001/* 002 * Copyright (C) 2011 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import com.google.common.annotations.Beta; 018import com.google.common.annotations.GwtCompatible; 019 020/** 021 * Contains constant definitions for the HTTP header field names. See: 022 * <ul> 023 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> 024 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a> 025 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> 026 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> 027 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a> 028 * </ul> 029 * 030 * 031 * @author Kurt Alfred Kluever 032 * @since 11.0 033 */ 034@GwtCompatible 035public final class HttpHeaders { 036 private HttpHeaders() {} 037 038 // HTTP Request and Response header fields 039 040 /** The HTTP {@code Cache-Control} header field name. */ 041 public static final String CACHE_CONTROL = "Cache-Control"; 042 /** The HTTP {@code Content-Length} header field name. */ 043 public static final String CONTENT_LENGTH = "Content-Length"; 044 /** The HTTP {@code Content-Type} header field name. */ 045 public static final String CONTENT_TYPE = "Content-Type"; 046 /** The HTTP {@code Date} header field name. */ 047 public static final String DATE = "Date"; 048 /** The HTTP {@code Pragma} header field name. */ 049 public static final String PRAGMA = "Pragma"; 050 /** The HTTP {@code Via} header field name. */ 051 public static final String VIA = "Via"; 052 /** The HTTP {@code Warning} header field name. */ 053 public static final String WARNING = "Warning"; 054 055 // HTTP Request header fields 056 057 /** The HTTP {@code Accept} header field name. */ 058 public static final String ACCEPT = "Accept"; 059 /** The HTTP {@code Accept-Charset} header field name. */ 060 public static final String ACCEPT_CHARSET = "Accept-Charset"; 061 /** The HTTP {@code Accept-Encoding} header field name. */ 062 public static final String ACCEPT_ENCODING = "Accept-Encoding"; 063 /** The HTTP {@code Accept-Language} header field name. */ 064 public static final String ACCEPT_LANGUAGE = "Accept-Language"; 065 /** The HTTP {@code Access-Control-Request-Headers} header field name. */ 066 public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; 067 /** The HTTP {@code Access-Control-Request-Method} header field name. */ 068 public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; 069 /** The HTTP {@code Authorization} header field name. */ 070 public static final String AUTHORIZATION = "Authorization"; 071 /** The HTTP {@code Connection} header field name. */ 072 public static final String CONNECTION = "Connection"; 073 /** The HTTP {@code Cookie} header field name. */ 074 public static final String COOKIE = "Cookie"; 075 /** The HTTP {@code Expect} header field name. */ 076 public static final String EXPECT = "Expect"; 077 /** The HTTP {@code From} header field name. */ 078 public static final String FROM = "From"; 079 /** 080 * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name. 081 * 082 * @since 20.0 083 */ 084 public static final String FORWARDED = "Forwarded"; 085 /** 086 * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name. 087 * 088 * @since 17.0 089 */ 090 @Beta 091 public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown"; 092 /** The HTTP {@code Host} header field name. */ 093 public static final String HOST = "Host"; 094 /** The HTTP {@code If-Match} header field name. */ 095 public static final String IF_MATCH = "If-Match"; 096 /** The HTTP {@code If-Modified-Since} header field name. */ 097 public static final String IF_MODIFIED_SINCE = "If-Modified-Since"; 098 /** The HTTP {@code If-None-Match} header field name. */ 099 public static final String IF_NONE_MATCH = "If-None-Match"; 100 /** The HTTP {@code If-Range} header field name. */ 101 public static final String IF_RANGE = "If-Range"; 102 /** The HTTP {@code If-Unmodified-Since} header field name. */ 103 public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since"; 104 /** The HTTP {@code Last-Event-ID} header field name. */ 105 public static final String LAST_EVENT_ID = "Last-Event-ID"; 106 /** The HTTP {@code Max-Forwards} header field name. */ 107 public static final String MAX_FORWARDS = "Max-Forwards"; 108 /** The HTTP {@code Origin} header field name. */ 109 public static final String ORIGIN = "Origin"; 110 /** The HTTP {@code Proxy-Authorization} header field name. */ 111 public static final String PROXY_AUTHORIZATION = "Proxy-Authorization"; 112 /** The HTTP {@code Range} header field name. */ 113 public static final String RANGE = "Range"; 114 /** The HTTP {@code Referer} header field name. */ 115 public static final String REFERER = "Referer"; 116 /** 117 * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header 118 * field name. 119 * 120 * @since 23.4 121 */ 122 public static final String REFERRER_POLICY = "Referrer-Policy"; 123 124 /** 125 * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> 126 * header. 