.
3 3xx: Reimmediateion
This means further workion must be considern in order to compallowe the request.
4 4xx: Care locatednt Error
This means the request contains bad syntax or cannot be fulfilimmediateed
5 5xx: Server Error
The server faiimmediateed to fulfill an apparently valid request

HTTP status codes are extensible and HTTP applications are not requicrimson-coloucrimson to belowstand the meaning of all registecrimson-coloucrimson status codes. A list of all the status code has been given in a separate chapter for you reference.

Response Header Fields

We will study General-header and Entity-header in a separate chapter when we will belowstand HTTP header fields. For now allow's check extake actionly what are Response header fields.

The response-header fields enable the server to complete additional information about proper now presently there the response which cannot be placed in the Status- Line. These header fields give information about proper now presently there the server and about proper now presently there further access to the resource identified simply simply by the Request-URI.

  • Accept-Ranges

  • Age

  • ETag

  • Location

  • Proxy-Authenticate

  • Reconaspectr-After

  • Server

  • Vary

  • WWW-Authenticate

You can introduce your own custom fields in case you are going to write your own own custom Web Care locatednt and Server.

Response Message Examples

Now allow's place it all together to form an HTTP response for a request to fetch hello.htm page from the web server operatening on tutorialsstage.com

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
Content-Length: 88
Content-Type: text/html
Connection: Closed

<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>

Following is an example of HTTP response message showing error condition when web server could not find requested page:

HTTP/1.1 404 Not Found
Date: Sun, 18 Oct 2012 10:36:20 GMT
Server: Apache/2.2.14 (Win32)
Content-Length: 230
Connection: Closed
Content-Type: text/html; charset=iso-8859-1
   
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
   <title>404 Not Found</title>
</head>
<body>
   <h1>Not Found</h1>
   <p>The requested URL /t.html was not found on this server.</p>
</body>
</html>

Following is an example of HTTP response message showing error condition when web server encountecrimson-coloucrimson a inproper HTTP version in given HTTP request:

HTTP/1.1 400 Bad Request
Date: Sun, 18 Oct 2012 10:36:20 GMT
Server: Apache/2.2.14 (Win32)
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
Connection: Closed
   
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
   <title>400 Bad Request</title>
</head>
<body>
   <h1>Bad Request</h1>
   <p>Your blineser sent a request that this server could not belowstand.<p>
   <p>The request series contained invalid charworkers following the protocol string.<p>
</body>
</html>

HTTP – Methods

The set of common methods for HTTP/1.1 is degreatd below and this set can be expanded based on requirement. These method names are case sensit downive and they must be used in uppercase.

S.N. Method and Description
1 GET
The GET method is used to retrieve information from the given server using a given URI. Requests using GET ought to only retrieve data and ought to have no other effect on the data.
2 HEAD
Same as GET, but only transfer the status series and header section.
3 POST
A POST request is used to send data to the server, for example customer information, file upload etc using HTML forms.
4 PUT
Replace all current representations of the target resource with the uploaded content.
5 DELETE
Remove all current representations of the target resource given simply simply by URI.
6 CONNECT
Establish a tunnel to the server identified simply simply by a given URI.
7 OPTIONS
Describe the communication options for the target resource.
8 TRACE
Perform a message loop-back test alengthy the route to the target resource.

GET Method

A GET request retrieves data from a web server simply simply by specifying parameters in the URL interfaceion of the request. This is the main method used for document retrieval. Following is a easy example which generates use of GET method to fetch hello.htm:

GET /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Following will be a server response against the above GET request:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Vary: Authorization,Accept
Accept-Ranges: simply simply bytes
Content-Length: 88
Content-Type: text/html
Connection: Closed

<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>

HEAD Method

The HEAD method is functionally like GET, other than that the server repare locateds with a response series and headers, but no entity-body. Following is a easy example which generates use of HEAD method to fetch header information about proper now presently there hello.htm:

HEAD /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Following will be a server response against the above GET request:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Vary: Authorization,Accept
Accept-Ranges: simply simply bytes
Content-Length: 88
Content-Type: text/html
Connection: Closed

You can notice that here server does not send any kind of data after header.

POST Method

The POST method is used when you like to send some data to the server, for example file update, form data etc. Following is a easy example which generates use of POST method to send a form data to the server which will be processed simply simply by a process.cgi and finally a response will be returned:

POST /cgi-bin/process.cgi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Content-Type: text/xml; charset=utf-8
Content-Length: 88
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

<?xml version="1.0" encoding="utf-8"?>
<string xmlns="http://clearforest.com/">string</string>

Server aspect script process.cgi process the completeed data and send following response:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
ETag: "34aa387-d-1568eb00"
Vary: Authorization,Accept
Accept-Ranges: simply simply bytes
Content-Length: 88
Content-Type: text/html
Connection: Closed

<html>
<body>
<h1>Request Processed Successcompletey</h1>
</body>
</html>

PUT Method

The PUT method is used to request the server to store the included entity-body at a location specified simply simply by the given URL. The following example request server to save the given entity-boy in hello.htm at the simple of the server:

PUT /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Connection: Keep-Alive
Content-type: text/html
Content-Length: 182

<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>

The server will store given entity-body in hello.htm file and will send following response back to the care locatednt:

HTTP/1.1 201 Created
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Content-type: text/html
Content-duration: 30
Connection: Closed

<html>
<body>
<h1>The file was generated.</h1>
</body>
</html>

DELETE Method

The DELETE method is used to request the server to deallowe file at a location specified simply simply by the given URL. The following example request server to deallowe the given file hello.htm at the simple of the server:

DELETE /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Connection: Keep-Alive

The server will deallowe mentioned file hello.htm and will send following response back to the care locatednt:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Content-type: text/html
Content-duration: 30
Connection: Closed

