http.cheatsheet

#-#
#-# Headers
#-#

#-# Request headers

Field Example Description

Accept Accept: text/html Acceptable Content-Types for the response.
Accept-Charset Accept-Charset: utf-8 Acceptable character sets.
Accept-Encoding Accept-Encoding: gzip, deflate Acceptable encodings (for compression).
Accept-Language Accept-Language: en-US Acceptable human langages.
Accept-Datetime Accept-Datetime: Fri, 21 Dec 2012 06:06:06 GMT Acceptable time of last update.
Authorization Authorization: Basic YnJvOmhvbmVzdGx5 HTTP authentication credentials.
Cache-Control Cache-Control: no-cache Directives which caching mechanisms must obey.
Connection Connection: keep-alive Type of preffered connection for the client.
Cookie Cookie: $Version=1; Skin=new; An http cookie from the client (see: Set-Cookie).
Content-Length Content-Length: 1337 The length of the body in bytes.
Content-MD5 Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== A base-64 encoded MD5 checksum for the body.
Content-Type Content-Type: application/x-www-form-urlencoded The MIME type of the request body.
Date Date: Sun, 23 Jun 2013 12:00:00 GMT The date and time which the message was sent.
Expect Expect: 100-continue Indicates server behaviors the client requires.
From From: john.doe@gmail.com The email address of the user making the request.
Host Host: dnslookup.domain.com The host url, used for vhosts and proxying.
If-Match If-Match: “737060cd8c284d8af7ad3082f209582d” Only perform the action if the client-supplied entity matches the one on the server.
If-Modified-Since If-Modified-Since: Wed, Dec 25 2012 11:11:11 GMT If content is unchanged, the server may return 304 Not Modified.
If-None-Match If-None-Match: “737060cd8c284d8af7ad3082f209582d” If content is unchanged (based on ETags), the server may return a 304 Not Modified.
If-Range If-Range: “737060cd8c284d8af7ad3082f209582d” Send missing parts if the entity is unchanged (used for resuming downloads).
If-Unmodified-Since If-Unmodified-Since: Wed, Dec 25 2012 11:11:11 GMT If content is unchanged, the server must return 304 Not Modified.
Max-Forwards Max-Forwards: 10 The maximum number of times a message can be forwarded through proxies/gateways.
Origin Origin: http://domain.com Used for initiating CORS requests.
Pragma Pragma: no-cache Directives which may or may not have effects anywhere along the request/response chain.
Range Range: bytes=136-1337 Request only parts of an entity (used for resuming downloads).
Referer Referer: http://domain.com The address of the web page which had the link followed by the client.
TE TE: trailers, deflate Transfer encodings the client is willing to accept, including trailers.
Upgrade Upgrade: websocket Request that the server upgrade to another protocol.
User-Agent User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) The user agent string of the client.
Via Via: 1.0 fred, 1.1 example.com (Apache/1.1) Information about proxies through which the request was sent.
Warning Warning: 199 Miscellaneous warning A general warning about potential issues with the body.
X-Requested-With X-Requested-With: XMLHttpRequest Generally used to identify AJAX requests.
DNT DNT: 1 Mozilla-proposed “do not track” directive.
X-Forwarded-For X-Forwarded-For: 24.237.53.237 De-facto standard for identifying the originating client IP address though an HTTP proxy load balancer.
X-Forwarded-Proto X-Forwarded-Proto: https De-facto standard for identifying the originating protocol used by the client.
Front-End-Https Front-End-Https: on Non-standard header used by Microsoft applications and load balancers.
X-ATT-DeviceId X-ATT-DeviceId: MakeModel/Firmware Used by AT&T devices to specify the MakeModel/Firmware (a subset of the User-Agent).
X-Wap-Profile X-Wap-Profile: http://wap.mobile.com/schema.xml Links to an XMLFile describing the connecting device (such as AT&T phones).

