001/* 002 * Copyright (C) 2011 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import com.google.common.annotations.GwtCompatible; 018 019/** 020 * Contains constant definitions for the HTTP header field names. See: 021 * 022 * <ul> 023 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> 024 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a> 025 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> 026 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> 027 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a> 028 * </ul> 029 * 030 * @author Kurt Alfred Kluever 031 * @since 11.0 032 */ 033@GwtCompatible 034@ElementTypesAreNonnullByDefault 035public final class HttpHeaders { 036 private HttpHeaders() {} 037 038 // HTTP Request and Response header fields 039 040 /** The HTTP {@code Cache-Control} header field name. */ 041 public static final String CACHE_CONTROL = "Cache-Control"; 042 /** The HTTP {@code Content-Length} header field name. */ 043 public static final String CONTENT_LENGTH = "Content-Length"; 044 /** The HTTP {@code Content-Type} header field name. */ 045 public static final String CONTENT_TYPE = "Content-Type"; 046 /** The HTTP {@code Date} header field name. */ 047 public static final String DATE = "Date"; 048 /** The HTTP {@code Pragma} header field name. */ 049 public static final String PRAGMA = "Pragma"; 050 /** The HTTP {@code Via} header field name. */ 051 public static final String VIA = "Via"; 052 /** The HTTP {@code Warning} header field name. */ 053 public static final String WARNING = "Warning"; 054 055 // HTTP Request header fields 056 057 /** The HTTP {@code Accept} header field name. */ 058 public static final String ACCEPT = "Accept"; 059 /** The HTTP {@code Accept-Charset} header field name. */ 060 public static final String ACCEPT_CHARSET = "Accept-Charset"; 061 /** The HTTP {@code Accept-Encoding} header field name. */ 062 public static final String ACCEPT_ENCODING = "Accept-Encoding"; 063 /** The HTTP {@code Accept-Language} header field name. */ 064 public static final String ACCEPT_LANGUAGE = "Accept-Language"; 065 /** The HTTP {@code Access-Control-Request-Headers} header field name. */ 066 public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; 067 /** The HTTP {@code Access-Control-Request-Method} header field name. */ 068 public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; 069 /** The HTTP {@code Authorization} header field name. */ 070 public static final String AUTHORIZATION = "Authorization"; 071 /** The HTTP {@code Connection} header field name. */ 072 public static final String CONNECTION = "Connection"; 073 /** The HTTP {@code Cookie} header field name. */ 074 public static final String COOKIE = "Cookie"; 075 /** 076 * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code 077 * Cross-Origin-Resource-Policy}</a> header field name. 078 * 079 * @since 28.0 080 */ 081 public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy"; 082 /** 083 * The HTTP <a href="https://tools.ietf.org/html/rfc8470">{@code Early-Data}</a> header field 084 * name. 085 * 086 * @since 27.0 087 */ 088 public static final String EARLY_DATA = "Early-Data"; 089 /** The HTTP {@code Expect} header field name. */ 090 public static final String EXPECT = "Expect"; 091 /** The HTTP {@code From} header field name. */ 092 public static final String FROM = "From"; 093 /** 094 * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name. 095 * 096 * @since 20.0 097 */ 098 public static final String FORWARDED = "Forwarded"; 099 /** 100 * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name. 101 * 102 * @since 17.0 103 */ 104 public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown"; 105 /** The HTTP {@code Host} header field name. */ 106 public static final String HOST = "Host"; 107 /** 108 * The HTTP <a href="https://tools.ietf.org/html/rfc7540#section-3.2.1">{@code HTTP2-Settings} 109 * </a> header field name. 110 * 111 * @since 24.0 112 */ 113 public static final String HTTP2_SETTINGS = "HTTP2-Settings"; 114 /** The HTTP {@code If-Match} header field name. */ 115 public static final String IF_MATCH = "If-Match"; 116 /** The HTTP {@code If-Modified-Since} header field name. */ 117 public static final String IF_MODIFIED_SINCE = "If-Modified-Since"; 118 /** The HTTP {@code If-None-Match} header field name. */ 119 public static final String IF_NONE_MATCH = "If-None-Match"; 120 /** The HTTP {@code If-Range} header field name. */ 121 public static final String IF_RANGE = "If-Range"; 122 /** The HTTP {@code If-Unmodified-Since} header field name. */ 123 public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since"; 124 /** The HTTP {@code Last-Event-ID} header field name. */ 125 public static final String LAST_EVENT_ID = "Last-Event-ID"; 126 /** The HTTP {@code Max-Forwards} header field name. */ 127 public static final String MAX_FORWARDS = "Max-Forwards"; 128 /** The HTTP {@code Origin} header field name. */ 129 public static final String