001/* 002 * Copyright (C) 2011 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import com.google.common.annotations.Beta; 018import com.google.common.annotations.GwtCompatible; 019 020/** 021 * Contains constant definitions for the HTTP header field names. See: 022 * 023 * <ul> 024 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> 025 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a> 026 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> 027 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> 028 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a> 029 * </ul> 030 * 031 * 032 * @author Kurt Alfred Kluever 033 * @since 11.0 034 */ 035@GwtCompatible 036public final class HttpHeaders { 037 private HttpHeaders() {} 038 039 // HTTP Request and Response header fields 040 041 /** The HTTP {@code Cache-Control} header field name. */ 042 public static final String CACHE_CONTROL = "Cache-Control"; 043 /** The HTTP {@code Content-Length} header field name. */ 044 public static final String CONTENT_LENGTH = "Content-Length"; 045 /** The HTTP {@code Content-Type} header field name. */ 046 public static final String CONTENT_TYPE = "Content-Type"; 047 /** The HTTP {@code Date} header field name. */ 048 public static final String DATE = "Date"; 049 /** The HTTP {@code Pragma} header field name. */ 050 public static final String PRAGMA = "Pragma"; 051 /** The HTTP {@code Via} header field name. */ 052 public static final String VIA = "Via"; 053 /** The HTTP {@code Warning} header field name. */ 054 public static final String WARNING = "Warning"; 055 056 // HTTP Request header fields 057 058 /** The HTTP {@code Accept} header field name. */ 059 public static final String ACCEPT = "Accept"; 060 /** The HTTP {@code Accept-Charset} header field name. */ 061 public static final String ACCEPT_CHARSET = "Accept-Charset"; 062 /** The HTTP {@code Accept-Encoding} header field name. */ 063 public static final String ACCEPT_ENCODING = "Accept-Encoding"; 064 /** The HTTP {@code Accept-Language} header field name. */ 065 public static final String ACCEPT_LANGUAGE = "Accept-Language"; 066 /** The HTTP {@code Access-Control-Request-Headers} header field name. */ 067 public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; 068 /** The HTTP {@code Access-Control-Request-Method} header field name. */ 069 public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; 070 /** The HTTP {@code Authorization} header field name. */ 071 public static final String AUTHORIZATION = "Authorization"; 072 /** The HTTP {@code Connection} header field name. */ 073 public static final String CONNECTION = "Connection"; 074 /** The HTTP {@code Cookie} header field name. */ 075 public static final String COOKIE = "Cookie"; 076 /** 077 * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code 078 * Cross-Origin-Resource-Policy}</a> header field name. 079 * 080 * @since 28.0 081 */ 082 public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy"; 083 /** 084 * The HTTP <a href="https://tools.ietf.org/html/rfc8470">{@code Early-Data}</a> header field 085 * name. 086 * 087 * @since 27.0 088 */ 089 public static final String EARLY_DATA = "Early-Data"; 090 /** The HTTP {@code Expect} header field name. */ 091 public static final String EXPECT = "Expect"; 092 /** The HTTP {@code From} header field name. */ 093 public static final String FROM = "From"; 094 /** 095 * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name. 096 * 097 * @since 20.0 098 */ 099 public static final String FORWARDED = "Forwarded"; 100 /** 101 * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name. 102 * 103 * @since 17.0 104 */ 105 @Beta 106 public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown"; 107 /** The HTTP {@code Host} header field name. */ 108 public static final String HOST = "Host"; 109 /** 110 * The HTTP <a href="https://tools.ietf.org/html/rfc7540#section-3.2.1">{@code HTTP2-Settings} 111 * </a> header field name. 112 * 113 * @since 24.0 114 */ 115 public static final String HTTP2_SETTINGS = "HTTP2-Settings"; 116 /** The HTTP {@code If-Match} header field name. */ 117 public static final String IF_MATCH = "If-Match"; 118 /** The HTTP {@code If-Modified-Since} header field name. */ 119 public static final String IF_MODIFIED_SINCE = "If-Modified-Since"; 120 /** The HTTP {@code If-None-Match} header field name. */ 121 public static final String IF_NONE_MATCH = "If-None-Match"; 122 /** The HTTP {@code If-Range} header field name. */ 123 public static final String IF_RANGE = "If-Range"; 124 /** The HTTP {@code If-Unmodified-Since} header field name. */ 125 public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since"; 126 /** The HTTP {@code Last-Event-ID} header field name. */ 127 public static final String LAST_EVENT_ID = "Last-Event-ID"; 128 /** The HTTP {@code Max-Forwards} header field name. */ 129 public static final String MAX_FORWARDS = "Max-Forwards"; 130 /** The HTTP {@code Origin} header field name. */ 131 public static final String ORIGIN = "Origin"; 132 /** The HTTP {@code Proxy-Authorization} header field name. */ 133 public static final String PROXY_AUTHORIZATION = "Proxy-Authorization"; 134 /** The HTTP {@code Range} header field name. */ 135 public static final String RANGE = "Range"; 136 /** The HTTP {@code Referer} header field name. */ 137 public static final String REFERER = "Referer"; 138 /** 139 * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header 140 * field name. 141 * 142 * @since 23.4 143 */ 144 public static final String REFERRER_POLICY = "Referrer-Policy"; 145 146 /** 147 * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> 148 * header. 