2024-03-11
HTTP
HTTP
IP
IP
IPv6
HTTP
1990 HTTP/0.9 GET only, no headers
1996 HTTP/1.0 Method, Headers, StatusCode, Redirect etc...
1997 HTTP/1.1 KeepAlive, TLS, Upgrade, Chunk ...
2015 HTTP/2
2018 HTTP/3 udp:443
Protocol Negotiation
HTTP TCP Handshake
HTTPS HTTP + TLS Handshake
WS HTTP Upgrade
WSS HTTP Upgrade + TLS Handshake
H2 TCP Handshake + TLS-ALPN handshake
H2C HTTP Upgrade, send HTTP2 Magic#(Preface)
H3 HTTP2 + Alt+Svc
SSL/TLS
SSL 1.0
2.0
3.0
TLS 1.0
1.1
1.2
1.3
Cipher Suite
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (old format < TLS 1.3)
TLS_AES_128_GCM_SHA256 (new format)
... and lots
Status Code (61)
100 Continue
101 Switching Protocols
102 Processing (deprecated)
103 Early Hints
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
207 Multi-Status
208 Already Reported
226 IM Used
300 Multiple Choices
301 Moved Permanently
302 Found
303 See Other
304 Not Modified
307 Temporary Redirect
308 Permanent Redirect
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timeout
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Content Too Large
414 URI Too Long
415 Unsupported Media Type
416 Range Not Satisfiable
417 Expectation Failed
418 I'm a teapot
421 Misdirected Request
422 Unprocessable Content
423 Locked
424 Failed Dependency
425 Too Early
426 Upgrade Required
428 Precondition Required
429 Too Many Requests
431 Request Header Fields Too Large
451 Unavailable For Legal Reasons
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
506 Variant Also Negotiates
507 Insufficient Storage
508 Loop Detected
510 Not Extended
511 Network Authentication Required
Headers (106)
Accept Accept: application/json
Accept-CH
Accept-Charset Accept-Charset: utf-8
Accept-Encoding Accept-Encoding: gzip, deflate
Accept-Language Accept-Language: en-US, ja-JP
Accept-Patch
Accept-Post
Accept-Ranges
Access-Control-Allow-Credentials ;; CORS
Access-Control-Allow-Headers ;; CORS
Access-Control-Allow-Methods ;; CORS
Access-Control-Allow-Origin ;; CORS
Access-Control-Expose-Headers ;; CORS
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Age
Allow
Alt-Svc
Alt-Used
Authorization Authorization: Basic dXNlcjpwYXNz
Cache-Control Cache-Control: no-cache
Clear-Site-Data
Connection [h] Connection: Upgrade, close ;; see HOP-BY-HOP
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-Range
Content-Security-Policy
Content-Security-Policy-Report-Only
Content-Type
Cookie
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Date
Device-Memory
ETag
Expect
Expect-CT
Expires
Forwarded
From
Host [!] Host: example.com:80
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Keep-Alive [h]
Large-Allocation
Last-Modified
Link
Location
Max-Forwards
Origin
Permissions-Policy
Pragma
Deprecated
Proxy-Authenticate [h]
Proxy-Authorization [h]
Range
Referer
Referrer-Policy
Reporting-Endpoints
Retry-After
Sec-Fetch-Dest
Sec-Fetch-Mode
Sec-Fetch-Site
Sec-Fetch-User
Sec-Purpose
Sec-WebSocket-Accept
Server
Server-Timing
Service-Worker-Navigation-Preload
Set-Cookie
SourceMap
Strict-Transport-Security
TE [h]
Timing-Allow-Origin
Tk
Trailer [h]
Transfer-Encoding [h]
Upgrade [h]
Upgrade-Insecure-Requests
User-Agent
Vary
Via
Viewport-Width
Want-Digest
Width
WWW-Authenticate
X-Content-Type-Options
X-DNS-Prefetch-Control
X-Forwarded-For
X-Forwarded-Host
X-Forwarded-Proto
X-Frame-Options
X-XSS-Protection
Hop-by-hop Headers (8+)
Connection
Keep-Alive
Proxy-Authenticate
Proxy-Authorization
TE
Trailer
Transfer-Encoding
Upgrade
RFC2616 hop-by-hop headers
"Hop-by-hop headers ... are meaningful only for a single transport-level connection, and are not stored by caches or forwarded by proxies"
Any hop-by-hop headers except "Connection" must be listed in the "Connection" header. Proxies will remove these.