#-# Response headers

Field Example Description

Access-Control-Allow-Origin Access-Control-Allow-Origin: * Specifies which websites are allowed to do CORS.
Accept-Ranges Accept-Ranges: bytes Partial content range types supported.
Age Age: 42 Age of entity in proxy cache (seconds).
Allow Allow: GET, HEAD Valid HTTP methods for the resource (paired with 405 Method not allowed).
Cache-Control Cache-Control: max-age=3600 Specifies behavior to caching proxies from server to client (in seconds).
Connection Connection: close Options desired for the connection.
Content-Encoding Content-Encoding: gzip The type of encoding used for the response body (used for compression).
Content-Language Content-Language: en-US The human language in the response body.
Content-Length Content-Length: 123 Length of the response body in bytes.
Content-Location Content-Location: /index.html Alternate location for the resource.
Content-MD5 Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== A Base64-encoded MD5 checksum for the response body.
Content-Disposition Content-Disposition: attachment; filename=“f.csv” Directives used by the client to prompt the user to download a response as a file.
Content-Type Content-Type: text/html; charset=utf-8 The MIME type of the response body.
Etag ETag: “737060cd8c284d8af7ad3082f209582d” A unique string used to identify a specific version of a resource.
Expires Expires: Fri, 29 Nov 2013 12:34:56 GMT A date/time after which the resource should be considered outdated by the client.
Last-Modified Last-Modified: Sat, 13 Oct 2012 09:35:00 GMT The date at which the resource was last modified.
Link Link: ; rel=“alternate” Used to specify relationships with other resources.
Location Location: http://www.google.com The location of the resource (used in 3XX redirects).
P3P P3P: CP=“This is not a P3P policy See [url]” Most browsers do not fully implement it, but may contain filler text in order to convince browsers to grant permissions for third party cookies.
Pragma Pragma: no-cache Directives which may or may not have efiects anywhere along the request/response chain.
Proxy-Authenticate Proxy-Authenticate: Basic Request authentication to access a proxy.
Retry-After Retry-After: 60 If the resource is unavailable, the client should try again after some given time (seconds).
Server Server: Apache/2.4.1 (Unix) A name for the server.
Set-Cookie UserID=usr; Max-Age=3600; Version=1 Set an HTTP cookie.
Status Status: 200 OK HTTP status code.
Strict-Transport-Security Strict-Transport-Security: max-age=16070400; Used to specify HTTPS-only policies.
Trailer Trailer: Max-Forwards Headers which will be in the trailers of a chunked transfer encoding.
Transfer-Encoding Transfer-Encoding: chunked The method of encoding used to transfer the response (defined methods: chunked, com-press, deate, gzip, identity).
Vary Vary: * Specifies request headers to match against when deciding caching behavior.
Via Via: 1.0 fred, 1.1 example.com (Apache/1.1) Information about proxies through which the request was sent.
Warning Warning: 199 Miscellaneous warning A general warning about potential issues with the body.
WWW-Authenticate WWW-Authenticate: Basic Indicates which authentication scheme should be used to access the requested resource.
Refresh Refresh: 5; url=http://domain.com A de-facto standard introduced by Netscape and supported in most browsers, used to redirect after some amount of seconds.
X-Frame-Options X-Frame-Options: deny Used to control in-frame rendering in order to avoid \clickjacking".
X-XSS-Protection X-XSS-Protection: 1; mode=block Used to control cross-site scripting.
X-Content-Security-Policy X-Content-Security-Policy: default-src ‘self’ Used to specify Content Securty Policy.
X-Webkit-CSP X-Webkit-CSP: default-src ‘self’ Also used to specify Content Securty Policy.
X-Powered-By X-Powered-By: PHP/5.4.0 Used to specify which technology is supporting the web application.
X-UA-Compatible X-UA-Compatible: IE=EmulateIE7 Specifies a preferred rendering engine, often used to trigger backwards-compatibility modes.

#-#
#-# Methods
#-#

Method Description

GET Request a representation of the resource.
HEAD Request only the headers for the resource.
POST Process the request body with the resource.
PUT Create or update a new resource with the contents of the request body.
DELETE Remove the specified resource.
OPTIONS Return the HTTP methods the specified resource supports.
TRACE Echo the received request.
CONNECT Convert the connection to a transparent tcp/ip tunnel, usually to allow SSL/TLS through an unencrypted HTTP proxy.
PATCH Apply partial modifications to the resource.