ORIGIN = "Origin"; 130 /** 131 * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header 132 * field name. 133 * 134 * @since 30.1 135 */ 136 public static final String ORIGIN_ISOLATION = "Origin-Isolation"; 137 /** The HTTP {@code Proxy-Authorization} header field name. */ 138 public static final String PROXY_AUTHORIZATION = "Proxy-Authorization"; 139 /** The HTTP {@code Range} header field name. */ 140 public static final String RANGE = "Range"; 141 /** The HTTP {@code Referer} header field name. */ 142 public static final String REFERER = "Referer"; 143 /** 144 * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header 145 * field name. 146 * 147 * @since 23.4 148 */ 149 public static final String REFERRER_POLICY = "Referrer-Policy"; 150 151 /** 152 * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> 153 * header. 154 * 155 * @since 23.4 156 */ 157 public static final class ReferrerPolicyValues { 158 private ReferrerPolicyValues() {} 159 160 public static final String NO_REFERRER = "no-referrer"; 161 public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade"; 162 public static final String SAME_ORIGIN = "same-origin"; 163 public static final String ORIGIN = "origin"; 164 public static final String STRICT_ORIGIN = "strict-origin"; 165 public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin"; 166 public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin"; 167 public static final String UNSAFE_URL = "unsafe-url"; 168 } 169 170 /** 171 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 172 * Service-Worker}</a> header field name. 173 * 174 * @since 20.0 175 */ 176 public static final String SERVICE_WORKER = "Service-Worker"; 177 /** The HTTP {@code TE} header field name. */ 178 public static final String TE = "TE"; 179 /** The HTTP {@code Upgrade} header field name. */ 180 public static final String UPGRADE = "Upgrade"; 181 /** 182 * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code 183 * Upgrade-Insecure-Requests}</a> header field name. 184 * 185 * @since 28.1 186 */ 187 public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests"; 188 189 /** The HTTP {@code User-Agent} header field name. */ 190 public static final String USER_AGENT = "User-Agent"; 191 192 // HTTP Response header fields 193 194 /** The HTTP {@code Accept-Ranges} header field name. */ 195 public static final String ACCEPT_RANGES = "Accept-Ranges"; 196 /** The HTTP {@code Access-Control-Allow-Headers} header field name. */ 197 public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; 198 /** The HTTP {@code Access-Control-Allow-Methods} header field name. */ 199 public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; 200 /** The HTTP {@code Access-Control-Allow-Origin} header field name. */ 201 public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; 202 /** 203 * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code 204 * Access-Control-Allow-Private-Network}</a> header field name. 205 * 206 * @since 31.1 207 */ 208 public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK = 209 "Access-Control-Allow-Private-Network"; 210 /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */ 211 public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; 212 /** The HTTP {@code Access-Control-Expose-Headers} header field name. */ 213 public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; 214 /** The HTTP {@code Access-Control-Max-Age} header field name. */ 215 public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; 216 /** The HTTP {@code Age} header field name. */ 217 public static final String AGE = "Age"; 218 /** The HTTP {@code Allow} header field name. */ 219 public static final String ALLOW = "Allow"; 220 /** The HTTP {@code Content-Disposition} header field name. */ 221 public static final String CONTENT_DISPOSITION = "Content-Disposition"; 222 /** The HTTP {@code Content-Encoding} header field name. */ 223 public static final String CONTENT_ENCODING = "Content-Encoding"; 224 /** The HTTP {@code Content-Language} header field name. */ 225 public static final String CONTENT_LANGUAGE = "Content-Language"; 226 /** The HTTP {@code Content-Location} header field name. */ 227 public static final String CONTENT_LOCATION = "Content-Location"; 228 /** The HTTP {@code Content-MD5} header field name. */ 229 public static final String CONTENT_MD5 = "Content-MD5"; 230 /** The HTTP {@code Content-Range} header field name. */ 231 public static final String CONTENT_RANGE = "Content-Range"; 232 /** 233 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code 234 * Content-Security-Policy}</a> header field name. 235 * 236 * @since 15.0 237 */ 238 public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; 239 /** 240 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field"> 241 * {@code Content-Security-Policy-Report-Only}</a> header field name. 242 * 243 * @since 15.0 244 */ 245 public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY = 246 "Content-Security-Policy-Report-Only"; 