001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.Beta;
018import com.google.common.annotations.GwtCompatible;
019
020/**
021 * Contains constant definitions for the HTTP header field names. See:
022 *
023 * <ul>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
028 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
029 * </ul>
030 *
031 *
032 * @author Kurt Alfred Kluever
033 * @since 11.0
034 */
035@GwtCompatible
036public final class HttpHeaders {
037  private HttpHeaders() {}
038
039  // HTTP Request and Response header fields
040
041  /** The HTTP {@code Cache-Control} header field name. */
042  public static final String CACHE_CONTROL = "Cache-Control";
043  /** The HTTP {@code Content-Length} header field name. */
044  public static final String CONTENT_LENGTH = "Content-Length";
045  /** The HTTP {@code Content-Type} header field name. */
046  public static final String CONTENT_TYPE = "Content-Type";
047  /** The HTTP {@code Date} header field name. */
048  public static final String DATE = "Date";
049  /** The HTTP {@code Pragma} header field name. */
050  public static final String PRAGMA = "Pragma";
051  /** The HTTP {@code Via} header field name. */
052  public static final String VIA = "Via";
053  /** The HTTP {@code Warning} header field name. */
054  public static final String WARNING = "Warning";
055
056  // HTTP Request header fields
057
058  /** The HTTP {@code Accept} header field name. */
059  public static final String ACCEPT = "Accept";
060  /** The HTTP {@code Accept-Charset} header field name. */
061  public static final String ACCEPT_CHARSET = "Accept-Charset";
062  /** The HTTP {@code Accept-Encoding} header field name. */
063  public static final String ACCEPT_ENCODING = "Accept-Encoding";
064  /** The HTTP {@code Accept-Language} header field name. */
065  public static final String ACCEPT_LANGUAGE = "Accept-Language";
066  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
067  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
068  /** The HTTP {@code Access-Control-Request-Method} header field name. */
069  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
070  /** The HTTP {@code Authorization} header field name. */
071  public static final String AUTHORIZATION = "Authorization";
072  /** The HTTP {@code Connection} header field name. */
073  public static final String CONNECTION = "Connection";
074  /** The HTTP {@code Cookie} header field name. */
075  public static final String COOKIE = "Cookie";
076  /**
077   * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code
078   * Cross-Origin-Resource-Policy}</a> header field name.
079   *
080   * @since 28.0
081   */
082  public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy";
083  /**
084   * The HTTP <a href="https://tools.ietf.org/html/rfc8470">{@code Early-Data}</a> header field
085   * name.
086   *
087   * @since 27.0
088   */
089  public static final String EARLY_DATA = "Early-Data";
090  /** The HTTP {@code Expect} header field name. */
091  public static final String EXPECT = "Expect";
092  /** The HTTP {@code From} header field name. */
093  public static final String FROM = "From";
094  /**
095   * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name.
096   *
097   * @since 20.0
098   */
099  public static final String FORWARDED = "Forwarded";
100  /**
101   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
102   *
103   * @since 17.0
104   */
105  @Beta
106  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
107  /** The HTTP {@code Host} header field name. */
108  public static final String HOST = "Host";
109  /**
110   * The HTTP <a href="https://tools.ietf.org/html/rfc7540#section-3.2.1">{@code HTTP2-Settings}
111   * </a> header field name.
112   *
113   * @since 24.0
114   */
115  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
116  /** The HTTP {@code If-Match} header field name. */
117  public static final String IF_MATCH = "If-Match";
118  /** The HTTP {@code If-Modified-Since} header field name. */
119  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
120  /** The HTTP {@code If-None-Match} header field name. */
121  public static final String IF_NONE_MATCH = "If-None-Match";
122  /** The HTTP {@code If-Range} header field name. */
123  public static final String IF_RANGE = "If-Range";
124  /** The HTTP {@code If-Unmodified-Since} header field name. */
125  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
126  /** The HTTP {@code Last-Event-ID} header field name. */
127  public static final String LAST_EVENT_ID = "Last-Event-ID";
128  /** The HTTP {@code Max-Forwards} header field name. */
129  public static final String MAX_FORWARDS = "Max-Forwards";
130  /** The HTTP {@code Origin} header field name. */
131  public static final String ORIGIN = "Origin";
132  /**
133   * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header
134   * field name.