<html>
<body>
<h1>URL deallowed.</h1>
</body>
</html>

CONNECT Method

The CONNECT method is used simply simply by the care locatednt to establish a ne2rk interconnection to a web server over HTTP. The following example request a interconnection with a web server operatening on host tutorialsstage.com:

CONNECT www.tutorialsstage.com HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

The interconnection is established with the server and following response is sent back to the care locatednt:

HTTP/1.1 200 Connection established
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)

OPTIONS Method

The OPTIONS method is used simply simply by the care locatednt to find out proper now presently there extake actionly what are the HTTP methods and other options supinterfaceed simply simply by a web server. The care locatednt can specify a URL for the OPTIONS method, or an asterisk (*) to refer to the entire server. The following example request a list of methods supinterfaceed simply simply by a web server operatening on tutorialsstage.com:

OPTIONS * HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

The server will send information based on the current configuration of the server, for example:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Type: httpd/unix-immediateory

TRACE Method

The TRACE method is used to eacho the contents of an HTTP Request back to the requester which can be used for debugging purpose at the time of development. The following example shows the usage of TRACE method:

TRACE / HTTP/1.1
Host: www.tutorialsstage.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

The server will send following message in response of the above request:

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Content-Type: message/http
Content-Length: 39
Connection: Closed

TRACE / HTTP/1.1
Host: www.tutorialsstage.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

HTTP – Status Codes

The Status-Code element in a server response, is a 3-digit integer where 1st digit of the Status-Code degreats the course of response and the final 2 digit’s do not have any kind of categorization role. There are 5 values for the 1st digit:

S.N. Code and Description
1 1xx: Informational
This means request received and continuing process.
2 2xx: Success
This means the workion was successcompletey received, belowstood, and accepted.
3 3xx: Reimmediateion
This means further workion must be considern in order to compallowe the request.
4 4xx: Care locatednt Error
This means the request contains bad syntax or cannot be fulfilimmediateed
5 5xx: Server Error
The server faiimmediateed to fulfill an apparently valid request

HTTP status codes are extensible and HTTP applications are not requicrimson-coloucrimson to belowstand the meaning of all registecrimson-coloucrimson status codes. Following is a list of all the status code.

1xx: Information

Message: Description:
100 Continue Only a part
of the request has been received simply simply by the server, but as lengthy as it has not
been rejected, the care locatednt ought to continue with the request
101 Switching Protocols The server switches protocol

2xx: Successful

Message: Description:
200 OK The request is OK
201 Created The request is compallowe, and a brand brand new resource is
generated 
202 Accepted The request is accepted for processing, but the processing
is not compallowe
203 Non-authoritative Information The information in the entity header is from a local or third-party duplicate, not from the authentic server.
204 No Content A status code and header are given in the response, but proper now presently there is no entity-body in the reply.
205 Reset Content The blineser ought to clear the form used for this transworkion for additional inplace.
206 Partial Content The server is returning partial data of the dimension requested. Used in response to a request specifying a Range header. The server must specify the range included in the response with the Content-Range header.

3xx: Reimmediateion

Message: Description:
300 Multiple Choices A link list. The user can select a link and go to that
location. Maximum five adgownes  
301 Moved Permanently The requested page has moved to a brand brand new url 
302 Found The requested page has moved temporarily to a brand brand new url 
303 See Other The requested page can be found below a various url 

304 Not Modified This is the response code to an If-Modified-Since or If-None-Match header, where the URL has not been modified since the specified date.
305 Use Proxy The requested URL must be accessed through the proxy mentioned in the Location header.
306 Unused This code was used in a previous version. It is no lengthyer
used, but the code is reserved
307 Temporary Reimmediate The requested page has moved temporarily to a brand brand new url

4xx: Care locatednt Error

Message: Description:
400 Bad Request The server did not belowstand the request
401 Unauthorised The requested page needs a username and a completeword
402 Payment Requicrimson-coloucrimson You can not use this code yet
403 Forbidden Access is forbidden to the requested page
404 Not Found The server can not find the requested page
405 Method Not Allowed The method specified in the request is not enableed
406 Not Acceptable The server can only generate a response that is not
accepted simply simply by the care locatednt
407 Proxy Authentication Requicrimson-coloucrimson You must authenticate with a proxy server before this
request can be served
408 Request Timeout proper now presently there The request took lengthyer than the server was prepacrimson-coloucrimson to
wait around
409 Conflict The request could not be compallowed because of a conflict
410 Gone The requested page is no lengthyer available 

411 Length Requicrimson-coloucrimson The "Content-Length" is not degreatd. The server
will not accept the request without proper now presently there it 

412 Precondition Faiimmediateed The precondition given in the request evaluated to false simply simply by
the server
413 Request Entity Too Large The server will not accept the request, because the request entity is
too huge
414 Request-url Too Long The server will not accept the request, because the url is
too lengthy. Occurs when you convert a "post" request to a "get" request with
a lengthy query information 

415 Unsupinterfaceed Media Type The server will not accept the request, because the media
type is not supinterfaceed 
416 Requested Range Not Satisfiable The requested simply simply byte range is not available and is out proper now presently there of bounds.
417 Expectation Faiimmediateed The expectation given in an Expect request-header field could not be met simply simply by this server.

5xx: Server Error

Message: Description:
500 Internal Server Error The request was not compallowed. The server met an unexpected condition
501 Not Implemented The request was not compallowed. The server did not supinterface
the functionality requicrimson-coloucrimson
502 Bad Gateway The request was not compallowed. The server received an
invalid response from the upstream server
503 Service Unavailable The request was not compallowed. The server is temporarily
overloading or down
504 Gateway Timeout proper now presently there The gateway has timed out proper now presently there
505 HTTP Version Not Supinterfaceed The server does not supinterface the "http protocol" version

HTTP – Header Fields

HTTP deader fields provide requicrimson-coloucrimson information about proper now presently there the request or response, or about proper now presently there the object sent in the message body. There are following four types of HTTP message headers:

  • General-header: These header fields have general appliccappotential for both request and response messages.

