001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.Beta;
018import com.google.common.annotations.GwtCompatible;
019
020/**
021 * Contains constant definitions for the HTTP header field names. See:
022 * <ul>
023 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
024 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
025 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
026 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
027 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
028 * </ul>
029 *
030 *
031 * @author Kurt Alfred Kluever
032 * @since 11.0
033 */
034@GwtCompatible
035public final class HttpHeaders {
036  private HttpHeaders() {}
037
038  // HTTP Request and Response header fields
039
040  /** The HTTP {@code Cache-Control} header field name. */
041  public static final String CACHE_CONTROL = "Cache-Control";
042  /** The HTTP {@code Content-Length} header field name. */
043  public static final String CONTENT_LENGTH = "Content-Length";
044  /** The HTTP {@code Content-Type} header field name. */
045  public static final String CONTENT_TYPE = "Content-Type";
046  /** The HTTP {@code Date} header field name. */
047  public static final String DATE = "Date";
048  /** The HTTP {@code Pragma} header field name. */
049  public static final String PRAGMA = "Pragma";
050  /** The HTTP {@code Via} header field name. */
051  public static final String VIA = "Via";
052  /** The HTTP {@code Warning} header field name. */
053  public static final String WARNING = "Warning";
054
055  // HTTP Request header fields
056
057  /** The HTTP {@code Accept} header field name. */
058  public static final String ACCEPT = "Accept";
059  /** The HTTP {@code Accept-Charset} header field name. */
060  public static final String ACCEPT_CHARSET = "Accept-Charset";
061  /** The HTTP {@code Accept-Encoding} header field name. */
062  public static final String ACCEPT_ENCODING = "Accept-Encoding";
063  /** The HTTP {@code Accept-Language} header field name. */
064  public static final String ACCEPT_LANGUAGE = "Accept-Language";
065  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
066  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
067  /** The HTTP {@code Access-Control-Request-Method} header field name. */
068  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
069  /** The HTTP {@code Authorization} header field name. */
070  public static final String AUTHORIZATION = "Authorization";
071  /** The HTTP {@code Connection} header field name. */
072  public static final String CONNECTION = "Connection";
073  /** The HTTP {@code Cookie} header field name. */
074  public static final String COOKIE = "Cookie";
075  /** The HTTP {@code Expect} header field name. */
076  public static final String EXPECT = "Expect";
077  /** The HTTP {@code From} header field name. */
078  public static final String FROM = "From";
079  /**
080   * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name.
081   *
082   * @since 20.0
083   */
084  public static final String FORWARDED = "Forwarded";
085  /**
086   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
087   *
088   * @since 17.0
089   */
090  @Beta
091  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
092  /** The HTTP {@code Host} header field name. */
093  public static final String HOST = "Host";
094  /** The HTTP {@code If-Match} header field name. */
095  public static final String IF_MATCH = "If-Match";
096  /** The HTTP {@code If-Modified-Since} header field name. */
097  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
098  /** The HTTP {@code If-None-Match} header field name. */
099  public static final String IF_NONE_MATCH = "If-None-Match";
100  /** The HTTP {@code If-Range} header field name. */
101  public static final String IF_RANGE = "If-Range";
102  /** The HTTP {@code If-Unmodified-Since} header field name. */
103  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
104  /** The HTTP {@code Last-Event-ID} header field name. */
105  public static final String LAST_EVENT_ID = "Last-Event-ID";
106  /** The HTTP {@code Max-Forwards} header field name. */
107  public static final String MAX_FORWARDS = "Max-Forwards";
108  /** The HTTP {@code Origin} header field name. */
109  public static final String ORIGIN = "Origin";
110  /** The HTTP {@code Proxy-Authorization} header field name. */
111  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
112  /** The HTTP {@code Range} header field name. */
113  public static final String RANGE = "Range";
114  /** The HTTP {@code Referer} header field name. */
115  public static final String REFERER = "Referer";
116  /**
117   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
118   * field name.
119   *
120   * @since 23.4
121   */
122  public static final String REFERRER_POLICY = "Referrer-Policy";
123
124  /**
125   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
126   * header.
127   *
128   * @since 23.4
129   */
130  public static final class ReferrerPolicyValues {
131    private ReferrerPolicyValues() {}
132
133    public static final String NO_REFERRER = "no-referrer";
134    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
135    public static final String SAME_ORIGIN = "same-origin";
136    public static final String ORIGIN = "origin";
137    public static final String STRICT_ORIGIN = "strict-origin";
138    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
139    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
140    public static final String UNSAFE_URL = "unsafe-url";
141  }
142
143  /**
144   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">
145   * {@code Service-Worker}</a> header field name.
146   */
147  public static final String SERVICE_WORKER = "Service-Worker";
148  /** The HTTP {@code TE} header field name. */
149  public static final String TE = "TE";
150  /** The HTTP {@code Upgrade} header field name. */
151  public static final String UPGRADE = "Upgrade";
152  /** The HTTP {@code User-Agent} header field name. */
153  public static final String USER_AGENT = "User-Agent";
154
155  // HTTP Response header fields
156
157  /** The HTTP {@code Accept-Ranges} header field name. */
158  public static final String ACCEPT_RANGES = "Accept-Ranges";
159  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
160  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
161  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
162  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
163  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
164  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
165  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
166  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
167  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
168  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
169  /** The HTTP {@code Access-Control-Max-Age} header field name. */
170  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
171  /** The HTTP {@code Age} header field name. */
172  public static final String AGE = "Age";
173  /** The HTTP {@code Allow} header field name. */
174  public static final String ALLOW = "Allow";
175  /** The HTTP {@code Content-Disposition} header field name. */
176  public static final String CONTENT_DISPOSITION = "Content-Disposition";
177  /** The HTTP {@code Content-Encoding} header field name. */
178  public static final String CONTENT_ENCODING = "Content-Encoding";
179  /** The HTTP {@code Content-Language} header field name. */
180  public static final String CONTENT_LANGUAGE = "Content-Language";
181  /** The HTTP {@code Content-Location} header field name. */
182  public static final String CONTENT_LOCATION = "Content-Location";
183  /** The HTTP {@code Content-MD5} header field name. */
184  public static final String CONTENT_MD5 = "Content-MD5";
185  /** The HTTP {@code Content-Range} header field name. */
186  public static final String CONTENT_RANGE = "Content-Range";
187  /**
188   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">
189   * {@code Content-Security-Policy}</a> header field name.