135   *
136   * @since 30.1
137   */
138  public static final String ORIGIN_ISOLATION = "Origin-Isolation";
139  /** The HTTP {@code Proxy-Authorization} header field name. */
140  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
141  /** The HTTP {@code Range} header field name. */
142  public static final String RANGE = "Range";
143  /** The HTTP {@code Referer} header field name. */
144  public static final String REFERER = "Referer";
145  /**
146   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
147   * field name.
148   *
149   * @since 23.4
150   */
151  public static final String REFERRER_POLICY = "Referrer-Policy";
152
153  /**
154   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
155   * header.
156   *
157   * @since 23.4
158   */
159  public static final class ReferrerPolicyValues {
160    private ReferrerPolicyValues() {}
161
162    public static final String NO_REFERRER = "no-referrer";
163    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
164    public static final String SAME_ORIGIN = "same-origin";
165    public static final String ORIGIN = "origin";
166    public static final String STRICT_ORIGIN = "strict-origin";
167    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
168    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
169    public static final String UNSAFE_URL = "unsafe-url";
170  }
171
172  /**
173   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
174   * Service-Worker}</a> header field name.
175   *
176   * @since 20.0
177   */
178  public static final String SERVICE_WORKER = "Service-Worker";
179  /** The HTTP {@code TE} header field name. */
180  public static final String TE = "TE";
181  /** The HTTP {@code Upgrade} header field name. */
182  public static final String UPGRADE = "Upgrade";
183  /**
184   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
185   * Upgrade-Insecure-Requests}</a> header field name.
186   *
187   * @since 28.1
188   */
189  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";
190
191  /** The HTTP {@code User-Agent} header field name. */
192  public static final String USER_AGENT = "User-Agent";
193
194  // HTTP Response header fields
195
196  /** The HTTP {@code Accept-Ranges} header field name. */
197  public static final String ACCEPT_RANGES = "Accept-Ranges";
198  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
199  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
200  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
201  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
202  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
203  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
204  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
205  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
206  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
207  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
208  /** The HTTP {@code Access-Control-Max-Age} header field name. */
209  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
210  /** The HTTP {@code Age} header field name. */
211  public static final String AGE = "Age";
212  /** The HTTP {@code Allow} header field name. */
213  public static final String ALLOW = "Allow";
214  /** The HTTP {@code Content-Disposition} header field name. */
215  public static final String CONTENT_DISPOSITION = "Content-Disposition";
216  /** The HTTP {@code Content-Encoding} header field name. */
217  public static final String CONTENT_ENCODING = "Content-Encoding";
218  /** The HTTP {@code Content-Language} header field name. */
219  public static final String CONTENT_LANGUAGE = "Content-Language";
220  /** The HTTP {@code Content-Location} header field name. */
221  public static final String CONTENT_LOCATION = "Content-Location";
222  /** The HTTP {@code Content-MD5} header field name. */
223  public static final String CONTENT_MD5 = "Content-MD5";
224  /** The HTTP {@code Content-Range} header field name. */
225  public static final String CONTENT_RANGE = "Content-Range";
226  /**
227   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
228   * Content-Security-Policy}</a> header field name.
229   *
230   * @since 15.0
231   */
232  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
233  /**
234   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
235   * {@code Content-Security-Policy-Report-Only}</a> header field name.
236   *
237   * @since 15.0
238   */
239  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
240      "Content-Security-Policy-Report-Only";
241  /**
242   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
243   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
244   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
245   * to pass the CSP.
246   *
247   * @since 20.0
248   */
249  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
250  /**
251   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
252   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
253   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
254   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
255   *
256   * @since 20.0
257   */
258  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
259      "X-Content-Security-Policy-Report-Only";
260  /**
261   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
262   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
263   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
264   *
265   * @since 20.0
266   */
267  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
268  /**
269   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
270   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
271   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
272   *
273   * @since 20.0
274   */
275  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
276  /**
277   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code
278   * Cross-Origin-Embedder-Policy}</a> header field name.
279   *
280   * @since 30.0
281   */
282  public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy";
283  /**
284   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
285   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
286   *
287   * @since 30.0
288   */
289  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
290      "Cross-Origin-Embedder-Policy-Report-Only";
291  /**
292   * The HTTP Cross-Origin-Opener-Policy header field name.