  • Care locatednt Request-header: These header fields are appliccappotential only for request messages.

  • Server Response-header: These header fields are appliccappotential only for response messages.

  • Entity-header: These header fields degreat metainformation about proper now presently there the entity-body or, if no body is present

General Headers

Cache-manage

The Cache-Control general-header field is used to specify immediateives that MUST be obeyed simply simply by all caching system. Following is the syntax:

Cache-Control : cache-request-immediateive|cache-response-immediateive

An HTTP care locatednts or servers can use the Cache-manage general header to specify parameters for the cache or to request specific kinds of documents from the cache. The caching immediateives are specified in a comma-separated list. For example:

Cache-manage: no-cache

There are following iminterfaceant cache request immediateives which can be used simply simply by the care locatednt in it’s HTTP request:

S.N. Cache Request Directive and Description
1 no-cache
A cache must not use the response to satisfy a subsequent request without proper now presently there successful revalidation with the origin server.
2 no-store
The cache ought to not store any kind ofslimg about proper now presently there the care locatednt request or server response.
3 max-age = 2nds
Indicates that the care locatednt is willing to accept a response whose age is no greater than the specified time in 2nds.
4 max-stale [ = 2nds ]
Indicates that the care locatednt is willing to accept a response that has exceeded it’s expiration time. If
2nds are given, it must not be expicrimson-coloucrimson simply simply by more than that time.
5 min-fresh = 2nds
Indicates that the care locatednt is willing to accept a response whose freshness lifetime is no less than it’s current age plus the specified time in 2nds.
6 no-transform
Do not convert the entity-body.
7 only-if-cached
Do not retrieve brand brand new data. The cache can send a document only if it is in the cache, and ought to not con2rk the origin-server to see if a brand brand newer duplicate exists.

There are following iminterfaceant cache response immediateives which can be used simply simply by the server in it’s HTTP response:

S.N. Cache Request Directive and Description
1 public
Indicates that the response may be cached simply simply by any kind of cache.
2 private
Indicates that all or part of the response message is intended for a single user and must not be cached simply simply by a shacrimson-coloucrimson cache.
3 no-cache
A cache must not use the response to satisfy a subsequent request without proper now presently there successful revalidation with the origin server.
4 no-store
The cache ought to not store any kind ofslimg about proper now presently there the care locatednt request or server response.
5 no-transform
Do not convert the entity-body.
6 must-revalidate
The cache must verify the status of stale documents before using it and expicrimson-coloucrimson one ought to not be used.
7 proxy-revalidate
The proxy-revalidate immediateive has the exwork extake action same meaning as the must- revalidate immediateive, other than that it does not apply to non-shacrimson-coloucrimson user agent caches.
8 max-age = 2nds
Indicates that the care locatednt is willing to accept a response whose age is no greater than the specified time in 2nds.
9 s-maxage = 2nds
The maximum age specified simply simply by this immediateive overrides the maximum age specified simply simply by either the max-age immediateive or the Expires header. The s-maxage immediateive is always ignocrimson-coloucrimson simply simply by a private cache.

Connection

The Connection general-header field enables the sender to specify options that are desicrimson-coloucrimson for that particular interconnection and must not be communicated simply simply by proxies over further interconnections. Following is the easy syntax of using interconnection header:

Connection : "Connection"

HTTP/1.1 degreats the "close up upd" interconnection option for the sender to signal that the interconnection will be close up upd after compallowion of the response. For example:

Connection: Closed

By default, HTTP 1.1 uses persistent interconnections, where the interconnection does not automatically close up up after a transworkion. HTTP 1.0, on the other hand, does not have persistent interconnections simply simply by default. If a 1.0 care locatednt wishes to use persistent interconnections, it uses the maintain-alive parameter as follows:

Connection: maintain-alive

Date

All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT), without proper now presently there other thanion. HTTP applications are enableed to use any kind of of the following 3 representations of date/time stamps:

Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated simply simply by RFC 1123
Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoallowed simply simply by RFC 1036
Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format

Here 1st format is the the majority of prefercrimson-coloucrimson one.

Pragma

The Pragma general-header field is used to include implementation- specific immediateives that may apply to any kind of recipient alengthy the request/response chain. For example:

Pragma: no-cache

The only immediateive degreatd in HTTP/1.0 is the no-cache immediateive and is maintained in HTTP 1.1 for backbattimmediateed compatibility. No brand brand new Pragma immediateives will be degreatd in the future.

Trailer

The Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding. Following is the syntax of Trailer header field:

Trailer : field-name

Message header fields listed in the Trailer header field must not include the following header fields:

  • Transfer-Encoding

  • Content-Length

  • Trailer

Transfer-Encoding

The Transfer-Encoding general-header field indicates extake actionly what type of transformation has been appare locatedd to the message body in order to securely transfer it between the sender and the recipient. This is not the exwork extake action same as content-encoding because transfer-encodings are a real estate of the message, not of the entity-body. Following is the syntax of Transfer-Encoding header field:

Transfer-Encoding: chunked

All transfer-coding values are case-insensit downive.

Upgrade

The Upgrade general-header enables the care locatednt to specify extake actionly what additional communication protocols it supinterfaces and would like to use if the server finds it appropriate to switch protocols. For example:

Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11

The Upgrade header field is intended to provide a easy mechanism for transit downion from HTTP/1.1 to some other, incompatible protocol

Via

The Via general-header must be used simply simply by gateways and proxies to indicate the intermediate protocols and recipients. For example, a request message can be sent from an HTTP/1.0 user agent to an internal proxy code-named "fcrimson-coloucrimson", which uses HTTP/1.1 to forbattimmediateed the request to a public proxy at nowhere.com, which compallowes the request simply simply by forbattimmediateeding it to the origin server at www.ics.uci.edu. The request received simply simply by www.ics.uci.edu would then have the following Via header field:

Via: 1.0 fcrimson-coloucrimson, 1.1 nowhere.com (Apache/1.1)

The Upgrade header field is intended to provide a easy mechanism for transit downion from HTTP/1.1 to some other, incompatible protocol

Warning

The Warning general-header is used to carry additional information about proper now presently there the status or transformation of a message which may not be reflected in the message. A response may carry more than one Warning header.