247 /** 248 * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in 249 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until 250 * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY} 251 * to pass the CSP. 252 * 253 * @since 20.0 254 */ 255 public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy"; 256 /** 257 * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was 258 * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the 259 * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link 260 * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 261 * 262 * @since 20.0 263 */ 264 public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY = 265 "X-Content-Security-Policy-Report-Only"; 266 /** 267 * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a 268 * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 269 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 270 * 271 * @since 20.0 272 */ 273 public static final String X_WEBKIT_CSP = "X-WebKit-CSP"; 274 /** 275 * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in 276 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 277 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 278 * 279 * @since 20.0 280 */ 281 public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only"; 282 /** 283 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code 284 * Cross-Origin-Embedder-Policy}</a> header field name. 285 * 286 * @since 30.0 287 */ 288 public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy"; 289 /** 290 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code 291 * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name. 292 * 293 * @since 30.0 294 */ 295 public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY = 296 "Cross-Origin-Embedder-Policy-Report-Only"; 297 /** 298 * The HTTP Cross-Origin-Opener-Policy header field name. 299 * 300 * @since 28.2 301 */ 302 public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy"; 303 /** The HTTP {@code ETag} header field name. */ 304 public static final String ETAG = "ETag"; 305 /** The HTTP {@code Expires} header field name. */ 306 public static final String EXPIRES = "Expires"; 307 /** The HTTP {@code Last-Modified} header field name. */ 308 public static final String LAST_MODIFIED = "Last-Modified"; 309 /** The HTTP {@code Link} header field name. */ 310 public static final String LINK = "Link"; 311 /** The HTTP {@code Location} header field name. */ 312 public static final String LOCATION = "Location"; 313 /** 314 * The HTTP {@code Keep-Alive} header field name. 315 * 316 * @since 31.0 317 */ 318 public static final String KEEP_ALIVE = "Keep-Alive"; 319 /** 320 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code 321 * No-Vary-Seearch}</a> header field name. 322 * 323 * @since 32.0.0 324 */ 325 public static final String NO_VARY_SEARCH = "No-Vary-Search"; 326 /** 327 * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a> 328 * header field name. 329 * 330 * @since 27.1 331 */ 332 public static final String ORIGIN_TRIAL = "Origin-Trial"; 333 /** The HTTP {@code P3P} header field name. Limited browser support. */ 334 public static final String P3P = "P3P"; 335 /** The HTTP {@code Proxy-Authenticate} header field name. */ 336 public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate"; 337 /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */ 338 public static final String REFRESH = "Refresh"; 339 /** 340 * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name. 341 * 342 * @since 27.1 343 */ 344 public static final String REPORT_TO = "Report-To"; 345 /** The HTTP {@code Retry-After} header field name. */ 346 public static final String RETRY_AFTER = "Retry-After"; 347 /** The HTTP {@code Server} header field name. */ 348 public static final String SERVER = "Server"; 349 /** 350 * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field 351 * name. 352 * 353 * @since 23.6 354 */ 355 public static final String SERVER_TIMING = "Server-Timing"; 356 /** 357 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 358 * Service-Worker-Allowed}</a> header field name. 359 * 360 * @since 20.0 361 */ 362 public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed"; 363 /** The HTTP {@code Set-Cookie} header field name. */ 364 public static final String SET_COOKIE = "Set-Cookie"; 365 /** The HTTP {@code Set-Cookie2} header field name. */ 366 public static final String SET_COOKIE2 = "Set-Cookie2"; 367 368 /** 369 * The HTTP <a href="http://goo.gl/Dxx19N">{@code SourceMap}</a> header field name. 370 * 371 * @since 27.1 372 */ 373 public static final String SOURCE_MAP = "SourceMap"; 374 375 /** 376 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code 377 * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a 378 * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced 379 * frames</a>. 