001/* 002 * Copyright (C) 2011 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import com.google.common.annotations.GwtCompatible; 018 019/** 020 * Contains constant definitions for the HTTP header field names. See: 021 * 022 * <ul> 023 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> 024 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a> 025 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> 026 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> 027 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a> 028 * </ul> 029 * 030 * @author Kurt Alfred Kluever 031 * @since 11.0 032 */ 033@GwtCompatible 034@ElementTypesAreNonnullByDefault 035public final class HttpHeaders { 036 private HttpHeaders() {} 037 038 // HTTP Request and Response header fields 039 040 /** The HTTP {@code Cache-Control} header field name. */ 041 public static final String CACHE_CONTROL = "Cache-Control"; 042 /** The HTTP {@code Content-Length} header field name. */ 043 public static final String CONTENT_LENGTH = "Content-Length"; 044 /** The HTTP {@code Content-Type} header field name. */ 045 public static final String CONTENT_TYPE = "Content-Type"; 046 /** The HTTP {@code Date} header field name. */ 047 public static final String DATE = "Date"; 048 /** The HTTP {@code Pragma} header field name. */ 049 public static final String PRAGMA = "Pragma"; 050 /** The HTTP {@code Via} header field name. */ 051 public static final String VIA = "Via"; 052 /** The HTTP {@code Warning} header field name. */ 053 public static final String WARNING = "Warning"; 054 055 // HTTP Request header fields 056 057 /** The HTTP {@code Accept} header field name. */ 058 public static final String ACCEPT = "Accept"; 059 /** The HTTP {@code Accept-Charset} header field name. */ 060 public static final String ACCEPT_CHARSET = "Accept-Charset"; 061 /** The HTTP {@code Accept-Encoding} header field name. */ 062 public static final String ACCEPT_ENCODING = "Accept-Encoding"; 063 /** The HTTP {@code Accept-Language} header field name. */ 064 public static final String ACCEPT_LANGUAGE = "Accept-Language"; 065 /** The HTTP {@code Access-Control-Request-Headers} header field name. */ 066 public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; 067 /** The HTTP {@code Access-Control-Request-Method} header field name. */ 068 public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; 069 /** The HTTP {@code Authorization} header field name. */ 070 public static final String AUTHORIZATION = "Authorization"; 071 /** The HTTP {@code Connection} header field name. */ 072 public static final String CONNECTION = "Connection"; 073 /** The HTTP {@code Cookie} header field name. */ 074 public static final String COOKIE = "Cookie"; 075 /** 076 * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code 077 * Cross-Origin-Resource-Policy}</a> header field name. 078 * 079 * @since 28.0 080 */ 081 public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy"; 082 083 /** 084 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8470">{@code Early-Data}</a> header 085 * field name. 086 * 087 * @since 27.0 088 */ 089 public static final String EARLY_DATA = "Early-Data"; 090 091 /** The HTTP {@code Expect} header field name. */ 092 public static final String EXPECT = "Expect"; 093 /** The HTTP {@code From} header field name. */ 094 public static final String FROM = "From"; 095 096 /** 097 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7239">{@code Forwarded}</a> header 098 * field name. 099 * 100 * @since 20.0 101 */ 102 public static final String FORWARDED = "Forwarded"; 103 104 /** 105 * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name. 106 * 107 * @since 17.0 108 */ 109 public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown"; 110 /** The HTTP {@code Host} header field name. */ 111 public static final String HOST = "Host"; 112 113 /** 114 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7540#section-3.2.1">{@code 115 * HTTP2-Settings} </a> header field name. 116 * 117 * @since 24.0 118 */ 119 public static final String HTTP2_SETTINGS = "HTTP2-Settings"; 120 121 /** The HTTP {@code If-Match} header field name. */ 122 public static final String IF_MATCH = "If-Match"; 123 /** The HTTP {@code If-Modified-Since} header field name. */ 124 public static final String IF_MODIFIED_SINCE = "If-Modified-Since"; 125 /** The HTTP {@code If-None-Match} header field name. */ 126 public static final String IF_NONE_MATCH = "If-None-Match"; 127 /** The HTTP {@code If-Range} header field name. */ 128 public static final String IF_RANGE = "If-Range"; 129 /** The HTTP {@code If-Unmodified-Since} header field name. */ 130 public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since"; 131 /** The HTTP {@code Last-Event-ID} header field name. */ 132 public static final String LAST_EVENT_ID = "Last-Event-ID"; 133 /** The HTTP {@code Max-Forwards} header field name. */ 134 public static final String MAX_FORWARDS = "Max-Forwards"; 135 /** The HTTP {@code Origin} header field name. */ 136 public static final String ORIGIN = "Origin"; 137 /** 138 * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header 139 * field name. 140 * 141 * @since 30.1 142 */ 143 public static final String ORIGIN_ISOLATION = "Origin-Isolation"; 144 /** The HTTP {@code Proxy-Authorization} header field name. */ 145 public static final String PROXY_AUTHORIZATION = "Proxy-Authorization"; 146 /** The HTTP {@code Range} header field name. */ 147 public static final String RANGE = "Range"; 148 /** The HTTP {@code Referer} header field name. */ 149 public static final String REFERER = "Referer"; 150 /** 151 * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header 152 * field name. 153 * 154 * @since 23.4 155 */ 156 public static final String REFERRER_POLICY = "Referrer-Policy"; 157 158 /** 159 * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> 160 * header. 