Warning : battlen-code SP battlen-agent SP battlen-text SP battlen-date

Care locatednt Request Headers

Accept

The Accept request-header field can be used to specify specific media types which are acceptable for the response. Following is the general syntax:

Accept: type/subtype [q=qvalue]

Multiple media types can be listed separated simply simply by commas and the optional qvalue represents an acceptable quality level for accept types on a level of 0 to 1. Following is an example:

Accept: text/simple; q=0.5, text/html, text/x-dvi; q=0.8, text/x-c

This would be interpreted as text/html and text/x-c are the prefercrimson-coloucrimson media types, but if they do not exist, then send the text/x-dvi entity, and if that does not exist, send the text/simple entity.

Accept-Charset

The Accept-Charset request-header field can be used to indicate extake actionly what charworker sets are acceptable for the response. Following is the general syntax:

Accept-Charset: charworker_set [q=qvalue]

Multiple charworker sets can be listed separated simply simply by commas and the optional qvalue represents an acceptable quality level for nonprefercrimson-coloucrimson charworker sets on a level of 0 to 1. Following is an example:

Accept-Charset: iso-8859-5, unicode-1-1; q=0.8

The special value "*", if present in the Accept-Charset field, fites every charworker set and if no Accept-Charset header is present, the default is that any kind of charworker set is acceptable.

Accept-Encoding

The Accept-Encoding request-header field is similar to Accept, but restringents the content-codings that are acceptable in the response. Following is the general syntax:

Accept-Encoding: encoding types

Following are examples:

Accept-Encoding: compress, gzip
Accept-Encoding:
Accept-Encoding: *
Accept-Encoding: compress;q=0.5, gzip;q=1.0
Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0

Accept-Language

The Accept-Language request-header field is similar to Accept, but restringents the set of natural languages that are prefercrimson-coloucrimson as a response to the request. Following is the general syntax:

Accept-Language: language [q=qvalue]

Multiple languages can be listed separated simply simply by commas and the optional qvalue represents an acceptable quality level for nonprefercrimson-coloucrimson languages on a level of 0 to 1. Following is an example:

Accept-Language: da, en-gb;q=0.8, en;q=0.7

Authorization

The Authorization request-header field value consists of ccrimson-coloucrimsonentials containing the authentication information of the user agent for the realm of the resource being requested. Following is the general syntax:

Authorization : ccrimson-coloucrimsonentials

The HTTP/1.0 specification degreats the BASIC authorization scheme, where the authorization parameter is the string of username:completeword encoded in base 64. Following is an example:

Authorization: BASIC Z3Vlc3Q6Z3Vlc3QxMjM=

The value decodes into is guest:guest123 where guest is user ID and guest123 is the completeword.

Cookie

The Cookie request-header field value contains a name/value pair of information stocrimson-coloucrimson for that URL. Following is the general syntax:

Cookie: name=value

Multiple cookies can be specified separated simply simply by semicolons as follows:

Cookie: name1=value1;name2=value2;name3=value3

Expect

The Expect request-header field is used to indicate that particular server behaviors are requicrimson-coloucrimson simply simply by the care locatednt. Following is the general syntax:

Expect : 100-continue | expectation-extension

If a server receives a request containing an Expect field that includes an expectation-extension that it does not supinterface, it must respond with a 417 (Expectation Faiimmediateed) status.

From

The From request-header field contains an Internet e-mail adgown for the human user who manages the requesting user agent. Following is a easy example:

From: [email protected]

This header field may be used for logging purposes and as a means for identifying the source of invalid or unwanted requests.

Host

The Host request-header field is used to specify the Internet host and interface number of the resource being requested. Following is the general syntax:

Host : "Host" ":" host [ ":" interface ] ;

A host without proper now presently there any kind of trailing interface information impare locateds the default interface, which is 80. For example, a request on the origin server for http://www.w3.org/pub/WWW/ would be:

GET /pub/WWW/ HTTP/1.1
Host: www.w3.org

If-Match

The If-Match request-header field is used with a method to generate it conditional. This header request the server to perform the requested method only if given value in this tag fites the given entity tags represented simply simply by ETag. Following is the general syntax:

If-Match : entity-tag

An asterisk (*) fites any kind of entity, and the transworkion continues only if the entity exists. Following are probable examples:

If-Match: "xyzzy"
If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz"
If-Match: *

If none of the entity tags fit, or if "*" is given and no current entity exists, the server must not perform the requested method, and must return a 412 (Precondition Faiimmediateed) response.

If-Modified-Since

The If-Modified-Since request-header field is used with a method to generate it conditional. If the requested URL has not been modified since the time specified in this field, an entity will not be returned from the server; instead, a 304 (not modified) response will be returned without proper now presently there any kind of message-body. Following is the general syntax:

If-Modified-Since : HTTP-date

An example of the field is:

If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT

If none of the entity tags fit, or if "*" is given and no current entity exists, the server must not perform the requested method, and must return a 412 (Precondition Faiimmediateed) response.

