001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.Beta;
018import com.google.common.annotations.GwtCompatible;
019
020/**
021 * Contains constant definitions for the HTTP header field names. See:
022 *
023 * <ul>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
028 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
029 * </ul>
030 *
031 *
032 * @author Kurt Alfred Kluever
033 * @since 11.0
034 */
035@GwtCompatible
036public final class HttpHeaders {
037  private HttpHeaders() {}
038
039  // HTTP Request and Response header fields
040
041  /** The HTTP {@code Cache-Control} header field name. */
042  public static final String CACHE_CONTROL = "Cache-Control";
043  /** The HTTP {@code Content-Length} header field name. */
044  public static final String CONTENT_LENGTH = "Content-Length";
045  /** The HTTP {@code Content-Type} header field name. */
046  public static final String CONTENT_TYPE = "Content-Type";
047  /** The HTTP {@code Date} header field name. */
048  public static final String DATE = "Date";
049  /** The HTTP {@code Pragma} header field name. */
050  public static final String PRAGMA = "Pragma";
051  /** The HTTP {@code Via} header field name. */
052  public static final String VIA = "Via";
053  /** The HTTP {@code Warning} header field name. */
054  public static final String WARNING = "Warning";
055
056  // HTTP Request header fields
057
058  /** The HTTP {@code Accept} header field name. */
059  public static final String ACCEPT = "Accept";
060  /** The HTTP {@code Accept-Charset} header field name. */
061  public static final String ACCEPT_CHARSET = "Accept-Charset";
062  /** The HTTP {@code Accept-Encoding} header field name. */
063  public static final String ACCEPT_ENCODING = "Accept-Encoding";
064  /** The HTTP {@code Accept-Language} header field name. */
065  public static final String ACCEPT_LANGUAGE = "Accept-Language";
066  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
067  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
068  /** The HTTP {@code Access-Control-Request-Method} header field name. */
069  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
070  /** The HTTP {@code Authorization} header field name. */
071  public static final String AUTHORIZATION = "Authorization";
072  /** The HTTP {@code Connection} header field name. */
073  public static final String CONNECTION = "Connection";
074  /** The HTTP {@code Cookie} header field name. */
075  public static final String COOKIE = "Cookie";
076  /**
077   * The HTTP <a href="https://tools.ietf.org/html/rfc8470">{@code Early-Data}</a> header field
078   * name.
079   *
080   * @since 27.0
081   */
082  public static final String EARLY_DATA = "Early-Data";
083  /** The HTTP {@code Expect} header field name. */
084  public static final String EXPECT = "Expect";
085  /** The HTTP {@code From} header field name. */
086  public static final String FROM = "From";
087  /**
088   * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name.
089   *
090   * @since 20.0
091   */
092  public static final String FORWARDED = "Forwarded";
093  /**
094   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
095   *
096   * @since 17.0
097   */
098  @Beta
099  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
100  /** The HTTP {@code Host} header field name. */
101  public static final String HOST = "Host";
102  /**
103   * The HTTP <a href="https://tools.ietf.org/html/rfc7540#section-3.2.1">{@code HTTP2-Settings}
104   * </a> header field name.
105   *
106   * @since 24.0
107   */
108  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
109  /** The HTTP {@code If-Match} header field name. */
110  public static final String IF_MATCH = "If-Match";
111  /** The HTTP {@code If-Modified-Since} header field name. */
112  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
113  /** The HTTP {@code If-None-Match} header field name. */
114  public static final String IF_NONE_MATCH = "If-None-Match";
115  /** The HTTP {@code If-Range} header field name. */
116  public static final String IF_RANGE = "If-Range";
117  /** The HTTP {@code If-Unmodified-Since} header field name. */
118  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
119  /** The HTTP {@code Last-Event-ID} header field name. */
120  public static final String LAST_EVENT_ID = "Last-Event-ID";
121  /** The HTTP {@code Max-Forwards} header field name. */
122  public static final String MAX_FORWARDS = "Max-Forwards";
123  /** The HTTP {@code Origin} header field name. */
124  public static final String ORIGIN = "Origin";
125  /** The HTTP {@code Proxy-Authorization} header field name. */
126  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
127  /** The HTTP {@code Range} header field name. */
128  public static final String RANGE = "Range";
129  /** The HTTP {@code Referer} header field name. */
130  public static final String REFERER = "Referer";
131  /**
132   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
133   * field name.
134   *
135   * @since 23.4
136   */
137  public static final String REFERRER_POLICY = "Referrer-Policy";
138
139  /**
140   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
141   * header.