380 * 381 * @since 32.0.0 382 */ 383 public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode"; 384 385 /** 386 * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code 387 * Strict-Transport-Security}</a> header field name. 388 * 389 * @since 15.0 390 */ 391 public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security"; 392 /** 393 * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code 394 * Timing-Allow-Origin}</a> header field name. 395 * 396 * @since 15.0 397 */ 398 public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin"; 399 /** The HTTP {@code Trailer} header field name. */ 400 public static final String TRAILER = "Trailer"; 401 /** The HTTP {@code Transfer-Encoding} header field name. */ 402 public static final String TRANSFER_ENCODING = "Transfer-Encoding"; 403 /** The HTTP {@code Vary} header field name. */ 404 public static final String VARY = "Vary"; 405 /** The HTTP {@code WWW-Authenticate} header field name. */ 406 public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; 407 408 // Common, non-standard HTTP header fields 409 410 /** The HTTP {@code DNT} header field name. */ 411 public static final String DNT = "DNT"; 412 /** The HTTP {@code X-Content-Type-Options} header field name. */ 413 public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options"; 414 /** 415 * The HTTP <a 416 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 417 * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of 418 * the device on whose behalf the request is being made. 419 * 420 * @since 31.0 421 */ 422 public static final String X_DEVICE_IP = "X-Device-IP"; 423 /** 424 * The HTTP <a 425 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 426 * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link 427 * #REFERER} header value that the on-behalf-of client would have used when making a request 428 * itself. 429 * 430 * @since 31.0 431 */ 432 public static final String X_DEVICE_REFERER = "X-Device-Referer"; 433 /** 434 * The HTTP <a 435 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 436 * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the 437 * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making 438 * a request itself. 439 * 440 * @since 31.0 441 */ 442 public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language"; 443 /** 444 * The HTTP <a 445 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 446 * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the 447 * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making 448 * a request itself. 449 * 450 * @since 31.0 451 */ 452 public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With"; 453 /** The HTTP {@code X-Do-Not-Track} header field name. */ 454 public static final String X_DO_NOT_TRACK = "X-Do-Not-Track"; 455 /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */ 456 public static final String X_FORWARDED_FOR = "X-Forwarded-For"; 457 /** The HTTP {@code X-Forwarded-Proto} header field name. */ 458 public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; 459 /** 460 * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name. 461 * 462 * @since 20.0 463 */ 464 public static final String X_FORWARDED_HOST = "X-Forwarded-Host"; 465 /** 466 * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name. 467 * 468 * @since 20.0 469 */ 470 public static final String X_FORWARDED_PORT = "X-Forwarded-Port"; 471 /** The HTTP {@code X-Frame-Options} header field name. */ 472 public static final String X_FRAME_OPTIONS = "X-Frame-Options"; 473 /** The HTTP {@code X-Powered-By} header field name. */ 474 public static final String X_POWERED_BY = "X-Powered-By"; 475 /** 476 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 477 * Public-Key-Pins}</a> header field name. 478 * 479 * @since 15.0 480 */ 481 public static final String PUBLIC_KEY_PINS = "Public-Key-Pins"; 482 /** 483 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 484 * Public-Key-Pins-Report-Only}</a> header field name. 485 * 486 * @since 15.0 487 */ 488 public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only"; 489 /** 490 * The HTTP {@code X-Request-ID} header field name. 491 * 492 * @since 30.1 493 */ 494 public static final String X_REQUEST_ID = "X-Request-ID"; 495 /** The HTTP {@code X-Requested-With} header field name. */ 496 public static final String X_REQUESTED_WITH = "X-Requested-With"; 497 /** The HTTP {@code X-User-IP} header field name. */ 498 public static final String X_USER_IP = "X-User-IP"; 499 /** 500 * The HTTP <a href="https://goo.gl/VKpXxa">{@code X-Download-Options}</a> header field name. 501 * 502 * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is 503 * prevented from opening a file download directly; instead, they must first save the file 504 * locally. 505 * 506 * @since 24.1 507 */ 508 public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options"; 509 /** The HTTP {@code X-XSS-Protection} header field name. */ 510 public static final String X_XSS_PROTECTION = "X-XSS-Protection"; 511 /** 512 * The HTTP <a 513 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code 514 * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off". 