001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.GwtCompatible;
018
019/**
020 * Contains constant definitions for the HTTP header field names. See:
021 *
022 * <ul>
023 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
028 * </ul>
029 *
030 * @author Kurt Alfred Kluever
031 * @since 11.0
032 */
033@GwtCompatible
034@ElementTypesAreNonnullByDefault
035public final class HttpHeaders {
036  private HttpHeaders() {}
037
038  // HTTP Request and Response header fields
039
040  /** The HTTP {@code Cache-Control} header field name. */
041  public static final String CACHE_CONTROL = "Cache-Control";
042  /** The HTTP {@code Content-Length} header field name. */
043  public static final String CONTENT_LENGTH = "Content-Length";
044  /** The HTTP {@code Content-Type} header field name. */
045  public static final String CONTENT_TYPE = "Content-Type";
046  /** The HTTP {@code Date} header field name. */
047  public static final String DATE = "Date";
048  /** The HTTP {@code Pragma} header field name. */
049  public static final String PRAGMA = "Pragma";
050  /** The HTTP {@code Via} header field name. */
051  public static final String VIA = "Via";
052  /** The HTTP {@code Warning} header field name. */
053  public static final String WARNING = "Warning";
054
055  // HTTP Request header fields
056
057  /** The HTTP {@code Accept} header field name. */
058  public static final String ACCEPT = "Accept";
059  /** The HTTP {@code Accept-Charset} header field name. */
060  public static final String ACCEPT_CHARSET = "Accept-Charset";
061  /** The HTTP {@code Accept-Encoding} header field name. */
062  public static final String ACCEPT_ENCODING = "Accept-Encoding";
063  /** The HTTP {@code Accept-Language} header field name. */
064  public static final String ACCEPT_LANGUAGE = "Accept-Language";
065  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
066  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
067  /** The HTTP {@code Access-Control-Request-Method} header field name. */
068  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
069  /** The HTTP {@code Authorization} header field name. */
070  public static final String AUTHORIZATION = "Authorization";
071  /** The HTTP {@code Connection} header field name. */
072  public static final String CONNECTION = "Connection";
073  /** The HTTP {@code Cookie} header field name. */
074  public static final String COOKIE = "Cookie";
075  /**
076   * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code
077   * Cross-Origin-Resource-Policy}</a> header field name.
078   *
079   * @since 28.0
080   */
081  public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy";
082
083  /**
084   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8470">{@code Early-Data}</a> header
085   * field name.
086   *
087   * @since 27.0
088   */
089  public static final String EARLY_DATA = "Early-Data";
090
091  /** The HTTP {@code Expect} header field name. */
092  public static final String EXPECT = "Expect";
093  /** The HTTP {@code From} header field name. */
094  public static final String FROM = "From";
095
096  /**
097   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7239">{@code Forwarded}</a> header
098   * field name.
099   *
100   * @since 20.0
101   */
102  public static final String FORWARDED = "Forwarded";
103
104  /**
105   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
106   *
107   * @since 17.0
108   */
109  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
110  /** The HTTP {@code Host} header field name. */
111  public static final String HOST = "Host";
112
113  /**
114   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7540#section-3.2.1">{@code
115   * HTTP2-Settings} </a> header field name.
116   *
117   * @since 24.0
118   */
119  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
120
121  /** The HTTP {@code If-Match} header field name. */
122  public static final String IF_MATCH = "If-Match";
123  /** The HTTP {@code If-Modified-Since} header field name. */
124  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
125  /** The HTTP {@code If-None-Match} header field name. */
126  public static final String IF_NONE_MATCH = "If-None-Match";
127  /** The HTTP {@code If-Range} header field name. */
128  public static final String IF_RANGE = "If-Range";
129  /** The HTTP {@code If-Unmodified-Since} header field name. */
130  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
131  /** The HTTP {@code Last-Event-ID} header field name. */
132  public static final String LAST_EVENT_ID = "Last-Event-ID";
133  /** The HTTP {@code Max-Forwards} header field name. */
134  public static final String MAX_FORWARDS = "Max-Forwards";
135  /** The HTTP {@code Origin} header field name. */
136  public static final String ORIGIN = "Origin";
137  /**
138   * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header
139   * field name.