190   *
191   * @since 15.0
192   */
193  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
194  /**
195   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
196   * {@code Content-Security-Policy-Report-Only}</a> header field name.
197   *
198   * @since 15.0
199   */
200  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
201      "Content-Security-Policy-Report-Only";
202  /**
203   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
204   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox
205   * until version 23 and the Internet Explorer version 10.
206   * Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
207   *
208   * @since 20.0
209   */
210  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
211  /**
212   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name.
213   * It was introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and
214   * used by the Firefox until version 23 and the Internet Explorer version 10.
215   * Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
216   *
217   * @since 20.0
218   */
219  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
220      "X-Content-Security-Policy-Report-Only";
221  /**
222   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in
223   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
224   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
225   *
226   * @since 20.0
227   */
228  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
229  /**
230   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
231   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
232   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
233   *
234   * @since 20.0
235   */
236  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
237  /** The HTTP {@code ETag} header field name. */
238  public static final String ETAG = "ETag";
239  /** The HTTP {@code Expires} header field name. */
240  public static final String EXPIRES = "Expires";
241  /** The HTTP {@code Last-Modified} header field name. */
242  public static final String LAST_MODIFIED = "Last-Modified";
243  /** The HTTP {@code Link} header field name. */
244  public static final String LINK = "Link";
245  /** The HTTP {@code Location} header field name. */
246  public static final String LOCATION = "Location";
247  /** The HTTP {@code P3P} header field name. Limited browser support. */
248  public static final String P3P = "P3P";
249  /** The HTTP {@code Proxy-Authenticate} header field name. */
250  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
251  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
252  public static final String REFRESH = "Refresh";
253  /** The HTTP {@code Retry-After} header field name. */
254  public static final String RETRY_AFTER = "Retry-After";
255  /** The HTTP {@code Server} header field name. */
256  public static final String SERVER = "Server";
257  /**
258   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">
259   * {@code Service-Worker-Allowed}</a> header field name.
260   *
261   * @since 20.0
262   */
263  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
264  /** The HTTP {@code Set-Cookie} header field name. */
265  public static final String SET_COOKIE = "Set-Cookie";
266  /** The HTTP {@code Set-Cookie2} header field name. */
267  public static final String SET_COOKIE2 = "Set-Cookie2";
268  /**
269   * The HTTP
270   * <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code Strict-Transport-Security}</a>
271   * header field name.
272   *
273   * @since 15.0
274   */
275  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
276  /**
277   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">
278   * {@code Timing-Allow-Origin}</a> header field name.
279   *
280   * @since 15.0
281   */
282  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
283  /** The HTTP {@code Trailer} header field name. */
284  public static final String TRAILER = "Trailer";
285  /** The HTTP {@code Transfer-Encoding} header field name. */
286  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
287  /** The HTTP {@code Vary} header field name. */
288  public static final String VARY = "Vary";
289  /** The HTTP {@code WWW-Authenticate} header field name. */
290  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
291
292  // Common, non-standard HTTP header fields
293
294  /** The HTTP {@code DNT} header field name. */
295  public static final String DNT = "DNT";
296  /** The HTTP {@code X-Content-Type-Options} header field name. */
297  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
298  /** The HTTP {@code X-Do-Not-Track} header field name. */
299  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
300  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
301  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
302  /** The HTTP {@code X-Forwarded-Proto} header field name. */
303  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
304  /**
305   * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name.
306   *
307   * @since 20.0
308   */
309  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
310  /**
311   * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name.
312   *
313   * @since 20.0
314   */
315  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
316  /** The HTTP {@code X-Frame-Options} header field name. */
317  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
318  /** The HTTP {@code X-Powered-By} header field name. */
319  public static final String X_POWERED_BY = "X-Powered-By";
320  /**
321   * The HTTP
322   * <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code Public-Key-Pins}</a>
323   * header field name.
324   *
325   * @since 15.0
326   */
327  @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
328  /**
329   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">
330   * {@code Public-Key-Pins-Report-Only}</a> header field name.
331   *
332   * @since 15.0
333   */
334  @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
335  /** The HTTP {@code X-Requested-With} header field name. */
336  public static final String X_REQUESTED_WITH = "X-Requested-With";
337  /** The HTTP {@code X-User-IP} header field name. */
338  public static final String X_USER_IP = "X-User-IP";
339  /** The HTTP {@code X-XSS-Protection} header field name. */
340  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
341  /**
342   * The HTTP <a
343   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
344   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
345   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
346   */
347  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
348  /**
349   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
350   * {@code Ping-From}</a> header field name.
351   *
352   * @since 19.0
353   */
354  public static final String PING_FROM = "Ping-From";
355  /**
356   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
357   * {@code Ping-To}</a> header field name.
358   *
359   * @since 19.0
360   */
361  public static final String PING_TO = "Ping-To";
362}