515 * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages. 516 */ 517 public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control"; 518 /** 519 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 520 * {@code Ping-From}</a> header field name. 521 * 522 * @since 19.0 523 */ 524 public static final String PING_FROM = "Ping-From"; 525 /** 526 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 527 * {@code Ping-To}</a> header field name. 528 * 529 * @since 19.0 530 */ 531 public static final String PING_TO = "Ping-To"; 532 533 /** 534 * The HTTP <a 535 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 536 * Purpose}</a> header field name. 537 * 538 * @since 28.0 539 */ 540 public static final String PURPOSE = "Purpose"; 541 /** 542 * The HTTP <a 543 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 544 * X-Purpose}</a> header field name. 545 * 546 * @since 28.0 547 */ 548 public static final String X_PURPOSE = "X-Purpose"; 549 /** 550 * The HTTP <a 551 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 552 * X-Moz}</a> header field name. 553 * 554 * @since 28.0 555 */ 556 public static final String X_MOZ = "X-Moz"; 557 558 /** 559 * The HTTP <a 560 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code 561 * Device-Memory}</a> header field name. 562 * 563 * @since 31.0 564 */ 565 public static final String DEVICE_MEMORY = "Device-Memory"; 566 567 /** 568 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code 569 * Downlink}</a> header field name. 570 * 571 * @since 31.0 572 */ 573 public static final String DOWNLINK = "Downlink"; 574 575 /** 576 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code 577 * ECT}</a> header field name. 578 * 579 * @since 31.0 580 */ 581 public static final String ECT = "ECT"; 582 583 /** 584 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code 585 * RTT}</a> header field name. 586 * 587 * @since 31.0 588 */ 589 public static final String RTT = "RTT"; 590 591 /** 592 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code 593 * Save-Data}</a> header field name. 594 * 595 * @since 31.0 596 */ 597 public static final String SAVE_DATA = "Save-Data"; 598 599 /** 600 * The HTTP <a 601 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code 602 * Viewport-Width}</a> header field name. 603 * 604 * @since 31.0 605 */ 606 public static final String VIEWPORT_WIDTH = "Viewport-Width"; 607 608 /** 609 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code 610 * Width}</a> header field name. 611 * 612 * @since 31.0 613 */ 614 public static final String WIDTH = "Width"; 615 616 /** 617 * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a> 618 * header field name. 619 * 620 * @since 31.0 621 */ 622 public static final String PERMISSIONS_POLICY = "Permissions-Policy"; 623 624 /** 625 * The HTTP <a 626 * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code 627 * Sec-CH-Prefers-Color-Scheme}</a> header field name. 628 * 629 * <p>This header is experimental. 630 * 631 * @since 31.0 632 */ 633 public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme"; 634 635 /** 636 * The HTTP <a 637 * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code 638 * Accept-CH}</a> header field name. 639 * 640 * @since 31.0 641 */ 642 public static final String ACCEPT_CH = "Accept-CH"; 643 /** 644 * The HTTP <a 645 * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code 646 * Critical-CH}</a> header field name. 647 * 648 * @since 31.0 649 */ 650 public static final String CRITICAL_CH = "Critical-CH"; 651 652 /** 653 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a> 654 * header field name. 655 * 656 * @since 30.0 657 */ 658 public static final String SEC_CH_UA = "Sec-CH-UA"; 659 /** 660 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code 661 * Sec-CH-UA-Arch}</a> header field name. 662 * 663 * @since 30.0 664 */ 665 public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch"; 666 /** 667 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code 668 * Sec-CH-UA-Model}</a> header field name. 669 * 670 * @since 30.0 671 */ 672 public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model"; 673 /** 674 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code 675 * Sec-CH-UA-Platform}</a> header field name. 676 * 677 * @since 30.0 678 */ 679 public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform"; 680 /** 681 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code 682 * Sec-CH-UA-Platform-Version}</a> header field name. 683 * 684 * @since 30.0 685 */ 686 public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version"; 687 /** 688 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code 689 * Sec-CH-UA-Full-Version}</a> header field name. 690 * 691 * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}. 