140   *
141   * @since 30.1
142   */
143  public static final String ORIGIN_ISOLATION = "Origin-Isolation";
144  /** The HTTP {@code Proxy-Authorization} header field name. */
145  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
146  /** The HTTP {@code Range} header field name. */
147  public static final String RANGE = "Range";
148  /** The HTTP {@code Referer} header field name. */
149  public static final String REFERER = "Referer";
150  /**
151   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
152   * field name.
153   *
154   * @since 23.4
155   */
156  public static final String REFERRER_POLICY = "Referrer-Policy";
157
158  /**
159   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
160   * header.
161   *
162   * @since 23.4
163   */
164  public static final class ReferrerPolicyValues {
165    private ReferrerPolicyValues() {}
166
167    public static final String NO_REFERRER = "no-referrer";
168    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
169    public static final String SAME_ORIGIN = "same-origin";
170    public static final String ORIGIN = "origin";
171    public static final String STRICT_ORIGIN = "strict-origin";
172    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
173    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
174    public static final String UNSAFE_URL = "unsafe-url";
175  }
176
177  /**
178   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
179   * Service-Worker}</a> header field name.
180   *
181   * @since 20.0
182   */
183  public static final String SERVICE_WORKER = "Service-Worker";
184  /** The HTTP {@code TE} header field name. */
185  public static final String TE = "TE";
186  /** The HTTP {@code Upgrade} header field name. */
187  public static final String UPGRADE = "Upgrade";
188  /**
189   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
190   * Upgrade-Insecure-Requests}</a> header field name.
191   *
192   * @since 28.1
193   */
194  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";
195
196  /** The HTTP {@code User-Agent} header field name. */
197  public static final String USER_AGENT = "User-Agent";
198
199  // HTTP Response header fields
200
201  /** The HTTP {@code Accept-Ranges} header field name. */
202  public static final String ACCEPT_RANGES = "Accept-Ranges";
203  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
204  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
205  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
206  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
207  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
208  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
209  /**
210   * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code
211   * Access-Control-Allow-Private-Network}</a> header field name.
212   *
213   * @since 31.1
214   */
215  public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK =
216      "Access-Control-Allow-Private-Network";
217  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
218  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
219  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
220  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
221  /** The HTTP {@code Access-Control-Max-Age} header field name. */
222  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
223  /** The HTTP {@code Age} header field name. */
224  public static final String AGE = "Age";
225  /** The HTTP {@code Allow} header field name. */
226  public static final String ALLOW = "Allow";
227  /** The HTTP {@code Content-Disposition} header field name. */
228  public static final String CONTENT_DISPOSITION = "Content-Disposition";
229  /** The HTTP {@code Content-Encoding} header field name. */
230  public static final String CONTENT_ENCODING = "Content-Encoding";
231  /** The HTTP {@code Content-Language} header field name. */
232  public static final String CONTENT_LANGUAGE = "Content-Language";
233  /** The HTTP {@code Content-Location} header field name. */
234  public static final String CONTENT_LOCATION = "Content-Location";
235  /** The HTTP {@code Content-MD5} header field name. */
236  public static final String CONTENT_MD5 = "Content-MD5";
237  /** The HTTP {@code Content-Range} header field name. */
238  public static final String CONTENT_RANGE = "Content-Range";
239  /**
240   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
241   * Content-Security-Policy}</a> header field name.
242   *
243   * @since 15.0
244   */
245  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
246  /**
247   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
248   * {@code Content-Security-Policy-Report-Only}</a> header field name.
249   *
250   * @since 15.0
251   */
252  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
253      "Content-Security-Policy-Report-Only";
254  /**
255   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
256   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
257   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
258   * to pass the CSP.
