HTTP series – header field


HTTP protocol – HTTP general header (common)

Common header field name

Common header field name explain
Cache-Control Control cache behavior
Connection Allows clients and servers to specify options related to request / response links
Date Date and time of message creation


Cache control request instruction:
instructions parameter explain
no-cache nothing Force authentication to the source server again
no-store nothing Specifies that the cache cannot store any part of the request locally
Max age = [sec] must For example, Max age = 31536000, cache for one year
Cache control cache response instruction:
instructions explain
public A cache of responses can be provided to any party
private Returns a response only to a specific user
no-cache Its validity must be confirmed before caching
no-store Specifies that the cache cannot store any part of the response locally
Max age = [sec] Maximum age value of response

no-cache: does not mean no caching. It means that before using cache resources, it must be checked by the server (revalidate can also achieve this function).
no-store: tell the browser not to cache it.
The content of the resource is very stable and will not change for a long time, so we can declare that the browser / CDN can cache the resource for a long time (3153600 seconds, i.e. one year),As long as the user does not manually clean up the browser cache, the internal server will no longer receive (current browser / CDN) requests for this resource for a year.
recommendThe optimal solution of front-end static resource cache and the trap of Max age


field explain
keep-alive Maintain long links
close Close link
Keep alive description supplement

Connection: keep alive is used forHTTP persistent connectionField for.

Comparison of requests in close mode and keep alive mode:

HTTP series - header field

Advantages and disadvantages of keep alive

advantage: keep alive mode is more efficient because it avoids the overhead of connection establishment and release
shortcoming: long time TCP connection can easily lead to invalid occupation of system resources and waste of system resources

HTTP protocol – HTTP request header (common)

Request header field name

Request header field name explain
Host Gives the host name and port number of the server that receives the request
Referer Provides the URL of the document that contains the URL of the current request
User-Agent Inform the server of the name of the application that initiated the request
Accept Content types that the server can process (mime_type)
Accept-Encoding Encoding method (gzip: LZ77 compression algorithm; compress: LZW compression algorithm; identity: self)
If-Modified-Since Implementation of negotiation cache with last modified
If-None-Match Cache with Etag
Authorization User credentials; For example (bearer XXXX)
Cookie Every time the browser sends a request, it will carry


I am’s one in, then click, its header information includes:

Role of referer:
  • Anti theft chain

I only allow my own website to access my own image server. What is my domain, then the image server takes the referer every time to judge whether it is my own domain, if yes, continue to visit, not intercept.

  • Prevent malicious requests.

Dynamic request is time to have referer for my own website.


The request header is used to inform the (server) client of the content type that can be processed. This content type is represented by MIME type. The server canSelect one of many alternatives to apply, and useContent-TypeThe reply header informs the client of its selection.

Accept field
Accept field information
<MIME_type>/<MIME_subtype> A single exact MIME type, such as text / HTML
<MIME_type>/* A MIME type, but no subclass is specified. Image / * can be used to refer to image / PNG, image / SVG, image / GIF and any other picture type.
*/* MIME type of any type
; Q = (Q factor weight) Value represents priority and is expressed by relative quality value, also known as weight.
Accept: text/html

Accept: image/*

Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8

HTTP protocol – HTTP response header (common)

Response header field name

field information
Age I don’t understand. What are you doing
Server The name and version of the server application software
Vary Determines a request header for the future
Set-Cookie The server sends cookies to the client


Vary implements dynamic services

Vary: User-Agent
For example, the content you provide to the mobile terminal is different, which can prevent your client from misusing the cache for the desktop terminal. It can help Google and other search engines find your mobile version of the page and tell them that cloaking is not needed.

Vary: Accept-EncodingDifferent clients may have different compression coding methods. Some clients may not support compression, so the data returned by the server cannot be compressed, and the server needs to return different data. The solution to this problem is to return specific data by adding the accept encoding of variable to tell the server the types supported

HTTP protocol – HTTP entity header (common)

Entity header field name

Entity header field information
Allow Enumerates the collection of HTTP methods supported by the resource
Content-Encoding Any encoding performed on the principal
Content-Length The length or size of the body
Content-Type The object type of this principal
ETag Entity tag associated with this entity
Last-Modified Date and time when the entity was last modified


When the server receives an unsupported HTTP method, it displays the status code405 Method Not AllowedReturned as a response. At the same time, all supported HTTP methods will be written to the header fieldAllowReturn after.


Cache expiration time is used to specify the expiration time of resources. It is a specific time point on the server side.

Expires is the header field of the web server response message. When responding to the HTTP request, it tells the browser that the browser can directly fetch data from the browser cache before the expiration time without requesting again.

Expires: Wed, 04 Jul 2012 08:26:05 GMT
#Set expires and cache control via HTTP meta
< meta http equiv = "expires" content = "wed, 04 Jul 2012 08:26:05 GMT" > // valid only for this page, not for pictures or other requests in the page

If the “Max age” or “s-max-age” instruction is set in the cache control response header, the expires header will be ignored

Expires is a product of HTTP / 1. It is limited by the local time. If the local time is modified, the cache may become invalid.


Content encoding and content type and server and client processing flow

#Response headers
Content-Encoding: gzip

Take the return of Hello information as an example:
ServertobrowserSent a message: Hello
first,ServerTo tellbrowser, the type of the data I sent you. Different types of data need to be set if the receiver’s processing methods are differentContent-Type:text/plain;charset=iso-8859-1Tell the browser what to do;

Because the computer only knows 0 and 1, the browser should receive:
01101000(h) 01100101(e) 01101100(l) 01101100(l) 01101111(o)

If we compress’ hello ‘with gzip algorithm; Then the binary string has changed; So we also need to tell the browserContent-Encoding: gzip

Server -- > content type: text / plain and content encoding: gzip
-->Browser -- > first parse the compression algorithm content encoding: gzip -- >
First parse the compression algorithm content encoding: gzip -- > and then parse the content type

Relationship between last modified and if modified since

When the browser accesses the resource for the first time, the server returns the resource and adds last modified in response headers. The value is the last modification time of the resource on the server:

Last-Modified: Fri, 23 Oct 2020 07:33:48 GMT

If the browser requests the resource again, request headers will be added

If-Modified-Since: Fri, 23 Oct 2020 07:33:48 GMT

When the server receives this resource request again, it willIf-Modified-SinceThe value is compared with the last modification time of this resource in the server. If there is no change, 304 and an empty response body are returned and read directly from the cache; If the time of if modified since is less than the last modification time of this resource in the server, it indicates that the file has been updated, so the new resource file and 200 are returned;

Etag and if none match

When the browser accesses a resource for the first time, when the server returns the resource, a unique identifier of the current resource file is added to the response headers(As long as the resource changes, Etag will be regenerated):

ETag: "5f92875c-6fa"

If the browser requests the resource again, request headers will be added

If-None-Match: "5f92875c-6fa"

The server only needs to compare whether the if none match transmitted from the client is consistent with the Etag of the resource on its own server, so as to judge whether the resource has been modified relative to the client

MIME type


Related blog posts

HTTPS encryption, http2.0, keep alive


HTTP content encoding and content type and server and client processing flow

Browser caching mechanism