Network: TCP, IP protocol family (2) HTTP header analysis

Fang Zhipeng 2020-11-13 06:44:30
network tcp ip protocol family

In this blog, we will talk about it in detail HTTP Common header fields for protocols , Of course, we divide it into request header and response header . Below is the format of each field in the header , First, the name of the header field , Such as Accept, The colon is followed by the value of the field name , Each value is separated by a comma . If the value requires priority , Then follow the priority after the value q=0.8(q The value of is determined by 0~1, Priority from low to high ). Values and priorities are separated by semicolons .

Header field name : value 1, value 2;q=0.8

Below is the intercepted network request Request Headers Part of . The red box Accept-Language It's the header field name , After the colon is the corresponding value of the field . As shown below :


HTTP Header fields can be divided into general header fields , Request header field , Response header fields and entity header fields , A detailed introduction is given below .

General header field (General Header Fields)

This field is used in both the request header and the response header , Below are the common header fields :


The mechanism used to manipulate the cache , Below is the screenshot of the response header Cache-Control The parameters for private and max-age=10.private The cache is private , Only provide corresponding cache information for specific users . If it is public, This means that the corresponding cache information can be provided to any party .max-age = 10 Indicates that the cache is valid for 10 second . From below Expires( Expiration time ) and Last-Modified( Last modified ) We can see that , The difference between the two is exactly 10 second .

This field can also correspond to other parameters :

  • no-cache: If it's a client , Indicates that the client will not receive the cached response , To ask for the latest content . The server side means that the cache server cannot cache the corresponding resources .
  • no-store: Indicates that the cache cannot be stored locally .
  • max-age: This parameter will be assigned the corresponding number of seconds , In the request header, if the cache time does not exceed this value, it will be returned to me . And in the response header , Indicates the maximum time that the resource is cached in the cache server .
  • only-if-cached: Indicates that the client requests only the content on the server , If there is no requested content on the cache server , Then the return 504 Gateway Timeout.
  • must-revalidata: Indicates that the cache server is returning the , The validity of its cache must be confirmed with the resource server .
  • no-transform: Whether it's a request or a response , Can not change the media type of newspaper style in the process of transmission .



This field controls the header fields that are not forwarded to the proxy server and manages persistent connections , In the response header below Connection Is used to manage persistent connections , Its parameter is keep-alive, It means to keep a persistent connection . have access to close Parameter to turn it off .



This field indicates the encoding method adopted in the transmission of the message , stay HTTP/1.1 In the process of message transmission, it is only valid for block coding . The screenshot below is Transfer-Encoding stay Response Header The use of , Back root chunked( Block ) Parameters of , Indicates that the message is transmitted in blocks .



This field is used to track the request and response messages and test the transmission path , When a message passes through a proxy or gateway, it will be in Via Field to add information about the server , And then forward .


Request header field (Request Header Fields)

seeing the name of a thing one thinks of its function , The request header field is of course only used in the request header . This field is used to supplement the additional information requested , Client information, etc . Next, several common and important request header fields are given .


This field informs the server of the media type that the user agent can handle and the priority of that media type . Media type can be used “type/subtype” This is the way to specify , The semicolon is followed by the priority of the type . As shown below .



This field is used to tell the server , The content coding supported by the client side and the priority of the corresponding content encoding , Below is the Accept-Encoding Usage of .gzip Denotes by a file compressor gzip(GNU zip) The generated encoding format .compress Express UNIX File compressor compress The generated encoding format .deflate Means to use in combination zlib Format and have deflate The encoding format generated by the compression algorithm .identity Indicates that no compression is performed or a consistent default encoding format is used .



This field is used to tell the server , The natural language set that the client can handle , And the priority of the corresponding language set . Take the screenshot below ,Accept-Language There are three attributes at the back , Namely “zh-CN”, “zh;q=0.8”,“en;q=0.6”. In other words, the client can handle three kinds of natural Oracle sets ,zh-CN, The priority is 1( The highest ). The second is zh , The priority is 0.8, second . The third is en, The priority for 0.6, The priority is the lowest among the three .



It is used to inform the authentication information of the server client , Below is the connection within the company SVN The request header information when the system needs authentication .


If you don't fill in the certification information , So it's going to return 401 Unauthorized. As shown below :


If-Match And If-None-Match

The above two request header fields are logical , It is not difficult to see from the above English that the two are just the opposite . Both are followed by strings , Such as If-Match “xcsldjh49773hce”, The matching object of this character is ETag( I'll introduce you later ).If-Match The request is if the following string and ETag If it is equal, the server will make a request , Otherwise, it will not be processed .If-None-Match yes If-Match Non operation of , It's also a match ETag, If Etag Processing the request without a successful match , Otherwise, it will not be dealt with .