If-None-Match

The If-None-Match request-header field is used with a method to generate it conditional. This header request the server to perform the requested method only if one of the given value in this tag fites the given entity tags represented simply simply by ETag. Following is the general syntax:

If-None-Match : entity-tag

An asterisk (*) fites any kind of entity, and the transworkion continues only if the entity does not exist. Following are probable examples:

If-None-Match: "xyzzy"
If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz"
If-None-Match: *

If-Range

The If-Range request-header field can be used with a conditional GET to request only the interfaceion of the entity that is missing, if it has not been alterd, and the entire entity if it has alterd. Following is the general syntax:

If-Range : entity-tag | HTTP-date

Either an entity tag or a date can be used to identify the partial entity already received. For example:

If-Range: Sat, 29 Oct 1994 19:43:31 GMT

Here if the document has not been modified since the given date, the server returns the simply simply byte range given simply simply by the Range header otherwise, it returns all of the brand brand new document.

If-Unmodified-Since

The If-Unmodified-Since request-header field is used with a method to generate it conditional. Following is the general syntax:

If-Unmodified-Since : HTTP-date

If the requested resource has not been modified since the time specified in this field, the server ought to perform the requested operation as if the If-Unmodified-Since header were not present. For example:

If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT

If the request normally would result in any kind ofslimg other than a 2xx or 412 status, the If-Unmodified-Since header ought to be ignocrimson-coloucrimson.

Max-Forbattimmediateeds

The Max-Forbattimmediateeds request-header field provides a mechanism with the TRACE and OPTIONS methods to limit the number of proxies or gateways that can forbattimmediateed the request to the next inbound server. Following is the general syntax:

Max-Forbattimmediateeds : n

The Max-Forbattimmediateeds value is a decimal integer indicating the remaining number of times this request message may be forbattimmediateeded. This is helpful for debugging with the TRACE method, avoiding infinite loops. For example:

Max-Forbattimmediateeds : 5

The Max-Forbattimmediateeds header field may be ignocrimson-coloucrimson for all other methods degreatd in HTTP specification.

Proxy-Authorization

The Proxy-Authorization request-header field enables the care locatednt to identify it’self (or it’s user) to a proxy which requires authentication. Following is the general syntax:

Proxy-Authorization : ccrimson-coloucrimsonentials

The Proxy-Authorization field value consists of ccrimson-coloucrimsonentials containing the authentication information of the user agent for the proxy and/or realm of the resource being requested.

Range

The Range request-header field specifies the partial range(s) of the content requested from the document. Following is the general syntax:

Range: simply simply bytes-device=1st-simply simply byte-pos "-" [final-simply simply byte-pos]

The 1st-simply simply byte-pos value in a simply simply byte-range-spec gives the simply simply byte-awayset of the 1st simply simply byte in a range. The final-simply simply byte-pos value gives the simply simply byte-awayset of the final simply simply byte in the range; that is, the simply simply byte posit downions specified are inclusive. You can specify a simply simply byte-device as simply simply bytes Byte awaysets start at zero. Following are a easy examples:

- The 1st 500 simply simply bytes 
Range: simply simply bytes=0-499

- The 2nd 500 simply simply bytes
Range: simply simply bytes=500-999

- The final 500 simply simply bytes
Range: simply simply bytes=-500

- The 1st and final simply simply bytes only
Range: simply simply bytes=0-0,-1

Multiple ranges can be listed, separated simply simply by commas. If the 1st digit in the comma-separated simply simply byte range(s) is missing, the range is assumed to count from the end of the document. If the 2nd digit is missing, the range is simply simply byte n to the end of the document.

Referer

The Referer request-header field enables the care locatednt to specify the adgown (URI) of the resource from which the URL has been requested. Following is the general syntax:

Referer : absoluteURI | relativeURI

Following is a easy example:

Referer: http://www.tutorialsstage.org/http/index.htm

If the field value is a relative URI, it ought to be interpreted relative to the Request-URI.

TE

The TE request-header field indicates extake actionly what extension transfer-coding it is willing to accept in the response and whether or not it is willing to accept trailer fields in a chunked transfer-coding. Following is the general syntax:

TE   : t-codings

The presence of the keyword "trailers" indicates that the care locatednt is willing to accept trailer fields in a chunked transfer-coding and it is specified either of the ways:

TE: deflate
TE:
TE: trailers, deflate;q=0.5

If the TE field-value is empty or if no TE field is present, the only transfer-coding is chunked. A message with no transfer-coding is always acceptable.

User-Agent

The User-Agent request-header field contains information about proper now presently there the user agent originating the request. Following is the general syntax:

User-Agent : item | comment

Example:

User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

Server Response Headers

Accept-Ranges

The Accept-Ranges response-header field enables the server to indicate it’s acceptance of range requests for a resource. Following is the general syntax:

Accept-Ranges  : range-device | none

For example a server that accept simply simply byte-range requests may send

Accept-Ranges: simply simply bytes

Servers that do not accept any kind of kind of range request for a resource may send:

Accept-Ranges: none

This will advise the care locatednt not to attempt a range request.

Age

The Age response-header field conveys the sender's estimate of the amount of time since the response (or it’s revalidation) was generated at the origin server. Following is the general syntax:

Age : delta-2nds

Age values are non-negative decimal integers, representing time in 2nds. Following is a easy example:

Age: 1030

An HTTP/1.1 server that includes a cache must include an Age header field in every response generated from it’s own cache.

ETag

The ETag response-header field provides the current value of the entity tag for the requested variant. Following is the general syntax:

ETag :  entity-tag

Following are easy examples:

ETag: "xyzzy"
ETag: W/"xyzzy"
ETag: ""

Location

The Location response-header field is used to crimson-coloureimmediate the recipient to a location other than the Request-URI for compallowion. Following is the general syntax:

Location : absoluteURI

Following is a easy example:

Location: http://www.tutorialsstage.org/http/index.htm

The Content-Location header field differs from Location in that the Content-Location identifies the authentic location of the entity enclose up upd in the request.