127 * 128 * @since 23.4 129 */ 130 public static final class ReferrerPolicyValues { 131 private ReferrerPolicyValues() {} 132 133 public static final String NO_REFERRER = "no-referrer"; 134 public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade"; 135 public static final String SAME_ORIGIN = "same-origin"; 136 public static final String ORIGIN = "origin"; 137 public static final String STRICT_ORIGIN = "strict-origin"; 138 public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin"; 139 public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin"; 140 public static final String UNSAFE_URL = "unsafe-url"; 141 } 142 143 /** 144 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm"> 145 * {@code Service-Worker}</a> header field name. 146 */ 147 public static final String SERVICE_WORKER = "Service-Worker"; 148 /** The HTTP {@code TE} header field name. */ 149 public static final String TE = "TE"; 150 /** The HTTP {@code Upgrade} header field name. */ 151 public static final String UPGRADE = "Upgrade"; 152 /** The HTTP {@code User-Agent} header field name. */ 153 public static final String USER_AGENT = "User-Agent"; 154 155 // HTTP Response header fields 156 157 /** The HTTP {@code Accept-Ranges} header field name. */ 158 public static final String ACCEPT_RANGES = "Accept-Ranges"; 159 /** The HTTP {@code Access-Control-Allow-Headers} header field name. */ 160 public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; 161 /** The HTTP {@code Access-Control-Allow-Methods} header field name. */ 162 public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; 163 /** The HTTP {@code Access-Control-Allow-Origin} header field name. */ 164 public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; 165 /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */ 166 public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; 167 /** The HTTP {@code Access-Control-Expose-Headers} header field name. */ 168 public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; 169 /** The HTTP {@code Access-Control-Max-Age} header field name. */ 170 public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; 171 /** The HTTP {@code Age} header field name. */ 172 public static final String AGE = "Age"; 173 /** The HTTP {@code Allow} header field name. */ 174 public static final String ALLOW = "Allow"; 175 /** The HTTP {@code Content-Disposition} header field name. */ 176 public static final String CONTENT_DISPOSITION = "Content-Disposition"; 177 /** The HTTP {@code Content-Encoding} header field name. */ 178 public static final String CONTENT_ENCODING = "Content-Encoding"; 179 /** The HTTP {@code Content-Language} header field name. */ 180 public static final String CONTENT_LANGUAGE = "Content-Language"; 181 /** The HTTP {@code Content-Location} header field name. */ 182 public static final String CONTENT_LOCATION = "Content-Location"; 183 /** The HTTP {@code Content-MD5} header field name. */ 184 public static final String CONTENT_MD5 = "Content-MD5"; 185 /** The HTTP {@code Content-Range} header field name. */ 186 public static final String CONTENT_RANGE = "Content-Range"; 187 /** 188 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field"> 189 * {@code Content-Security-Policy}</a> header field name. 190 * 191 * @since 15.0 192 */ 193 public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; 194 /** 195 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field"> 196 * {@code Content-Security-Policy-Report-Only}</a> header field name. 197 * 198 * @since 15.0 199 */ 200 public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY = 201 "Content-Security-Policy-Report-Only"; 202 /** 203 * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in 204 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox 205 * until version 23 and the Internet Explorer version 10. 206 * Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 207 * 208 * @since 20.0 209 */ 210 public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy"; 211 /** 212 * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. 213 * It was introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and 214 * used by the Firefox until version 23 and the Internet Explorer version 10. 215 * Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 216 * 217 * @since 20.0 218 */ 219 public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY = 220 "X-Content-Security-Policy-Report-Only"; 221 /** 222 * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in 223 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 224 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 225 * 226 * @since 20.0 227 */ 228 public static final String X_WEBKIT_CSP = "X-WebKit-CSP"; 229 /** 230 * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in 231 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 232 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 233 * 234 * @since 20.0 235 */ 236 public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only"; 237 /** The HTTP {@code ETag} header field name. */ 238 public static final String ETAG = "ETag"; 239 /** The HTTP {@code Expires} header field name. */ 240 public static final String EXPIRES = "Expires"; 241 /** The HTTP {@code Last-Modified} header field