259   *
260   * @since 20.0
261   */
262  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
263  /**
264   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
265   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
266   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
267   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
268   *
269   * @since 20.0
270   */
271  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
272      "X-Content-Security-Policy-Report-Only";
273  /**
274   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
275   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
276   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
277   *
278   * @since 20.0
279   */
280  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
281  /**
282   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
283   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
284   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
285   *
286   * @since 20.0
287   */
288  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
289  /**
290   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code
291   * Cross-Origin-Embedder-Policy}</a> header field name.
292   *
293   * @since 30.0
294   */
295  public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy";
296  /**
297   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
298   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
299   *
300   * @since 30.0
301   */
302  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
303      "Cross-Origin-Embedder-Policy-Report-Only";
304  /**
305   * The HTTP Cross-Origin-Opener-Policy header field name.
306   *
307   * @since 28.2
308   */
309  public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy";
310  /** The HTTP {@code ETag} header field name. */
311  public static final String ETAG = "ETag";
312  /** The HTTP {@code Expires} header field name. */
313  public static final String EXPIRES = "Expires";
314  /** The HTTP {@code Last-Modified} header field name. */
315  public static final String LAST_MODIFIED = "Last-Modified";
316  /** The HTTP {@code Link} header field name. */
317  public static final String LINK = "Link";
318  /** The HTTP {@code Location} header field name. */
319  public static final String LOCATION = "Location";
320  /**
321   * The HTTP {@code Keep-Alive} header field name.
322   *
323   * @since 31.0
324   */
325  public static final String KEEP_ALIVE = "Keep-Alive";
326  /**
327   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code
328   * No-Vary-Seearch}</a> header field name.
329   *
330   * @since 32.0.0
331   */
332  public static final String NO_VARY_SEARCH = "No-Vary-Search";
333  /**
334   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
335   * header field name.
336   *
337   * @since 27.1
338   */
339  public static final String ORIGIN_TRIAL = "Origin-Trial";
340  /** The HTTP {@code P3P} header field name. Limited browser support. */
341  public static final String P3P = "P3P";
342  /** The HTTP {@code Proxy-Authenticate} header field name. */
343  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
344  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
345  public static final String REFRESH = "Refresh";
346  /**
347   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
348   *
349   * @since 27.1
350   */
351  public static final String REPORT_TO = "Report-To";
352  /** The HTTP {@code Retry-After} header field name. */
353  public static final String RETRY_AFTER = "Retry-After";
354  /** The HTTP {@code Server} header field name. */
355  public static final String SERVER = "Server";
356  /**
357   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
358   * name.
359   *
360   * @since 23.6
361   */
362  public static final String SERVER_TIMING = "Server-Timing";
363  /**
364   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
365   * Service-Worker-Allowed}</a> header field name.
366   *
367   * @since 20.0
368   */
369  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
370  /** The HTTP {@code Set-Cookie} header field name. */
371  public static final String SET_COOKIE = "Set-Cookie";
372  /** The HTTP {@code Set-Cookie2} header field name. */
373  public static final String SET_COOKIE2 = "Set-Cookie2";
374
375  /**
376   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap">{@code
377   * SourceMap}</a> header field name.
378   *
379   * @since 27.1
380   */
381  public static final String SOURCE_MAP = "SourceMap";
382
383  /**
384   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code
385   * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a
386   * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced
387   * frames</a>.
388   *
389   * @since 32.0.0
390   */
391  public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode";
392
393  /**
394   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
395   * Strict-Transport-Security}</a> header field name.
396   *
397   * @since 15.0
398   */
399  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
400  /**
401   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
402   * Timing-Allow-Origin}</a> header field name.
403   *
404   * @since 15.0
405   */
406  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
407  /** The HTTP {@code Trailer} header field name. */
408  public static final String TRAILER = "Trailer";
409  /** The HTTP {@code Transfer-Encoding} header field name. */
410  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
411  /** The HTTP {@code Vary} header field name. */
412  public static final String VARY = "Vary";
413  /** The HTTP {@code WWW-Authenticate} header field name. */
414  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
415
416  // Common, non-standard HTTP header fields
417
418  /** The HTTP {@code DNT} header field name. */
419  public static final String DNT = "DNT";
420  /** The HTTP {@code X-Content-Type-Options} header field name. */
421  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
422  /**
423   * The HTTP <a
424   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
425   * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of
426   * the device on whose behalf the request is being made.