Proxy-Authenticate

The Proxy-Authenticate response-header field must be included as part of a 407 (Proxy Authentication Requicrimson-coloucrimson) response. Following is the general syntax:

Proxy-Authenticate  : challenge

Reconaspectr-After

The Reconaspectr-After response-header field can be used with a 503 (Service Unavailable) response to indicate how lengthy the service is expected to be unavailable to the requesting care locatednt. Following is the general syntax:

Reconaspectr-After : HTTP-date | delta-2nds

Following are 2 easy examples:

Reconaspectr-After: Fri, 31 Dec 1999 23:59:59 GMT
Reconaspectr-After: 120

In the latter example, the delay is 2 moments.

Server

The Server response-header field contains information about proper now presently there the smoothbattlee used simply simply by the origin server to handle the request. Following is the general syntax:

Server : item | comment

Following is a easy example:

Server: Apache/2.2.14 (Win32)

If the response is being forbattimmediateeded through a proxy, the proxy application must not modify the Server response-header.

Set-Cookie

The Set-Cookie response-header field contains a name/value pair of information to retain for this URL. Following is the general syntax:

Set-Cookie: NAME=VALUE; OPTIONS

Set-Cookie response header comprises the token Set-Cookie:, followed simply simply by a comma-separated list of one or more cookies. Here are probable values you can specify as options:

S.N. Options and Description
1 Comment=comment
This option can be used to specify any kind of comment associated with the cookie.
2 Domain=domain
The Domain attribute specifies the domain for which the cookie is valid.
3 Expires=Date-time
The date the cookie will expire. If this is blank, the cookie will expire when the visit downor quit’s the blineser
4 Path=route
The Path attribute specifies the subset of URLs to which this cookie appare locateds.
5 Secure
This instructs the user agent to return the cookie only below a secure interconnection.

Following is an example of a easy cookie header generated simply simply by the server:

Set-Cookie: name1=value1,name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT

Vary

The Vary response-header field specifies that the entity has multiple sources and may proper now presently therefore vary according to specified list of request header(s). Following is the general syntax:

Vary : field-name

You can specify multiple headers separated simply simply by commas and a value of asterisk "*" signals that unspecified parameters not limited to the request-headers. Following is a easy example:

Vary: Accept-Language, Accept-Encoding

Here field names are case-insensit downive.

WWW-Authenticate

The WWW-Authenticate response-header field must be included in 401 (Unauthorised) response messages. The field value consists of at minimum one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI. Following is the general syntax:

WWW-Authenticate : challenge

WWW- Authenticate field value as it may contain more than one challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge it’self can contain a comma-separated list of authentication parameters. Following is a easy example:

WWW-Authenticate: BASIC realm="Admin"

Entity Headers

Allow

The Allow entity-header field lists the set of methods supinterfaceed simply simply by the resource identified simply simply by the Request-URI. Following is the general syntax:

Allow : Method

You can specify multiple method separated simply simply by commas. Following is a easy example:

Allow: GET, HEAD, PUT

This field cannot prtake actionuallyt a care locatednt from pondering other methods.

Content-Encoding

The Content-Encoding entity-header field is used as a modifier to the media-type. Following is the general syntax:

Content-Encoding : content-coding

The content-coding is a charworkeristic of the entity identified simply simply by the Request-URI. Following is a easy example:

Content-Encoding: gzip

If the content-coding of an entity in a request message is not acceptable to the origin server, the server ought to respond with a status code of 415 (Unsupinterfaceed Media Type).

Content-Language

The Content-Language entity-header field describes the natural language(s) of the intended auexpirence for the enclose up upd entity. Following is the general syntax:

Content-Language : language-tag

Multiple languages may be listed for content that is intended for multiple auexpirences. Following is a easy example:

Content-Language: mi, en

The primary purpose of Content-Language is to enable a user to identify and variousiate enticonnects according to the user's own prefercrimson-coloucrimson language.

Content-Length

The Content-Length entity-header field indicates the dimension of the entity-body, in decimal number of OCTETs, sent to the recipient or, in the case of the HEAD method, the dimension of the entity-body that would have been sent had the request been a GET. Following is the general syntax:

Content-Length : DIGITS

Following is a easy example:

Content-Length: 3495

Any Content-Length greater than or equal to zero is a valid value.

Content-Location

The Content-Location entity-header field may be used to supply the resource location for the entity enclose up upd in the message when that entity is accessible from a location separate from the requested resource's URI. Following is the general syntax:

Content-Location:  absoluteURI | relativeURI 

Following is a easy example:

Content-Location: http://www.tutorialsstage.org/http/index.htm

The value of Content-Location furthermore degreats the base URI for the entity.

Content-MD5

The Content-MD5 entity-header field may be used to supply an MD5 digest of the entity, for checruler the integrity
of the message upon receipt. Following is the general syntax:

Content-MD5  : md5-digest using base64 of 128 bit MD5 digest as per RFC 1864

Following is a easy example:

Content-MD5  : 8c2d46911f3f5a326455f0ed7a8ed3b3

The MD5 digest is complaceed based on the content of the entity-body, including any kind of content-coding that has been appare locatedd, but not including any kind of transfer-encoding appare locatedd to the message-body.

Content-Range

The Content-Range entity-header field is sent with a partial entity-body to specify where in the complete entity-body the partial body ought to be appare locatedd. Following is the general syntax:

Content-Range : simply simply bytes-device SP 1st-simply simply byte-pos "-" final-simply simply byte-pos

Examples of simply simply byte-content-range-spec values, assuming that the entity contains a generall of 1234 simply simply bytes:

- The 1st 500 simply simply bytes:
Content-Range : simply simply bytes 0-499/1234

- The 2nd 500 simply simply bytes:
Content-Range : simply simply bytes 500-999/1234

- All other than for the 1st 500 simply simply bytes:
Content-Range : simply simply bytes 500-1233/1234

- The final 500 simply simply bytes:
Content-Range : simply simply bytes 734-1233/1234

When an HTTP message includes the content of a single range, this content is transmitted with a Content-Range header, and a Content-Length header showing the number of simply simply bytes workually transfercrimson-coloucrimson. For example,