149 * 150 * @since 23.4 151 */ 152 public static final class ReferrerPolicyValues { 153 private ReferrerPolicyValues() {} 154 155 public static final String NO_REFERRER = "no-referrer"; 156 public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade"; 157 public static final String SAME_ORIGIN = "same-origin"; 158 public static final String ORIGIN = "origin"; 159 public static final String STRICT_ORIGIN = "strict-origin"; 160 public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin"; 161 public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin"; 162 public static final String UNSAFE_URL = "unsafe-url"; 163 } 164 165 /** 166 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 167 * Service-Worker}</a> header field name. 168 */ 169 public static final String SERVICE_WORKER = "Service-Worker"; 170 /** The HTTP {@code TE} header field name. */ 171 public static final String TE = "TE"; 172 /** The HTTP {@code Upgrade} header field name. */ 173 public static final String UPGRADE = "Upgrade"; 174 /** 175 * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code 176 * Upgrade-Insecure-Requests}</a> header field name. 177 * 178 * @since 28.1 179 */ 180 public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests"; 181 182 /** The HTTP {@code User-Agent} header field name. */ 183 public static final String USER_AGENT = "User-Agent"; 184 185 // HTTP Response header fields 186 187 /** The HTTP {@code Accept-Ranges} header field name. */ 188 public static final String ACCEPT_RANGES = "Accept-Ranges"; 189 /** The HTTP {@code Access-Control-Allow-Headers} header field name. */ 190 public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; 191 /** The HTTP {@code Access-Control-Allow-Methods} header field name. */ 192 public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; 193 /** The HTTP {@code Access-Control-Allow-Origin} header field name. */ 194 public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; 195 /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */ 196 public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; 197 /** The HTTP {@code Access-Control-Expose-Headers} header field name. */ 198 public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; 199 /** The HTTP {@code Access-Control-Max-Age} header field name. */ 200 public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; 201 /** The HTTP {@code Age} header field name. */ 202 public static final String AGE = "Age"; 203 /** The HTTP {@code Allow} header field name. */ 204 public static final String ALLOW = "Allow"; 205 /** The HTTP {@code Content-Disposition} header field name. */ 206 public static final String CONTENT_DISPOSITION = "Content-Disposition"; 207 /** The HTTP {@code Content-Encoding} header field name. */ 208 public static final String CONTENT_ENCODING = "Content-Encoding"; 209 /** The HTTP {@code Content-Language} header field name. */ 210 public static final String CONTENT_LANGUAGE = "Content-Language"; 211 /** The HTTP {@code Content-Location} header field name. */ 212 public static final String CONTENT_LOCATION = "Content-Location"; 213 /** The HTTP {@code Content-MD5} header field name. */ 214 public static final String CONTENT_MD5 = "Content-MD5"; 215 /** The HTTP {@code Content-Range} header field name. */ 216 public static final String CONTENT_RANGE = "Content-Range"; 217 /** 218 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code 219 * Content-Security-Policy}</a> header field name. 220 * 221 * @since 15.0 222 */ 223 public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; 224 /** 225 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field"> 226 * {@code Content-Security-Policy-Report-Only}</a> header field name. 227 * 228 * @since 15.0 229 */ 230 public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY = 231 "Content-Security-Policy-Report-Only"; 232 /** 233 * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in 234 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until 235 * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY} 236 * to pass the CSP. 237 * 238 * @since 20.0 239 */ 240 public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy"; 241 /** 242 * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was 243 * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the 244 * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link 245 * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 246 * 247 * @since 20.0 248 */ 249 public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY = 250 "X-Content-Security-Policy-Report-Only"; 251 /** 252 * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a 253 * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 