#-#
#-# Status codes
#-#

#-# 1xx / Informational

Code Title Summary

100 Continue Client should continue with request.
101 Switching Protocols Server is switching protocols.
103 Checkpoint Resume aborted PUT or POST requests.
122 Request-URI too long URI is longer than a maximum of 2083 characters.

#-# 2xx / Success

Code Title Summary

200 Success Standard response for successful HTTP requests.
201 Created Request has been fulfilled; new resource created.
202 Accepted Request accepted, processing pending.
203 Non-Authoritative Info Request processed, information may be from another source.
204 No Content Request processed, no content returned.
205 Reset Content Request processed, no content returned, reset document view.
206 Partial Content Partial resource return due to request header.
208 Already Reported Results previously returned.

#-# 3xx / Redirection

Code Title Summary

300 Multiple Choices Multiple options for the resource delivered.
301 Moved Permanently This and all future requests directed to the given URI.
302 Found Temporary response to request found via alternative URI.
303 See Other Permanent response to request found via alternative URI.
304 Not Modified Resource has not been modified since last requested.
305 Use Proxy Content located elsewhere, retrieve from there.
306 Switch Proxy Switchubsequent requests should use the specified proxy.
307 Temporary Redirect Connect again to different URI as provided.

#-# 4xx / Client Error

Code Title Summary

400 Bad Request 401 Unauthorized 402 Payment Required 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 407 Proxy Auth Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Request Entity Too Large 414 Request-URI Too Long 415 Unsupported Media Type 416 Requested 417 Expectation Failed 418 I’m a teapot 420 Enhance Your Calm 426 Upgrade Required 444 No Response 449 Retry With 450 Blocked by WPC 499 Client Closed Request Request cannot be fulfilled due to bad syntax.
Authentication is possible but has failed.
Payment required.
Server refuses to respond to request.
Requested resource could not be found.
Request method not supported by that resource.
Content not acceptable according to the Accept headers.
Client must first authenticate itself with the proxy.
Server timed out waiting for the request.
Request could not be processed because of conflict.
Resource is no longer available and will not be available again.
Request did not specify the length of its content.
Server does not meet request preconditions.
Request is larger than the server is willing or able to process.
URI provided was too long for the server to process.
Server does not support media type.
Range Not Satisfiable Client has asked for unprovidable portion of the file.
Server cannot meet requirements of Expect request-header field.
I’m a teapot.
Twitter rate limiting.
Client should switch to a different protocol.
Server returns no information and closes the connection.
Request should be retried after performing action.
Windows Parental Controls blocking access to webpage.
Connection closed by client while HTTP server is processing.

#-# 5xx / Server Error

Code Title Summary

500 Internal Server Error Generic error message
501 Not Implemented Server does not recognise method or lacks ability to fulfill.
502 Bad Gateway Server received an invalid response from upstream server.
503 Service Unavailable Server is currently unavailable.
504 Gateway Timeout Gateway did not receive response from upstream server.
505 HTTP Version Not Supported Server does not support the HTTP protocol version.
508 Loop Detected Server detected an infinite loop while processing the request.
509 Bandwidth Limit Exceeded Bandwidth limit exceeded.
510 Not Extended Further extensions to the request are required.
598 Network read timeout error Network read timeout behind the proxy.
599 Network connect timeout error Network connect timeout behind the proxy.

#-# Extensions

Code Title Summary

102 Processing Server has received and is processing the request.
207 Multi-Status XML, can contain multiple separate responses.
226 IM Used Request fulfilled, reponse is instance-manipulations.
308 Permanent Redirect Connect again to a different URI using the same method.
422 Unprocessable Entity Request unable to be followed due to semantic errors.
423 Locked Resource that is being accessed is locked.
424 Failed Dependency Request failed due to failure of a previous request.
428 Precondition Required Origin server requires the request to be conditional.
429 Too Many Requests User has sent too many requests in a given amount of time.
431 Request Header Fields Too Large Server is unwilling to process the request.
451 Wrong Exchange server The server cannot reach the client’s mailbox.
506 Variant Also Negotiates Content negotiation for the request results in a circular reference.
507 Insufficient Storage Server is unable to store the representation.
511 Network Authentication Required Client needs to authenticate to gain network access.