161 * 162 * @since 23.4 163 */ 164 public static final class ReferrerPolicyValues { 165 private ReferrerPolicyValues() {} 166 167 public static final String NO_REFERRER = "no-referrer"; 168 public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade"; 169 public static final String SAME_ORIGIN = "same-origin"; 170 public static final String ORIGIN = "origin"; 171 public static final String STRICT_ORIGIN = "strict-origin"; 172 public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin"; 173 public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin"; 174 public static final String UNSAFE_URL = "unsafe-url"; 175 } 176 177 /** 178 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 179 * Service-Worker}</a> header field name. 180 * 181 * @since 20.0 182 */ 183 public static final String SERVICE_WORKER = "Service-Worker"; 184 /** The HTTP {@code TE} header field name. */ 185 public static final String TE = "TE"; 186 /** The HTTP {@code Upgrade} header field name. */ 187 public static final String UPGRADE = "Upgrade"; 188 /** 189 * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code 190 * Upgrade-Insecure-Requests}</a> header field name. 191 * 192 * @since 28.1 193 */ 194 public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests"; 195 196 /** The HTTP {@code User-Agent} header field name. */ 197 public static final String USER_AGENT = "User-Agent"; 198 199 // HTTP Response header fields 200 201 /** The HTTP {@code Accept-Ranges} header field name. */ 202 public static final String ACCEPT_RANGES = "Accept-Ranges"; 203 /** The HTTP {@code Access-Control-Allow-Headers} header field name. */ 204 public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; 205 /** The HTTP {@code Access-Control-Allow-Methods} header field name. */ 206 public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; 207 /** The HTTP {@code Access-Control-Allow-Origin} header field name. */ 208 public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; 209 /** 210 * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code 211 * Access-Control-Allow-Private-Network}</a> header field name. 212 * 213 * @since 31.1 214 */ 215 public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK = 216 "Access-Control-Allow-Private-Network"; 217 /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */ 218 public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; 219 /** The HTTP {@code Access-Control-Expose-Headers} header field name. */ 220 public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; 221 /** The HTTP {@code Access-Control-Max-Age} header field name. */ 222 public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; 223 /** The HTTP {@code Age} header field name. */ 224 public static final String AGE = "Age"; 225 /** The HTTP {@code Allow} header field name. */ 226 public static final String ALLOW = "Allow"; 227 /** The HTTP {@code Content-Disposition} header field name. */ 228 public static final String CONTENT_DISPOSITION = "Content-Disposition"; 229 /** The HTTP {@code Content-Encoding} header field name. */ 230 public static final String CONTENT_ENCODING = "Content-Encoding"; 231 /** The HTTP {@code Content-Language} header field name. */ 232 public static final String CONTENT_LANGUAGE = "Content-Language"; 233 /** The HTTP {@code Content-Location} header field name. */ 234 public static final String CONTENT_LOCATION = "Content-Location"; 235 /** The HTTP {@code Content-MD5} header field name. */ 236 public static final String CONTENT_MD5 = "Content-MD5"; 237 /** The HTTP {@code Content-Range} header field name. */ 238 public static final String CONTENT_RANGE = "Content-Range"; 239 /** 240 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code 241 * Content-Security-Policy}</a> header field name. 242 * 243 * @since 15.0 244 */ 245 public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; 246 /** 247 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field"> 248 * {@code Content-Security-Policy-Report-Only}</a> header field name. 249 * 250 * @since 15.0 251 */ 252 public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY = 253 "Content-Security-Policy-Report-Only"; 254 /** 255 * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in 256 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until 257 * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY} 258 * to pass the CSP. 259 * 260 * @since 20.0 261 */ 262 public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy"; 263 /** 264 * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was 265 * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the 266 * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link 267 * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 268 * 269 * @since 20.0 270 */ 271 public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY = 272 "X-Content-Security-Policy-Report-Only"; 273 /** 274 * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a 275 * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 276 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 277 * 278 * @since 20.0 279 */ 280 public static final String X_WEBKIT_CSP = "X-WebKit-CSP"; 281 /** 282 * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in 283 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 284 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 285 * 286 * @since 20.0 287 */ 288 public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only"; 