254 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 255 * 256 * @since 20.0 257 */ 258 public static final String X_WEBKIT_CSP = "X-WebKit-CSP"; 259 /** 260 * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in 261 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 262 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 263 * 264 * @since 20.0 265 */ 266 public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only"; 267 /** The HTTP {@code ETag} header field name. */ 268 public static final String ETAG = "ETag"; 269 /** The HTTP {@code Expires} header field name. */ 270 public static final String EXPIRES = "Expires"; 271 /** The HTTP {@code Last-Modified} header field name. */ 272 public static final String LAST_MODIFIED = "Last-Modified"; 273 /** The HTTP {@code Link} header field name. */ 274 public static final String LINK = "Link"; 275 /** The HTTP {@code Location} header field name. */ 276 public static final String LOCATION = "Location"; 277 /** 278 * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a> 279 * header field name. 280 * 281 * @since 27.1 282 */ 283 public static final String ORIGIN_TRIAL = "Origin-Trial"; 284 /** The HTTP {@code P3P} header field name. Limited browser support. */ 285 public static final String P3P = "P3P"; 286 /** The HTTP {@code Proxy-Authenticate} header field name. */ 287 public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate"; 288 /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */ 289 public static final String REFRESH = "Refresh"; 290 /** 291 * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name. 292 * 293 * @since 27.1 294 */ 295 public static final String REPORT_TO = "Report-To"; 296 /** The HTTP {@code Retry-After} header field name. */ 297 public static final String RETRY_AFTER = "Retry-After"; 298 /** The HTTP {@code Server} header field name. */ 299 public static final String SERVER = "Server"; 300 /** 301 * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field 302 * name. 303 * 304 * @since 23.6 305 */ 306 public static final String SERVER_TIMING = "Server-Timing"; 307 /** 308 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 309 * Service-Worker-Allowed}</a> header field name. 310 * 311 * @since 20.0 312 */ 313 public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed"; 314 /** The HTTP {@code Set-Cookie} header field name. */ 315 public static final String SET_COOKIE = "Set-Cookie"; 316 /** The HTTP {@code Set-Cookie2} header field name. */ 317 public static final String SET_COOKIE2 = "Set-Cookie2"; 318 319 /** 320 * The HTTP <a href="http://goo.gl/Dxx19N">{@code SourceMap}</a> header field name. 321 * 322 * @since 27.1 323 */ 324 @Beta public static final String SOURCE_MAP = "SourceMap"; 325 326 /** 327 * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code 328 * Strict-Transport-Security}</a> header field name. 329 * 330 * @since 15.0 331 */ 332 public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security"; 333 /** 334 * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code 335 * Timing-Allow-Origin}</a> header field name. 336 * 337 * @since 15.0 338 */ 339 public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin"; 340 /** The HTTP {@code Trailer} header field name. */ 341 public static final String TRAILER = "Trailer"; 342 /** The HTTP {@code Transfer-Encoding} header field name. */ 343 public static final String TRANSFER_ENCODING = "Transfer-Encoding"; 344 /** The HTTP {@code Vary} header field name. */ 345 public static final String VARY = "Vary"; 346 /** The HTTP {@code WWW-Authenticate} header field name. */ 347 public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; 348 349 // Common, non-standard HTTP header fields 350 351 /** The HTTP {@code DNT} header field name. */ 352 public static final String DNT = "DNT"; 353 /** The HTTP {@code X-Content-Type-Options} header field name. */ 354 public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options"; 355 /** The HTTP {@code X-Do-Not-Track} header field name. */ 356 public static final String X_DO_NOT_TRACK = "X-Do-Not-Track"; 357 /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */ 358 public static final String X_FORWARDED_FOR = "X-Forwarded-For"; 359 /** The HTTP {@code X-Forwarded-Proto} header field name. */ 360 public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; 361 /** 362 * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name. 363 * 364 * @since 20.0 365 */ 366 public static final String X_FORWARDED_HOST = "X-Forwarded-Host"; 367 /** 368 * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name. 369 * 370 * @since 20.0 371 */ 372 public static final String X_FORWARDED_PORT = "X-Forwarded-Port"; 373 /** The HTTP {@code X-Frame-Options} header field name. */ 374 public static final String X_FRAME_OPTIONS = "X-Frame-Options"; 375 /** The HTTP {@code X-Powered-By} header field name. */ 376 public static final String X_POWERED_BY = "X-Powered-By"; 377 /** 378 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 379 * Public-Key-Pins}</a> header field name. 380 * 381 * @since 15.0 382 */ 383 @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins"; 384 /** 385 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 386 * Public-Key-Pins-Report-Only}</a> header field name. 387 * 388 * @since 15.0 389 */ 390 @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only"; 391 /** The HTTP {@code X-Requested-With} header field name. */ 392 public static final String X_REQUESTED_WITH = "X-Requested-With"; 393 /** The HTTP {@code X-User-IP} header field name. */ 394 public static final String X_USER_IP = "X-User-IP"; 395 /** 396 * The HTTP <a href="https://goo.gl/VKpXxa">{@code X-Download-Options}</a> header field name. 397 * 398 * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is 399 * prevented from opening a file download directly; instead, they must first save the file 400 * locally. 