692 * @since 30.0 693 */ 694 @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version"; 695 /** 696 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code 697 * Sec-CH-UA-Full-Version}</a> header field name. 698 * 699 * @since 31.1 700 */ 701 public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List"; 702 /** 703 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code 704 * Sec-CH-UA-Mobile}</a> header field name. 705 * 706 * @since 30.0 707 */ 708 public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile"; 709 /** 710 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code 711 * Sec-CH-UA-WoW64}</a> header field name. 712 * 713 * @since 32.0.0 714 */ 715 public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64"; 716 /** 717 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code 718 * Sec-CH-UA-Bitness}</a> header field name. 719 * 720 * @since 31.0 721 */ 722 public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness"; 723 /** 724 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code 725 * Sec-CH-UA-Form-Factor}</a> header field name. 726 * 727 * @since 32.0.0 728 */ 729 public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor"; 730 /** 731 * The HTTP <a 732 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code 733 * Sec-CH-Viewport-Width}</a> header field name. 734 * 735 * @since 32.0.0 736 */ 737 public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width"; 738 /** 739 * The HTTP <a 740 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code 741 * Sec-CH-Viewport-Height}</a> header field name. 742 * 743 * @since 32.0.0 744 */ 745 public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height"; 746 /** 747 * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code 748 * Sec-CH-DPR}</a> header field name. 749 * 750 * @since 32.0.0 751 */ 752 public static final String SEC_CH_DPR = "Sec-CH-DPR"; 753 /** 754 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a> 755 * header field name. 756 * 757 * @since 27.1 758 */ 759 public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest"; 760 /** 761 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a> 762 * header field name. 763 * 764 * @since 27.1 765 */ 766 public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode"; 767 /** 768 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a> 769 * header field name. 770 * 771 * @since 27.1 772 */ 773 public static final String SEC_FETCH_SITE = "Sec-Fetch-Site"; 774 /** 775 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a> 776 * header field name. 777 * 778 * @since 27.1 779 */ 780 public static final String SEC_FETCH_USER = "Sec-Fetch-User"; 781 /** 782 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a> 783 * header field name. 784 * 785 * @since 26.0 786 */ 787 public static final String SEC_METADATA = "Sec-Metadata"; 788 /** 789 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-https">{@code 790 * Sec-Token-Binding}</a> header field name. 791 * 792 * @since 25.1 793 */ 794 public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding"; 795 /** 796 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code 797 * Sec-Provided-Token-Binding-ID}</a> header field name. 798 * 799 * @since 25.1 800 */ 801 public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID"; 802 /** 803 * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code 804 * Sec-Referred-Token-Binding-ID}</a> header field name. 805 * 806 * @since 25.1 807 */ 808 public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID"; 809 /** 810 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Accept}</a> header 811 * field name. 812 * 813 * @since 28.0 814 */ 815 public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept"; 816 /** 817 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Extensions}</a> 818 * header field name. 819 * 820 * @since 28.0 821 */ 822 public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions"; 823 /** 824 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Key}</a> header 825 * field name. 826 * 827 * @since 28.0 828 */ 829 public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key"; 830 /** 831 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Protocol}</a> 832 * header field name. 833 * 834 * @since 28.0 835 */ 836 public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol"; 837 /** 838 * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Version}</a> header 839 * field name. 840 * 841 * @since 28.0 842 */ 843 public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version"; 844 /** 845 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 846 * Sec-Browsing-Topics}</a> header field name. 847 * 848 * @since 32.0.0 849 */ 850 public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics"; 851 /** 852 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 853 * Observe-Browsing-Topics}</a> header field name. 854 * 855 * @since 32.0.0 856 */ 857 public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics"; 858 /** 859 * The HTTP <a href="https://tools.ietf.org/html/rfc8586">{@code CDN-Loop}</a> header field name. 860 * 861 * @since 28.0 862 */ 863 public static final String CDN_LOOP = "CDN-Loop"; 864}