289 /** 290 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code 291 * Cross-Origin-Embedder-Policy}</a> header field name. 292 * 293 * @since 30.0 294 */ 295 public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy"; 296 /** 297 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code 298 * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name. 299 * 300 * @since 30.0 301 */ 302 public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY = 303 "Cross-Origin-Embedder-Policy-Report-Only"; 304 /** 305 * The HTTP Cross-Origin-Opener-Policy header field name. 306 * 307 * @since 28.2 308 */ 309 public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy"; 310 /** The HTTP {@code ETag} header field name. */ 311 public static final String ETAG = "ETag"; 312 /** The HTTP {@code Expires} header field name. */ 313 public static final String EXPIRES = "Expires"; 314 /** The HTTP {@code Last-Modified} header field name. */ 315 public static final String LAST_MODIFIED = "Last-Modified"; 316 /** The HTTP {@code Link} header field name. */ 317 public static final String LINK = "Link"; 318 /** The HTTP {@code Location} header field name. */ 319 public static final String LOCATION = "Location"; 320 /** 321 * The HTTP {@code Keep-Alive} header field name. 322 * 323 * @since 31.0 324 */ 325 public static final String KEEP_ALIVE = "Keep-Alive"; 326 /** 327 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code 328 * No-Vary-Seearch}</a> header field name. 329 * 330 * @since 32.0.0 331 */ 332 public static final String NO_VARY_SEARCH = "No-Vary-Search"; 333 /** 334 * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a> 335 * header field name. 336 * 337 * @since 27.1 338 */ 339 public static final String ORIGIN_TRIAL = "Origin-Trial"; 340 /** The HTTP {@code P3P} header field name. Limited browser support. */ 341 public static final String P3P = "P3P"; 342 /** The HTTP {@code Proxy-Authenticate} header field name. */ 343 public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate"; 344 /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */ 345 public static final String REFRESH = "Refresh"; 346 /** 347 * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name. 348 * 349 * @since 27.1 350 */ 351 public static final String REPORT_TO = "Report-To"; 352 /** The HTTP {@code Retry-After} header field name. */ 353 public static final String RETRY_AFTER = "Retry-After"; 354 /** The HTTP {@code Server} header field name. */ 355 public static final String SERVER = "Server"; 356 /** 357 * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field 358 * name. 359 * 360 * @since 23.6 361 */ 362 public static final String SERVER_TIMING = "Server-Timing"; 363 /** 364 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 365 * Service-Worker-Allowed}</a> header field name. 366 * 367 * @since 20.0 368 */ 369 public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed"; 370 /** The HTTP {@code Set-Cookie} header field name. */ 371 public static final String SET_COOKIE = "Set-Cookie"; 372 /** The HTTP {@code Set-Cookie2} header field name. */ 373 public static final String SET_COOKIE2 = "Set-Cookie2"; 374 375 /** 376 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap">{@code 377 * SourceMap}</a> header field name. 378 * 379 * @since 27.1 380 */ 381 public static final String SOURCE_MAP = "SourceMap"; 382 383 /** 384 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code 385 * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a 386 * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced 387 * frames</a>. 388 * 389 * @since 32.0.0 390 */ 391 public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode"; 392 393 /** 394 * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code 395 * Strict-Transport-Security}</a> header field name. 396 * 397 * @since 15.0 398 */ 399 public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security"; 400 /** 401 * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code 402 * Timing-Allow-Origin}</a> header field name. 403 * 404 * @since 15.0 405 */ 406 public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin"; 407 /** The HTTP {@code Trailer} header field name. */ 408 public static final String TRAILER = "Trailer"; 409 /** The HTTP {@code Transfer-Encoding} header field name. */ 410 public static final String TRANSFER_ENCODING = "Transfer-Encoding"; 411 /** The HTTP {@code Vary} header field name. */ 412 public static final String VARY = "Vary"; 413 /** The HTTP {@code WWW-Authenticate} header field name. */ 414 public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; 415 416 // Common, non-standard HTTP header fields 417 418 /** The HTTP {@code DNT} header field name. */ 419 public static final String DNT = "DNT"; 420 /** The HTTP {@code X-Content-Type-Options} header field name. */ 421 public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options"; 422 /** 423 * The HTTP <a 424 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 425 * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of 426 * the device on whose behalf the request is being made. 427 * 428 * @since 31.0 429 */ 430 public static final String X_DEVICE_IP = "X-Device-IP"; 431 /** 432 * The HTTP <a 433 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 434 * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link 435 * #REFERER} header value that the on-behalf-of client would have used when making a request 436 * itself. 437 * 438 * @since 31.0 439 */ 440 public static final String X_DEVICE_REFERER = "X-Device-Referer"; 441 /** 442 * The HTTP <a 443 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 444 * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the 445 * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making 446 * a request itself. 