If-Modified-Since And If-Unmodified-Since

If-Modified-Since It is also a request header field with logical judgment , This field is followed by a date , This means that a resource update occurred after that date , Then the server will process the request .If-Unmodified-Since Namely If-Modified-Since Non operation of .



if-Range The field is also followed by Etag, This field should be combined with Range Field to use . It means if Etag The match is successful , The content of the request is as follows Range Return the range specified by the field , Otherwise, return the whole content . Use as follows :

If-Range: “etag_code”

Range: bytes=1000-5000


Actually Referer It's a wrong spelling , But it's been used all the time . The correct English word should be Referrer( It can be translated as : Origin 、 The way to come ).Referer The field is followed by a URI, The URI It's the one who initiated the request URI, The details are as follows :



This field conveys information such as the requester's browser and user agent name to the server . The bottom is from my current notebook Chrome When the browser requests the network User-Agent Information .


Response header field (Request Header Fields)

After chatting about the header field of the request message , Let's talk about the header fields of the response message . The response head is made by Server towards Client Return the header information used in the response message . Additional information of the user's supplementary response 、 Service information, etc. . Below are several common response header fields .


This field is used to tell the client whether the server side supports range requests ( Request part of the content , In the request header Range Field ).Accept-Ranges The value of is bytes when , The server supports range requests , by none when , Indicates that the server does not support range requests from clients . Below is the loading of the blog Garden page , As you can see from below, the scope request is supported , As shown below :



This field tells the client , How long ago did the source server create the response .



Etag Is the server resource currently requested by the server ( picture ,HTML Page etc. ) Corresponding to a unique string . Between different resources Etag Is different , When resources are updated Etag It will also be updated .

So combined with the request header If-Match Wait for the logical request header , You can judge the current Client Whether the loaded resources on the server side have been updated . When a resource is first requested , As in the picture , We can put it Etag Preservation , At this request , Can be put in If-None-Match The rear , Update resources . If the server resource has not been modified , Do not respond to the request . Below is the corresponding image in the web page Etag, As shown below .



Location Fields are usually used in conjunction with redirection . Below is my visit to “” The response message for this connection . Because the server doesn't have /hello This resource path , So I was redirected error.html page , This redirected URL It's stored in Location Field , As shown below :



The response field indicates the server model used on the server side , Below is the response header of a picture in the blog Garden , The use of Web Server is Tengine, Tengin It was initiated by Taobao Web Server project , Is based on Nginx Of , About Tengin Related content of , Please help yourself. Google Well .



Vary The cache can be controlled , Through this field , The source server communicates commands to the proxy server about how to use the local cache . Below is the Vary Use ,Vary The parameter at the back is Accept-Encoding. This means that the returned cache should be in the form of Accept-Encoding Subject to . When requested Accept-Encoding Parameters and cache content Accept-Encoding When the parameters are consistent, the cache content is returned , Otherwise, request the source server .



This field is used for HTTP Access authentication for , In the status code 401 Unauthorized Yes, it must have this field , This field is used to specify the authentication scheme of the client (Basic perhaps Digest). Parameters realm Is used to identify the request URL Specifies the protection policy to which the resource is protected . As shown below :


Entity header field (Content Header Fields)

Next, let's talk about common entity header fields , The entity header field is the header used by the message entity , Used to supplement information related to message entities .


This field is used by the server to inform the client of all the request methods supported on the server side (GET、POST etc. ). If the server cannot find the method mentioned in the client request , It will return 405 Method Not Allowed, At the same time, it will put all the support HTTP Method is written to the header field Allow After the return .



This field is used to specify the encoding method of the message entity , In the header below Content-Encoding The parameters for gzip, The instruction is to use gzip Compressing the entity of a message .


This field represents the natural language used by the message entity , Use as follows :

Content-Language: zh-CN


seeing the name of a thing one thinks of its function , This field is used to specify the byte length of the message entity , As shown below :



This field stores the message entity MD5 Encrypt and then use Base64 Encoding string . After the client receives the response message , The message entity can be MD5 encryption , And then we do it Base64 code , Then with Content-MD5 To determine whether the message has been modified , It can be said that this is a simple signature verification function . But this method can not determine whether the message has been modified , because Content-MD5 This value can also be tampered with .

Cookie Related fields of the header

because HTTP The agreement itself is stateless , stay Web Use in site Cookie To manage the state between the server and the client . I'd like to introduce Cookie Related fields of the header .


This field will be used in the response message . When the server is ready to start managing the client's state , They will be informed of all kinds of information in advance . The fields below are the settings to be set when logging in to Zhihu Cookie Information . Next, we're going to deal with this string of Cookie Information is parsed .