142   *
143   * @since 23.4
144   */
145  public static final class ReferrerPolicyValues {
146    private ReferrerPolicyValues() {}
147
148    public static final String NO_REFERRER = "no-referrer";
149    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
150    public static final String SAME_ORIGIN = "same-origin";
151    public static final String ORIGIN = "origin";
152    public static final String STRICT_ORIGIN = "strict-origin";
153    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
154    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
155    public static final String UNSAFE_URL = "unsafe-url";
156  }
157
158  /**
159   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
160   * Service-Worker}</a> header field name.
161   */
162  public static final String SERVICE_WORKER = "Service-Worker";
163  /** The HTTP {@code TE} header field name. */
164  public static final String TE = "TE";
165  /** The HTTP {@code Upgrade} header field name. */
166  public static final String UPGRADE = "Upgrade";
167  /** The HTTP {@code User-Agent} header field name. */
168  public static final String USER_AGENT = "User-Agent";
169
170  // HTTP Response header fields
171
172  /** The HTTP {@code Accept-Ranges} header field name. */
173  public static final String ACCEPT_RANGES = "Accept-Ranges";
174  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
175  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
176  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
177  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
178  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
179  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
180  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
181  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
182  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
183  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
184  /** The HTTP {@code Access-Control-Max-Age} header field name. */
185  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
186  /** The HTTP {@code Age} header field name. */
187  public static final String AGE = "Age";
188  /** The HTTP {@code Allow} header field name. */
189  public static final String ALLOW = "Allow";
190  /** The HTTP {@code Content-Disposition} header field name. */
191  public static final String CONTENT_DISPOSITION = "Content-Disposition";
192  /** The HTTP {@code Content-Encoding} header field name. */
193  public static final String CONTENT_ENCODING = "Content-Encoding";
194  /** The HTTP {@code Content-Language} header field name. */
195  public static final String CONTENT_LANGUAGE = "Content-Language";
196  /** The HTTP {@code Content-Location} header field name. */
197  public static final String CONTENT_LOCATION = "Content-Location";
198  /** The HTTP {@code Content-MD5} header field name. */
199  public static final String CONTENT_MD5 = "Content-MD5";
200  /** The HTTP {@code Content-Range} header field name. */
201  public static final String CONTENT_RANGE = "Content-Range";
202  /**
203   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
204   * Content-Security-Policy}</a> header field name.
205   *
206   * @since 15.0
207   */
208  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
209  /**
210   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
211   * {@code Content-Security-Policy-Report-Only}</a> header field name.
212   *
213   * @since 15.0
214   */
215  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
216      "Content-Security-Policy-Report-Only";
217  /**
218   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
219   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
220   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
221   * to pass the CSP.
222   *
223   * @since 20.0
224   */
225  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
226  /**
227   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
228   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
229   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
230   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
231   *
232   * @since 20.0
233   */
234  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
235      "X-Content-Security-Policy-Report-Only";
236  /**
237   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
238   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
239   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
240   *
241   * @since 20.0
242   */
243  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
244  /**
245   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
246   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
247   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
248   *
249   * @since 20.0
250   */
251  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
252  /** The HTTP {@code ETag} header field name. */
253  public static final String ETAG = "ETag";
254  /** The HTTP {@code Expires} header field name. */
255  public static final String EXPIRES = "Expires";
256  /** The HTTP {@code Last-Modified} header field name. */
257  public static final String LAST_MODIFIED = "Last-Modified";
258  /** The HTTP {@code Link} header field name. */
259  public static final String LINK = "Link";
260  /** The HTTP {@code Location} header field name. */
261  public static final String LOCATION = "Location";
262  /**
263   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
264   * header field name.
265   *
266   * @since 27.1
267   */
268  public static final String ORIGIN_TRIAL = "Origin-Trial";
269  /** The HTTP {@code P3P} header field name. Limited browser support. */
270  public static final String P3P = "P3P";
271  /** The HTTP {@code Proxy-Authenticate} header field name. */
272  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
273  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
274  public static final String REFRESH = "Refresh";
275  /**
276   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
277   *
278   * @since 27.1
279   */
280  public static final String REPORT_TO = "Report-To";
281  /** The HTTP {@code Retry-After} header field name. */
282  public static final String RETRY_AFTER = "Retry-After";
283  /** The HTTP {@code Server} header field name. */
284  public static final String SERVER = "Server";
285  /**
286   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
287   * name.
288   *
289   * @since 23.6
290   */
291  public static final String SERVER_TIMING = "Server-Timing";
292  /**
293   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
294   * Service-Worker-Allowed}</a> header field name.
295   *
296   * @since 20.0
297   */
298  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
299  /** The HTTP {@code Set-Cookie} header field name. */
300  public static final String SET_COOKIE = "Set-Cookie";
301  /** The HTTP {@code Set-Cookie2} header field name. */
302  public static final String SET_COOKIE2 = "Set-Cookie2";
303
304  /**
305   * The HTTP <a href="http://goo.gl/Dxx19N">{@code SourceMap}</a> header field name.