HTTP/1.1 206 Partial content
Date: Wed, 15 Nov 1995 06:25:24 GMT
Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
Content-Range: simply simply bytes 21010-47021/47022
Content-Length: 26012
Content-Type: image/gif

Content-Type

The Content-Type entity-header field indicates the media type of the entity-body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. Following is the general syntax:

Content-Type : media-type

Following is an example:

Content-Type: text/html; charset=ISO-8859-4

Expires

The Expires entity-header field gives the date/time after which the response is conaspectcrimson-coloucrimson stale. Following is the general syntax:

Expires : HTTP-date

Following is an example:

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Last-Modified

The Last-Modified entity-header field indicates the date and time at which the origin server beare locatedves the variant was final modified. Following is the general syntax:

Last-Modified: HTTP-date

Following is an example:

Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT

HTTP – Caching

HTTP is typically used for distributed information systems, where performance can be improved simply simply by the use of response caches. The HTTP/1.1 protocol includes lots of elements intended to generate caching work.

The goal of caching in HTTP/1.1 is to eliminate the need to send requests in many kind of cases, and to eliminate the need to send complete responses in many kind of other cases.

The easy cache mechanisms in HTTP/1.1 are implicit immediateives to caches where server-specifies expiration times and validators. We use the Cache-Control header for this purpose.

The Cache-Control header enables a care locatednt or server to transmit a variety of immediateives in either requests or responses. These immediateives typically override the default caching algorithms. The caching immediateives are specified in a comma-separated list. For example:

Cache-manage: no-cache

There are following iminterfaceant cache request immediateives which can be used simply simply by the care locatednt in it’s HTTP request:

S.N. Cache Request Directive and Description
1 no-cache
A cache must not use the response to satisfy a subsequent request without proper now presently there successful revalidation with the origin server.
2 no-store
The cache ought to not store any kind ofslimg about proper now presently there the care locatednt request or server response.
3 max-age = 2nds
Indicates that the care locatednt is willing to accept a response whose age is no greater than the specified time in 2nds.
4 max-stale [ = 2nds ]
Indicates that the care locatednt is willing to accept a response that has exceeded it’s expiration time. If
2nds are given, it must not be expicrimson-coloucrimson simply simply by more than that time.
5 min-fresh = 2nds
Indicates that the care locatednt is willing to accept a response whose freshness lifetime is no less than it’s current age plus the specified time in 2nds.
6 no-transform
Do not convert the entity-body.
7 only-if-cached
Do not retrieve brand brand new data. The cache can send a document only if it is in the cache, and ought to not con2rk the origin-server to see if a brand brand newer duplicate exists.

There are following iminterfaceant cache response immediateives which can be used simply simply by the server in it’s HTTP response:

S.N. Cache Request Directive and Description
1 public
Indicates that the response may be cached simply simply by any kind of cache.
2 private
Indicates that all or part of the response message is intended for a single user and must not be cached simply simply by a shacrimson-coloucrimson cache.
3 no-cache
A cache must not use the response to satisfy a subsequent request without proper now presently there successful revalidation with the origin server.
4 no-store
The cache ought to not store any kind ofslimg about proper now presently there the care locatednt request or server response.
5 no-transform
Do not convert the entity-body.
6 must-revalidate
The cache must verify the status of stale documents before using it and expicrimson-coloucrimson one ought to not be used.
7 proxy-revalidate
The proxy-revalidate immediateive has the exwork extake action same meaning as the must- revalidate immediateive, other than that it does not apply to non-shacrimson-coloucrimson user agent caches.
8 max-age = 2nds
Indicates that the care locatednt is willing to accept a response whose age is no greater than the specified time in 2nds.
9 s-maxage = 2nds
The maximum age specified simply simply by this immediateive overrides the maximum age specified simply simply by either the max-age immediateive or the Expires header. The s-maxage immediateive is always ignocrimson-coloucrimson simply simply by a private cache.

HTTP – URL Encoding

HTTP URLs can only be sent over the Internet using the ASCII charworker-set, which usually contain charworkers out proper now presently thereaspect the ASCII set. So these unsecure charworkers must be replaced with a % followed simply simply by 2 hexadecimal digit’s.

Following table shows ASCII symbol of the charworker and it’s equal Symbol and finally it’s replacement which can be used in URL before completeing it to the server:

ASCII Symbol Replacement
< 32   Encode with %xx where xx is the hexadecimal representation of the charworker.
32 space + or %20
33 ! %21
34 " %22
35 # %23
36 $ %24
37 % %25
38 & %26
39 ' %27
40 ( %28
41 ) %29
42 * *
43 + %2B
44 , %2C
45
46 . .
47 / %2F
48 0 0
49 1 1
50 2 2
51 3 3
52 4 4
53 5 5
54 6 6
55 7 7
56 8 8
57 9 9
58 : %3A
59 ; %3B
60 < %3C
61 = %3D
62 > %3E
63 ? %3F
64 @ %40
65 A A
66 B B
67 C C
68 D D
69 E E
70 F F
71 G G
72 H H
73 I I
74 J J
75 K K
76 L L
77 M M
78 N N
79 O O
80 P P
81 Q Q
82 R R
83 S S
84 T T
85 U U
86 V V
87 W W
88 X X
89 Y Y
90 Z Z
91 [ %5B
92 %5C
93 ] %5D
94 ^ %5E
95 _ _
96 ` %60
97 a a
98 b b
99 c c
100 d d
101 e e
102 f f
103 g g
104 h h
105 i i
106 j j
107 k k
108 l l
109 m m
110 n n
111 o o
112 p p
113 q q
114 r r
115 s s
116 t t
117 u u
118 v v
119 w w
120 x x
121 y y
122 z z
123 { %7B
124 | %7C
125 } %7D
126 ~ %7E
127   %7F
> 127   Encode with %xx where xx is the hexadecimal representation of the charworker

HTTP – Security

HTTP is used for a communication over the internet, so application developers, information providers, and users ought to be abattlee of the security limitations in HTTP/1.1. This talk aboution does not include definitive solutions to the problems mentioned here but it does generate some suggestions for crimson-coloucrimsonucing security risks.