  • Key value pair : stay Set-Cookie Field ,“z_co=Mi4……” This is to deposit Cookie Information in , Of course, it can be multiple key value pairs , Use commas in the middle .
  • Domain: And then there was Domain attribute , It's not hard to see from below ,Domain What's stored in is Cookie Domain name of the applicable object , If not specified Domain Value , So the default is to create Cookie The domain name of the server .
  • expire: The value of the field property is a time , That is to say Cookie The validity of the , If you do not specify the value of the property , The default is that the current session is valid , Close the browser Cookie I.e. failure .
  • httponly: The purpose of setting this property is to make JavaScript Script cannot get Cookie, Its main purpose is to prevent cross site scripting attacks against Cookie The theft of information .
  • path: Used to restrict the designation of Cookie Send range file directory .
  • Secure: Only in HTTPS Only when secure communication is sent Cookie.



This field is used in the request header , For storing locally Cookie Send information to the server . The following is the text of each request from Zhihu Cookie Information , Of course, the bottom is just part of the information , But we can still find what we have stored in it “z_co=Mi4……” The key value is right .


Other more common and relatively simple header fields will not be described too much , Let's stop here for today's blog .

Code scanning, attention, surprise

( Please indicate the author and source of this article Fang Zhipeng's blog

本文为[Fang Zhipeng]所创,转载请带上原文链接,感谢

  1. [front end -- JavaScript] knowledge point (IV) -- memory leakage in the project (I)
  2. This mechanism in JS
  3. Vue 3.0 source code learning 1 --- rendering process of components
  4. Learning the realization of canvas and simple drawing
  5. gin里获取http请求过来的参数
  6. vue3的新特性
  7. Get the parameters from HTTP request in gin
  8. New features of vue3
  9. vue-cli 引入腾讯地图(最新 api,rocketmq原理面试
  10. Vue 学习笔记(3,免费Java高级工程师学习资源
  11. Vue 学习笔记(2,Java编程视频教程
  12. Vue cli introduces Tencent maps (the latest API, rocketmq)
  13. Vue learning notes (3, free Java senior engineer learning resources)
  14. Vue learning notes (2, Java programming video tutorial)
  15. 【Vue】—props属性
  16. 【Vue】—创建组件
  17. [Vue] - props attribute
  18. [Vue] - create component
  19. 浅谈vue响应式原理及发布订阅模式和观察者模式
  20. On Vue responsive principle, publish subscribe mode and observer mode
  21. 浅谈vue响应式原理及发布订阅模式和观察者模式
  22. On Vue responsive principle, publish subscribe mode and observer mode
  23. Xiaobai can understand it. It only takes 4 steps to solve the problem of Vue keep alive cache component
  24. Publish, subscribe and observer of design patterns
  25. Summary of common content added in ES6 + (II)
  26. No.8 Vue element admin learning (III) vuex learning and login method analysis
  27. Write a mini webpack project construction tool
  28. Shopping cart (front-end static page preparation)
  29. Introduction to the fluent platform
  30. Webpack5 cache
  31. The difference between drop-down box select option and datalist
  32. CSS review (III)
  33. Node.js学习笔记【七】
  34. Node.js learning notes [VII]
  35. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  36. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  37. 【JQuery框架,Java编程教程视频下载
  38. [jQuery framework, Java programming tutorial video download
  39. Vue Router根据后台数据加载不同的组件(思考->实现->不止于实现)
  40. Vue router loads different components according to background data (thinking - & gt; Implementation - & gt; (more than implementation)
  41. 【Vue,阿里P8大佬亲自教你
  42. 【Vue基础知识总结 5,字节跳动算法工程师面试经验
  43. [Vue, Ali P8 teaches you personally
  44. [Vue basic knowledge summary 5. Interview experience of byte beating Algorithm Engineer
  45. 【问题记录】- 谷歌浏览器 Html生成PDF
  46. [problem record] - PDF generated by Google browser HTML
  47. 【问题记录】- 谷歌浏览器 Html生成PDF
  48. [problem record] - PDF generated by Google browser HTML
  49. 【JavaScript】查漏补缺 —数组中reduce()方法
  50. [JavaScript] leak checking and defect filling - reduce() method in array
  51. 【重识 HTML (3),350道Java面试真题分享
  52. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  53. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  54. [re recognize HTML (3) and share 350 real Java interview questions
  55. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  56. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  57. 【重识 HTML ,nginx面试题阿里
  58. 【重识 HTML (4),ELK原来这么简单
  59. [re recognize HTML, nginx interview questions]
  60. [re recognize HTML (4). Elk is so simple