427   *
428   * @since 31.0
429   */
430  public static final String X_DEVICE_IP = "X-Device-IP";
431  /**
432   * The HTTP <a
433   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
434   * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link
435   * #REFERER} header value that the on-behalf-of client would have used when making a request
436   * itself.
437   *
438   * @since 31.0
439   */
440  public static final String X_DEVICE_REFERER = "X-Device-Referer";
441  /**
442   * The HTTP <a
443   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
444   * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the
445   * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making
446   * a request itself.
447   *
448   * @since 31.0
449   */
450  public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language";
451  /**
452   * The HTTP <a
453   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
454   * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the
455   * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making
456   * a request itself.
457   *
458   * @since 31.0
459   */
460  public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With";
461  /** The HTTP {@code X-Do-Not-Track} header field name. */
462  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
463  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
464  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
465  /** The HTTP {@code X-Forwarded-Proto} header field name. */
466  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
467
468  /**
469   * The HTTP <a
470   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host">{@code
471   * X-Forwarded-Host}</a> header field name.
472   *
473   * @since 20.0
474   */
475  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
476
477  /**
478   * The HTTP <a
479   * href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port">{@code
480   * X-Forwarded-Port}</a> header field name.
481   *
482   * @since 20.0
483   */
484  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
485
486  /** The HTTP {@code X-Frame-Options} header field name. */
487  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
488  /** The HTTP {@code X-Powered-By} header field name. */
489  public static final String X_POWERED_BY = "X-Powered-By";
490  /**
491   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
492   * Public-Key-Pins}</a> header field name.
493   *
494   * @since 15.0
495   */
496  public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
497  /**
498   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
499   * Public-Key-Pins-Report-Only}</a> header field name.
500   *
501   * @since 15.0
502   */
503  public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
504  /**
505   * The HTTP {@code X-Request-ID} header field name.
506   *
507   * @since 30.1
508   */
509  public static final String X_REQUEST_ID = "X-Request-ID";
510  /** The HTTP {@code X-Requested-With} header field name. */
511  public static final String X_REQUESTED_WITH = "X-Requested-With";
512  /** The HTTP {@code X-User-IP} header field name. */
513  public static final String X_USER_IP = "X-User-IP";
514
515  /**
516   * The HTTP <a
517   * href="https://learn.microsoft.com/en-us/archive/blogs/ieinternals/internet-explorer-and-custom-http-headers#:~:text=X%2DDownload%2DOptions">{@code
518   * X-Download-Options}</a> header field name.
519   *
520   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
521   * prevented from opening a file download directly; instead, they must first save the file
522   * locally.
523   *
524   * @since 24.1
525   */
526  public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
527
528  /** The HTTP {@code X-XSS-Protection} header field name. */
529  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
530  /**
531   * The HTTP <a
532   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
533   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
534   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
535   */
536  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
537  /**
538   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
539   * {@code Ping-From}</a> header field name.
540   *
541   * @since 19.0
542   */
543  public static final String PING_FROM = "Ping-From";
544  /**
545   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
546   * {@code Ping-To}</a> header field name.
547   *
548   * @since 19.0
549   */
550  public static final String PING_TO = "Ping-To";
551
552  /**
553   * The HTTP <a
554   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
555   * Purpose}</a> header field name.
556   *
557   * @since 28.0
558   */
559  public static final String PURPOSE = "Purpose";
560  /**
561   * The HTTP <a
562   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
563   * X-Purpose}</a> header field name.
564   *
565   * @since 28.0
566   */
567  public static final String X_PURPOSE = "X-Purpose";
568  /**
569   * The HTTP <a
570   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
571   * X-Moz}</a> header field name.
572   *
573   * @since 28.0
574   */
575  public static final String X_MOZ = "X-Moz";
576
577  /**
578   * The HTTP <a
579   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code
580   * Device-Memory}</a> header field name.