293   *
294   * @since 28.2
295   */
296  public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy";
297  /** The HTTP {@code ETag} header field name. */
298  public static final String ETAG = "ETag";
299  /** The HTTP {@code Expires} header field name. */
300  public static final String EXPIRES = "Expires";
301  /** The HTTP {@code Last-Modified} header field name. */
302  public static final String LAST_MODIFIED = "Last-Modified";
303  /** The HTTP {@code Link} header field name. */
304  public static final String LINK = "Link";
305  /** The HTTP {@code Location} header field name. */
306  public static final String LOCATION = "Location";
307  /**
308   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
309   * header field name.
310   *
311   * @since 27.1
312   */
313  public static final String ORIGIN_TRIAL = "Origin-Trial";
314  /** The HTTP {@code P3P} header field name. Limited browser support. */
315  public static final String P3P = "P3P";
316  /** The HTTP {@code Proxy-Authenticate} header field name. */
317  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
318  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
319  public static final String REFRESH = "Refresh";
320  /**
321   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
322   *
323   * @since 27.1
324   */
325  public static final String REPORT_TO = "Report-To";
326  /** The HTTP {@code Retry-After} header field name. */
327  public static final String RETRY_AFTER = "Retry-After";
328  /** The HTTP {@code Server} header field name. */
329  public static final String SERVER = "Server";
330  /**
331   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
332   * name.
333   *
334   * @since 23.6
335   */
336  public static final String SERVER_TIMING = "Server-Timing";
337  /**
338   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
339   * Service-Worker-Allowed}</a> header field name.
340   *
341   * @since 20.0
342   */
343  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
344  /** The HTTP {@code Set-Cookie} header field name. */
345  public static final String SET_COOKIE = "Set-Cookie";
346  /** The HTTP {@code Set-Cookie2} header field name. */
347  public static final String SET_COOKIE2 = "Set-Cookie2";
348
349  /**
350   * The HTTP <a href="http://goo.gl/Dxx19N">{@code SourceMap}</a> header field name.
351   *
352   * @since 27.1
353   */
354  @Beta public static final String SOURCE_MAP = "SourceMap";
355
356  /**
357   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
358   * Strict-Transport-Security}</a> header field name.
359   *
360   * @since 15.0
361   */
362  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
363  /**
364   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
365   * Timing-Allow-Origin}</a> header field name.
366   *
367   * @since 15.0
368   */
369  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
370  /** The HTTP {@code Trailer} header field name. */
371  public static final String TRAILER = "Trailer";
372  /** The HTTP {@code Transfer-Encoding} header field name. */
373  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
374  /** The HTTP {@code Vary} header field name. */
375  public static final String VARY = "Vary";
376  /** The HTTP {@code WWW-Authenticate} header field name. */
377  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
378
379  // Common, non-standard HTTP header fields
380
381  /** The HTTP {@code DNT} header field name. */
382  public static final String DNT = "DNT";
383  /** The HTTP {@code X-Content-Type-Options} header field name. */
384  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
385  /** The HTTP {@code X-Do-Not-Track} header field name. */
386  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
387  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
388  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
389  /** The HTTP {@code X-Forwarded-Proto} header field name. */
390  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
391  /**
392   * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name.
393   *
394   * @since 20.0
395   */
396  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
397  /**
398   * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name.
399   *
400   * @since 20.0
401   */
402  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
403  /** The HTTP {@code X-Frame-Options} header field name. */
404  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
405  /** The HTTP {@code X-Powered-By} header field name. */
406  public static final String X_POWERED_BY = "X-Powered-By";
407  /**
408   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
409   * Public-Key-Pins}</a> header field name.
410   *
411   * @since 15.0
412   */
413  @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
414  /**
415   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
416   * Public-Key-Pins-Report-Only}</a> header field name.
417   *
418   * @since 15.0
419   */
420  @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
421  /**
422   * The HTTP {@code X-Request-ID} header field name.
423   *
424   * @since 30.1
425   */
426  public static final String X_REQUEST_ID = "X-Request-ID";
427  /** The HTTP {@code X-Requested-With} header field name. */
428  public static final String X_REQUESTED_WITH = "X-Requested-With";
429  /** The HTTP {@code X-User-IP} header field name. */
430  public static final String X_USER_IP = "X-User-IP";
431  /**
432   * The HTTP <a href="https://goo.gl/VKpXxa">{@code X-Download-Options}</a> header field name.