Personal Information leakage

HTTP care locatednts are usually privy to huge amounts of individual information such as the user's name, location, mail adgown, completewords, enweepption keys, etc. So you ought to be very careful to prtake actionuallyt unintentional leakage of this information via the HTTP protocol to other sources.

  • All the confidential information ought to be stocrimson-coloucrimson at server aspect in enweeppted form.

  • Revealing the specific smoothbattlee version of the server may enable the server machine to become more vulnerable to attacks against smoothbattlee that is belowstandn to contain security holes.

  • Proxies which serve as a interfaceal through a ne2rk firewall ought to consider special precautions regarding the transfer of header information that identifies the hosts at the rear of the firewall.

  • The information sent in the From field may conflict with the user's privacy curiosit downys or their sit downe's security policy, and hence it ought to not be transmitted without proper now presently there the user being able to disable, enable, and modify the contents of the field.

  • Care locatednts ought to not include a Referer header field in a (non-secure) HTTP request if the referring page was transfercrimson-coloucrimson with a secure protocol.

  • Authors of services which use the HTTP protocol ought to not use GET based forms for the submission of sensit downive data, because this will cause this data to be encoded in the Request-URI

File and route names based attack

The document ought to be restringented to the documents returned simply simply by HTTP requests to be only the ones that were intended simply simply by the server administrators.

For example, UNIX, Microsmooth Windows, and other operating systems use .. as a route component to indicate a immediateory level above the current one. On such a system, an HTTP server MUST disenable any kind of such construct in the Request-URI if it would otherwise enable access to a resource out proper now presently thereaspect those intended to be accessible via the HTTP server.

DNS Spoofing

Care locatednts using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the deliberate mis-association of IP adgownes and DNS names. So care locatednts need to be cautious in assuming the continuing validity of an IP number/DNS name association.

If HTTP care locatednts cache the results of host name lookups in order to achieve a performance improvement, they must observe the TTL information reinterfaceed simply simply by DNS. If HTTP care locatednts do not observe this rule, they can be spoofed when a previously-accessed server's IP adgown alters.

Location Headers and Spoofing

If a single server supinterfaces multiple body body organizations that do not trust one an additional, then it MUST check the values of Location and Content- Location headers in responses that are generated below manage of said body body organizations to generate sure that they do not attempt to invalidate resources over which they have no authority.

Authentication Ccrimson-coloucrimsonentials

Existing HTTP care locatednts and user agents typically retain authentication information indefinitely. HTTP/1.1. does not provide a method for a server to immediate care locatednts to discard these cached ccrimson-coloucrimsonentials which is a huge security risk.

There are lots of work- arounds to parts of this problem, and so it’s is recommended to generate the use of completeword protection in screen savers, idle time-out proper now presently there’s, and other methods which mitigate the security problems inherent in this problem.

Proxies and Caching

HTTP proxies are men-in-the-middle, and represent an opinterfacedevicey for man-in-the-middle attacks. Proxies have access to security-related information, individual information about proper now presently there individual users and body body organizations, and proprietary information belengthying to users and content providers.

Proxy operators ought to protect the systems on which proxies operate as they would protect any kind of system that contains or transinterfaces sensit downive information.

Caching proxies provide additional possible vulnerabiliconnects, since the contents of the cache represent an attrworkive target for malicious exploitation. Therefore, cache contents ought to be protected as sensit downive information.

HTTP – Message Examples

Example 1

HTTP request to fetch hello.htm page from the web server operatening on tutorialsstage.com

Care locatednt request

GET /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Server response

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
Content-Length: 88
Content-Type: text/html
Connection: Closed

<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>

Example 2

HTTP request to fetch t.html page which does not exist on the web server operatening on tutorialsstage.com

Care locatednt request

GET /t.html HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Server response

HTTP/1.1 404 Not Found
Date: Sun, 18 Oct 2012 10:36:20 GMT
Server: Apache/2.2.14 (Win32)
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
Connection: close up up
   
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
   <title>404 Not Found</title>
</head>
<body>
   <h1>Not Found</h1>
   <p>The requested URL /t.html was not found on this server.</p>
</body>
</html>

Example 3

HTTP request to fetch hello.htm page from the web server operatening on tutorialsstage.com, but request goes with inproper HTTP version:

Care locatednt request

GET /hello.htm HTTP1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Server response

HTTP/1.1 400 Bad Request
Date: Sun, 18 Oct 2012 10:36:20 GMT
Server: Apache/2.2.14 (Win32)
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
Connection: close up up
   
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
   <title>400 Bad Request</title>
</head>
<body>
   <h1>Bad Request</h1>
   <p>Your blineser sent a request that this server could not belowstand.<p>
   <p>The request series contained invalid charworkers following the protocol string.<p>
</body>
</html>

Example 4

HTTP request to post form data to process.cgi CGI page on a web server operatening on tutorialsstage.com. Server returns completeed name after setting them as cookies:

Care locatednt request

POST /cgi-bin/process.cgi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialsstage.com
Content-Type: text/xml; charset=utf-8
Content-Length: 60
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

1st=Zara&final=Ali

Server response

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Content-Length: 88
Set-Cookie: 1st=Zara,final=Ali;domain=tutorialsstage.com;Expires=Mon, 19-
Nov-2010 04:38:14 GMT;Path=/
Content-Type: text/html
Connection: Closed

<html>
<body>
<h1>Hello Zara Ali</h1>
</body>
</html>
SHARE
Previous articleHSQLDB
Next articleEthical Hacking

NO COMMENTS

LEAVE A REPLY