401 * 402 * @since 24.1 403 */ 404 @Beta public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options"; 405 /** The HTTP {@code X-XSS-Protection} header field name. */ 406 public static final String X_XSS_PROTECTION = "X-XSS-Protection"; 407 /** 408 * The HTTP <a 409 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code 410 * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off". 411 * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages. 412 */ 413 public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control"; 414 /** 415 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 416 * {@code Ping-From}</a> header field name. 417 * 418 * @since 19.0 419 */ 420 public static final String PING_FROM = "Ping-From"; 421 /** 422 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 423 * {@code Ping-To}</a> header field name. 424 * 425 * @since 19.0 426 */ 427 public static final String PING_TO = "Ping-To"; 428 429 /** 430 * The HTTP <a 431 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 432 * Purpose}</a> header field name. 433 * 434 * @since 28.0 435 */ 436 public static final String PURPOSE = "Purpose"; 437 /** 438 * The HTTP <a 439 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 440 * X-Purpose}</a> header field name. 441 * 442 * @since 28.0 443 */ 444 public static final String X_PURPOSE = "X-Purpose"; 445 /** 446 * The HTTP <a 447 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 448 * X-Moz}</a> header field name. 449 * 450 * @since 28.0 451 */ 452 public static final String X_MOZ = "X-Moz"; 453 454 /** 455 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a> 456 * header field name. 457 * 458 * @since 27.1 459 */ 460 public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest"; 461 /** 462 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a> 463 * header field name. 464 * 465 * @since 27.1 466 */ 467 public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode"; 468 /** 469 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a> 470 * header field name. 471 * 472 * @since 27.1 473 */ 474 public static final String SEC_FETCH_SITE = "Sec-Fetch-Site"; 475 /** 476 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a> 477 * header field name. 478 * 479 * @since 27.1 480 */ 481 public static final String SEC_FETCH_USER = "Sec-Fetch-User"; 482 /** 483 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a> 484 * header field name. 485 * 486 * @since 26.0 487 */ 488 public static final String SEC_METADATA = "Sec-Metadata"; 489 /** 490 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-https">{@code 491 * Sec-Token-Binding}</a> header field name. 492 * 493 * @since 25.1 494 */ 495 public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding"; 496 /** 497 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code 498 * Sec-Provided-Token-Binding-ID}</a> header field name. 499 * 500 * @since 25.1 501 */ 502 public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID"; 503 /** 504 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code 505 * Sec-Referred-Token-Binding-ID}</a> header field name. 506 * 507 * @since 25.1 508 */ 509 public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID"; 510 /** 511 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Accept}</a> header 512 * field name. 513 * 514 * @since 28.0 515 */ 516 public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept"; 517 /** 518 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Extensions}</a> 519 * header field name. 520 * 521 * @since 28.0 522 */ 523 public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions"; 524 /** 525 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Key}</a> header 526 * field name. 527 * 528 * @since 28.0 529 */ 530 public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key"; 531 /** 532 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Protocol}</a> 533 * header field name. 534 * 535 * @since 28.0 536 */ 537 public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol"; 538 /** 539 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Version}</a> header 540 * field name. 541 * 542 * @since 28.0 543 */ 544 public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version"; 545 /** 546 * The HTTP <a href="https://tools.ietf.org/html/rfc8586">{@code CDN-Loop}</a> header field name. 547 * 548 * @since 28.0 549 */ 550 public static final String CDN_LOOP = "CDN-Loop"; 551}