581   *
582   * @since 31.0
583   */
584  public static final String DEVICE_MEMORY = "Device-Memory";
585
586  /**
587   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code
588   * Downlink}</a> header field name.
589   *
590   * @since 31.0
591   */
592  public static final String DOWNLINK = "Downlink";
593
594  /**
595   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code
596   * ECT}</a> header field name.
597   *
598   * @since 31.0
599   */
600  public static final String ECT = "ECT";
601
602  /**
603   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code
604   * RTT}</a> header field name.
605   *
606   * @since 31.0
607   */
608  public static final String RTT = "RTT";
609
610  /**
611   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code
612   * Save-Data}</a> header field name.
613   *
614   * @since 31.0
615   */
616  public static final String SAVE_DATA = "Save-Data";
617
618  /**
619   * The HTTP <a
620   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code
621   * Viewport-Width}</a> header field name.
622   *
623   * @since 31.0
624   */
625  public static final String VIEWPORT_WIDTH = "Viewport-Width";
626
627  /**
628   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code
629   * Width}</a> header field name.
630   *
631   * @since 31.0
632   */
633  public static final String WIDTH = "Width";
634
635  /**
636   * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a>
637   * header field name.
638   *
639   * @since 31.0
640   */
641  public static final String PERMISSIONS_POLICY = "Permissions-Policy";
642
643  /**
644   * The HTTP <a
645   * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code
646   * Permissions-Policy-Report-Only}</a> header field name.
647   *
648   * @since 33.2.0
649   */
650  public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only";
651
652  /**
653   * The HTTP <a
654   * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code
655   * Sec-CH-Prefers-Color-Scheme}</a> header field name.
656   *
657   * <p>This header is experimental.
658   *
659   * @since 31.0
660   */
661  public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme";
662
663  /**
664   * The HTTP <a
665   * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code
666   * Accept-CH}</a> header field name.
667   *
668   * @since 31.0
669   */
670  public static final String ACCEPT_CH = "Accept-CH";
671  /**
672   * The HTTP <a
673   * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code
674   * Critical-CH}</a> header field name.
675   *
676   * @since 31.0
677   */
678  public static final String CRITICAL_CH = "Critical-CH";
679
680  /**
681   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a>
682   * header field name.
683   *
684   * @since 30.0
685   */
686  public static final String SEC_CH_UA = "Sec-CH-UA";
687  /**
688   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code
689   * Sec-CH-UA-Arch}</a> header field name.
690   *
691   * @since 30.0
692   */
693  public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch";
694  /**
695   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code
696   * Sec-CH-UA-Model}</a> header field name.
697   *
698   * @since 30.0
699   */
700  public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model";
701  /**
702   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code
703   * Sec-CH-UA-Platform}</a> header field name.
704   *
705   * @since 30.0
706   */
707  public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform";
708  /**
709   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code
710   * Sec-CH-UA-Platform-Version}</a> header field name.
711   *
712   * @since 30.0
713   */
714  public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version";
715  /**
716   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code
717   * Sec-CH-UA-Full-Version}</a> header field name.
718   *
719   * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}.
720   * @since 30.0
721   */
722  @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version";
723  /**
724   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code
725   * Sec-CH-UA-Full-Version}</a> header field name.
726   *
727   * @since 31.1
728   */
729  public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List";
730  /**
731   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code
732   * Sec-CH-UA-Mobile}</a> header field name.
733   *
734   * @since 30.0
735   */
736  public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile";
737  /**
738   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code
739   * Sec-CH-UA-WoW64}</a> header field name.
740   *
741   * @since 32.0.0
742   */
743  public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64";
744  /**
745   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code
746   * Sec-CH-UA-Bitness}</a> header field name.
747   *
748   * @since 31.0
749   */
750  public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness";
751
752  /**
753   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code
754   * Sec-CH-UA-Form-Factor}</a> header field name.
755   *
756   * @deprecated Prefer {@link SEC_CH_UA_FORM_FACTORS}.
757   * @since 32.0.0
758   */
759  @Deprecated public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor";
760
761  /**
762   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factors">{@code
763   * Sec-CH-UA-Form-Factors}</a> header field name.