433   *
434   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
435   * prevented from opening a file download directly; instead, they must first save the file
436   * locally.
437   *
438   * @since 24.1
439   */
440  @Beta public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
441  /** The HTTP {@code X-XSS-Protection} header field name. */
442  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
443  /**
444   * The HTTP <a
445   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
446   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
447   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
448   */
449  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
450  /**
451   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
452   * {@code Ping-From}</a> header field name.
453   *
454   * @since 19.0
455   */
456  public static final String PING_FROM = "Ping-From";
457  /**
458   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
459   * {@code Ping-To}</a> header field name.
460   *
461   * @since 19.0
462   */
463  public static final String PING_TO = "Ping-To";
464
465  /**
466   * The HTTP <a
467   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
468   * Purpose}</a> header field name.
469   *
470   * @since 28.0
471   */
472  public static final String PURPOSE = "Purpose";
473  /**
474   * The HTTP <a
475   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
476   * X-Purpose}</a> header field name.
477   *
478   * @since 28.0
479   */
480  public static final String X_PURPOSE = "X-Purpose";
481  /**
482   * The HTTP <a
483   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
484   * X-Moz}</a> header field name.
485   *
486   * @since 28.0
487   */
488  public static final String X_MOZ = "X-Moz";
489
490  /**
491   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a>
492   * header field name.
493   *
494   * @since 30.0
495   */
496  public static final String SEC_CH_UA = "Sec-CH-UA";
497  /**
498   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-arch">{@code
499   * Sec-CH-UA-Arch}</a> header field name.
500   *
501   * @since 30.0
502   */
503  public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch";
504  /**
505   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-model">{@code
506   * Sec-CH-UA-Model}</a> header field name.
507   *
508   * @since 30.0
509   */
510  public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model";
511  /**
512   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-platform">{@code
513   * Sec-CH-UA-Platform}</a> header field name.
514   *
515   * @since 30.0
516   */
517  public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform";
518  /**
519   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-platform-version">{@code
520   * Sec-CH-UA-Platform-Version}</a> header field name.
521   *
522   * @since 30.0
523   */
524  public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version";
525  /**
526   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-full-version">{@code
527   * Sec-CH-UA-Full-Version}</a> header field name.
528   *
529   * @since 30.0
530   */
531  public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version";
532  /**
533   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-mobile">{@code
534   * Sec-CH-UA-Mobile}</a> header field name.
535   *
536   * @since 30.0
537   */
538  public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile";
539
540  /**
541   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a>
542   * header field name.
543   *
544   * @since 27.1
545   */
546  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
547  /**
548   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a>
549   * header field name.
550   *
551   * @since 27.1
552   */
553  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
554  /**
555   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a>
556   * header field name.
557   *
558   * @since 27.1
559   */
560  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
561  /**
562   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a>
563   * header field name.
564   *
565   * @since 27.1
566   */
567  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
568  /**
569   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a>
570   * header field name.
571   *
572   * @since 26.0
573   */
574  public static final String SEC_METADATA = "Sec-Metadata";
575  /**
576   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-https">{@code
577   * Sec-Token-Binding}</a> header field name.
578   *
579   * @since 25.1
580   */
581  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
582  /**
583   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
584   * Sec-Provided-Token-Binding-ID}</a> header field name.
585   *
586   * @since 25.1
587   */
588  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
589  /**
590   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
591   * Sec-Referred-Token-Binding-ID}</a> header field name.
592   *
593   * @since 25.1
594   */
595  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
596  /**
597   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Accept}</a> header
598   * field name.
599   *
600   * @since 28.0
601   */
602  public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept";
603  /**
604   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Extensions}</a>
605   * header field name.
606   *
607   * @since 28.0
608   */
609  public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions";
610  /**
611   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Key}</a> header
612   * field name.
613   *
614   * @since 28.0
615   */
616  public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
617  /**
618   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Protocol}</a>
619   * header field name.
620   *
621   * @since 28.0
622   */
623  public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
624  /**
625   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Version}</a> header
626   * field name.
627   *
628   * @since 28.0
629   */
630  public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version";
631  /**
632   * The HTTP <a href="https://tools.ietf.org/html/rfc8586">{@code CDN-Loop}</a> header field name.
633   *
634   * @since 28.0
635   */
636  public static final String CDN_LOOP = "CDN-Loop";
637}