306   *
307   * @since 27.1
308   */
309  @Beta public static final String SOURCE_MAP = "SourceMap";
310
311  /**
312   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
313   * Strict-Transport-Security}</a> header field name.
314   *
315   * @since 15.0
316   */
317  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
318  /**
319   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
320   * Timing-Allow-Origin}</a> header field name.
321   *
322   * @since 15.0
323   */
324  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
325  /** The HTTP {@code Trailer} header field name. */
326  public static final String TRAILER = "Trailer";
327  /** The HTTP {@code Transfer-Encoding} header field name. */
328  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
329  /** The HTTP {@code Vary} header field name. */
330  public static final String VARY = "Vary";
331  /** The HTTP {@code WWW-Authenticate} header field name. */
332  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
333
334  // Common, non-standard HTTP header fields
335
336  /** The HTTP {@code DNT} header field name. */
337  public static final String DNT = "DNT";
338  /** The HTTP {@code X-Content-Type-Options} header field name. */
339  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
340  /** The HTTP {@code X-Do-Not-Track} header field name. */
341  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
342  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
343  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
344  /** The HTTP {@code X-Forwarded-Proto} header field name. */
345  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
346  /**
347   * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name.
348   *
349   * @since 20.0
350   */
351  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
352  /**
353   * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name.
354   *
355   * @since 20.0
356   */
357  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
358  /** The HTTP {@code X-Frame-Options} header field name. */
359  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
360  /** The HTTP {@code X-Powered-By} header field name. */
361  public static final String X_POWERED_BY = "X-Powered-By";
362  /**
363   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
364   * Public-Key-Pins}</a> header field name.
365   *
366   * @since 15.0
367   */
368  @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
369  /**
370   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
371   * Public-Key-Pins-Report-Only}</a> header field name.
372   *
373   * @since 15.0
374   */
375  @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
376  /** The HTTP {@code X-Requested-With} header field name. */
377  public static final String X_REQUESTED_WITH = "X-Requested-With";
378  /** The HTTP {@code X-User-IP} header field name. */
379  public static final String X_USER_IP = "X-User-IP";
380  /**
381   * The HTTP <a href="https://goo.gl/VKpXxa">{@code X-Download-Options}</a> header field name.
382   *
383   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
384   * prevented from opening a file download directly; instead, they must first save the file
385   * locally.
386   *
387   * @since 24.1
388   */
389  @Beta public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
390  /** The HTTP {@code X-XSS-Protection} header field name. */
391  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
392  /**
393   * The HTTP <a
394   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
395   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
396   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
397   */
398  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
399  /**
400   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
401   * {@code Ping-From}</a> header field name.
402   *
403   * @since 19.0
404   */
405  public static final String PING_FROM = "Ping-From";
406  /**
407   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
408   * {@code Ping-To}</a> header field name.
409   *
410   * @since 19.0
411   */
412  public static final String PING_TO = "Ping-To";
413
414  /**
415   * The HTTP <a href="https://mikewest.github.io/sec-metadata/">{@code Sec-Fetch-Dest}</a> header
416   * field name.
417   *
418   * @since 27.1
419   */
420  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
421  /**
422   * The HTTP <a href="https://mikewest.github.io/sec-metadata/">{@code Sec-Fetch-Mode}</a> header
423   * field name.
424   *
425   * @since 27.1
426   */
427  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
428  /**
429   * The HTTP <a href="https://mikewest.github.io/sec-metadata/">{@code Sec-Fetch-Site}</a> header
430   * field name.
431   *
432   * @since 27.1
433   */
434  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
435  /**
436   * The HTTP <a href="https://mikewest.github.io/sec-metadata/">{@code Sec-Fetch-User}</a> header
437   * field name.
438   *
439   * @since 27.1
440   */
441  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
442  /**
443   * The HTTP <a href="https://mikewest.github.io/sec-metadata/">{@code Sec-Metadata}</a> header
444   * field name.
445   *
446   * @since 26.0
447   */
448  public static final String SEC_METADATA = "Sec-Metadata";
449  /**
450   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-https">{@code
451   * Sec-Token-Binding}</a> header field name.
452   *
453   * @since 25.1
454   */
455  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
456  /**
457   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
458   * Sec-Provided-Token-Binding-ID}</a> header field name.
459   *
460   * @since 25.1
461   */
462  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
463  /**
464   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
465   * Sec-Referred-Token-Binding-ID}</a> header field name.
466   *
467   * @since 25.1
468   */
469  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
470}