764   *
765   * @since 33.3.0
766   */
767  public static final String SEC_CH_UA_FORM_FACTORS = "Sec-CH-UA-Form-Factors";
768
769  /**
770   * The HTTP <a
771   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code
772   * Sec-CH-Viewport-Width}</a> header field name.
773   *
774   * @since 32.0.0
775   */
776  public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width";
777  /**
778   * The HTTP <a
779   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code
780   * Sec-CH-Viewport-Height}</a> header field name.
781   *
782   * @since 32.0.0
783   */
784  public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height";
785  /**
786   * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code
787   * Sec-CH-DPR}</a> header field name.
788   *
789   * @since 32.0.0
790   */
791  public static final String SEC_CH_DPR = "Sec-CH-DPR";
792  /**
793   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a>
794   * header field name.
795   *
796   * @since 27.1
797   */
798  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
799  /**
800   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a>
801   * header field name.
802   *
803   * @since 27.1
804   */
805  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
806  /**
807   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a>
808   * header field name.
809   *
810   * @since 27.1
811   */
812  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
813  /**
814   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a>
815   * header field name.
816   *
817   * @since 27.1
818   */
819  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
820  /**
821   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a>
822   * header field name.
823   *
824   * @since 26.0
825   */
826  public static final String SEC_METADATA = "Sec-Metadata";
827
828  /**
829   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https">{@code
830   * Sec-Token-Binding}</a> header field name.
831   *
832   * @since 25.1
833   */
834  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
835
836  /**
837   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
838   * Sec-Provided-Token-Binding-ID}</a> header field name.
839   *
840   * @since 25.1
841   */
842  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
843
844  /**
845   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
846   * Sec-Referred-Token-Binding-ID}</a> header field name.
847   *
848   * @since 25.1
849   */
850  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
851
852  /**
853   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
854   * Sec-WebSocket-Accept}</a> header field name.
855   *
856   * @since 28.0
857   */
858  public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept";
859
860  /**
861   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
862   * Sec-WebSocket-Extensions}</a> header field name.
863   *
864   * @since 28.0
865   */
866  public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions";
867
868  /**
869   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code Sec-WebSocket-Key}</a>
870   * header field name.
871   *
872   * @since 28.0
873   */
874  public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
875
876  /**
877   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
878   * Sec-WebSocket-Protocol}</a> header field name.
879   *
880   * @since 28.0
881   */
882  public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
883
884  /**
885   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
886   * Sec-WebSocket-Version}</a> header field name.
887   *
888   * @since 28.0
889   */
890  public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version";
891
892  /**
893   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
894   * Sec-Browsing-Topics}</a> header field name.
895   *
896   * @since 32.0.0
897   */
898  public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics";
899  /**
900   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
901   * Observe-Browsing-Topics}</a> header field name.
902   *
903   * @since 32.0.0
904   */
905  public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics";
906
907  /**
908   * The HTTP <a
909   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
910   * Sec-Ad-Auction-Fetch}</a> header field name.
911   *
912   * @since 33.0.0
913   */
914  public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch";
915
916  /**
917   * The HTTP <a
918   * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code
919   * Sec-GPC}</a> header field name.
920   *
921   * @since 33.2.0
922   */
923  public static final String SEC_GPC = "Sec-GPC";
924
925  /**
926   * The HTTP <a
927   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
928   * Ad-Auction-Signals}</a> header field name.
929   *
930   * @since 33.0.0
931   */
932  public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals";
933
934  /**
935   * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code
936   * Ad-Auction-Allowed}</a> header field name.
937   *
938   * @since 33.2.0
939   */
940  public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed";
941
942  /**
943   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8586">{@code CDN-Loop}</a> header
944   * field name.
945   *
946   * @since 28.0
947   */
948  public static final String CDN_LOOP = "CDN-Loop";
949
950  /**
951   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7838#page-8">{@code Alt-Svc}</a>
952   * header field name.
953   *
954   * @since 33.4.0
955   */
956  public static final String ALT_SVC = "Alt-Svc";
957}