name. */ 242 public static final String LAST_MODIFIED = "Last-Modified"; 243 /** The HTTP {@code Link} header field name. */ 244 public static final String LINK = "Link"; 245 /** The HTTP {@code Location} header field name. */ 246 public static final String LOCATION = "Location"; 247 /** The HTTP {@code P3P} header field name. Limited browser support. */ 248 public static final String P3P = "P3P"; 249 /** The HTTP {@code Proxy-Authenticate} header field name. */ 250 public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate"; 251 /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */ 252 public static final String REFRESH = "Refresh"; 253 /** The HTTP {@code Retry-After} header field name. */ 254 public static final String RETRY_AFTER = "Retry-After"; 255 /** The HTTP {@code Server} header field name. */ 256 public static final String SERVER = "Server"; 257 /** 258 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm"> 259 * {@code Service-Worker-Allowed}</a> header field name. 260 * 261 * @since 20.0 262 */ 263 public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed"; 264 /** The HTTP {@code Set-Cookie} header field name. */ 265 public static final String SET_COOKIE = "Set-Cookie"; 266 /** The HTTP {@code Set-Cookie2} header field name. */ 267 public static final String SET_COOKIE2 = "Set-Cookie2"; 268 /** 269 * The HTTP 270 * <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code Strict-Transport-Security}</a> 271 * header field name. 272 * 273 * @since 15.0 274 */ 275 public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security"; 276 /** 277 * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources"> 278 * {@code Timing-Allow-Origin}</a> header field name. 279 * 280 * @since 15.0 281 */ 282 public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin"; 283 /** The HTTP {@code Trailer} header field name. */ 284 public static final String TRAILER = "Trailer"; 285 /** The HTTP {@code Transfer-Encoding} header field name. */ 286 public static final String TRANSFER_ENCODING = "Transfer-Encoding"; 287 /** The HTTP {@code Vary} header field name. */ 288 public static final String VARY = "Vary"; 289 /** The HTTP {@code WWW-Authenticate} header field name. */ 290 public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; 291 292 // Common, non-standard HTTP header fields 293 294 /** The HTTP {@code DNT} header field name. */ 295 public static final String DNT = "DNT"; 296 /** The HTTP {@code X-Content-Type-Options} header field name. */ 297 public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options"; 298 /** The HTTP {@code X-Do-Not-Track} header field name. */ 299 public static final String X_DO_NOT_TRACK = "X-Do-Not-Track"; 300 /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */ 301 public static final String X_FORWARDED_FOR = "X-Forwarded-For"; 302 /** The HTTP {@code X-Forwarded-Proto} header field name. */ 303 public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; 304 /** 305 * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name. 306 * 307 * @since 20.0 308 */ 309 public static final String X_FORWARDED_HOST = "X-Forwarded-Host"; 310 /** 311 * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name. 312 * 313 * @since 20.0 314 */ 315 public static final String X_FORWARDED_PORT = "X-Forwarded-Port"; 316 /** The HTTP {@code X-Frame-Options} header field name. */ 317 public static final String X_FRAME_OPTIONS = "X-Frame-Options"; 318 /** The HTTP {@code X-Powered-By} header field name. */ 319 public static final String X_POWERED_BY = "X-Powered-By"; 320 /** 321 * The HTTP 322 * <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code Public-Key-Pins}</a> 323 * header field name. 324 * 325 * @since 15.0 326 */ 327 @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins"; 328 /** 329 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning"> 330 * {@code Public-Key-Pins-Report-Only}</a> header field name. 331 * 332 * @since 15.0 333 */ 334 @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only"; 335 /** The HTTP {@code X-Requested-With} header field name. */ 336 public static final String X_REQUESTED_WITH = "X-Requested-With"; 337 /** The HTTP {@code X-User-IP} header field name. */ 338 public static final String X_USER_IP = "X-User-IP"; 339 /** The HTTP {@code X-XSS-Protection} header field name. */ 340 public static final String X_XSS_PROTECTION = "X-XSS-Protection"; 341 /** 342 * The HTTP <a 343 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code 344 * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off". 345 * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages. 346 */ 347 public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control"; 348 /** 349 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 350 * {@code Ping-From}</a> header field name. 351 * 352 * @since 19.0 353 */ 354 public static final String PING_FROM = "Ping-From"; 355 /** 356 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 357 * {@code Ping-To}</a> header field name. 358 * 359 * @since 19.0 360 */ 361 public static final String PING_TO = "Ping-To"; 362}