447 * 448 * @since 31.0 449 */ 450 public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language"; 451 /** 452 * The HTTP <a 453 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 454 * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the 455 * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making 456 * a request itself. 457 * 458 * @since 31.0 459 */ 460 public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With"; 461 /** The HTTP {@code X-Do-Not-Track} header field name. */ 462 public static final String X_DO_NOT_TRACK = "X-Do-Not-Track"; 463 /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */ 464 public static final String X_FORWARDED_FOR = "X-Forwarded-For"; 465 /** The HTTP {@code X-Forwarded-Proto} header field name. */ 466 public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; 467 468 /** 469 * The HTTP <a 470 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host">{@code 471 * X-Forwarded-Host}</a> header field name. 472 * 473 * @since 20.0 474 */ 475 public static final String X_FORWARDED_HOST = "X-Forwarded-Host"; 476 477 /** 478 * The HTTP <a 479 * href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port">{@code 480 * X-Forwarded-Port}</a> header field name. 481 * 482 * @since 20.0 483 */ 484 public static final String X_FORWARDED_PORT = "X-Forwarded-Port"; 485 486 /** The HTTP {@code X-Frame-Options} header field name. */ 487 public static final String X_FRAME_OPTIONS = "X-Frame-Options"; 488 /** The HTTP {@code X-Powered-By} header field name. */ 489 public static final String X_POWERED_BY = "X-Powered-By"; 490 /** 491 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 492 * Public-Key-Pins}</a> header field name. 493 * 494 * @since 15.0 495 */ 496 public static final String PUBLIC_KEY_PINS = "Public-Key-Pins"; 497 /** 498 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 499 * Public-Key-Pins-Report-Only}</a> header field name. 500 * 501 * @since 15.0 502 */ 503 public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only"; 504 /** 505 * The HTTP {@code X-Request-ID} header field name. 506 * 507 * @since 30.1 508 */ 509 public static final String X_REQUEST_ID = "X-Request-ID"; 510 /** The HTTP {@code X-Requested-With} header field name. */ 511 public static final String X_REQUESTED_WITH = "X-Requested-With"; 512 /** The HTTP {@code X-User-IP} header field name. */ 513 public static final String X_USER_IP = "X-User-IP"; 514 515 /** 516 * The HTTP <a 517 * href="https://learn.microsoft.com/en-us/archive/blogs/ieinternals/internet-explorer-and-custom-http-headers#:~:text=X%2DDownload%2DOptions">{@code 518 * X-Download-Options}</a> header field name. 519 * 520 * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is 521 * prevented from opening a file download directly; instead, they must first save the file 522 * locally. 523 * 524 * @since 24.1 525 */ 526 public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options"; 527 528 /** The HTTP {@code X-XSS-Protection} header field name. */ 529 public static final String X_XSS_PROTECTION = "X-XSS-Protection"; 530 /** 531 * The HTTP <a 532 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code 533 * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off". 534 * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages. 535 */ 536 public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control"; 537 /** 538 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 539 * {@code Ping-From}</a> header field name. 540 * 541 * @since 19.0 542 */ 543 public static final String PING_FROM = "Ping-From"; 544 /** 545 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 546 * {@code Ping-To}</a> header field name. 547 * 548 * @since 19.0 549 */ 550 public static final String PING_TO = "Ping-To"; 551 552 /** 553 * The HTTP <a 554 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 555 * Purpose}</a> header field name. 556 * 557 * @since 28.0 558 */ 559 public static final String PURPOSE = "Purpose"; 560 /** 561 * The HTTP <a 562 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 563 * X-Purpose}</a> header field name. 564 * 565 * @since 28.0 566 */ 567 public static final String X_PURPOSE = "X-Purpose"; 568 /** 569 * The HTTP <a 570 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 571 * X-Moz}</a> header field name. 572 * 573 * @since 28.0 574 */ 575 public static final String X_MOZ = "X-Moz"; 576 577 /** 578 * The HTTP <a 579 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code 580 * Device-Memory}</a> header field name. 581 * 582 * @since 31.0 583 */ 584 public static final String DEVICE_MEMORY = "Device-Memory"; 585 586 /** 587 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code 588 * Downlink}</a> header field name. 589 * 590 * @since 31.0 591 */ 592 public static final String DOWNLINK = "Downlink"; 593 594 /** 595 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code 596 * ECT}</a> header field name. 597 * 598 * @since 31.0 599 */ 600 public static final String ECT = "ECT"; 601 602 /** 603 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code 604 * RTT}</a> header field name. 605 * 606 * @since 31.0 607 */ 608 public static final String RTT = "RTT"; 609 610 /** 611 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code 612 * Save-Data}</a> header field name. 613 * 614 * @since 31.0 615 */ 616 public static final String SAVE_DATA = "Save-Data"; 617 618 /** 619 * The HTTP <a 620 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code 621 * Viewport-Width}</a> header field name. 622 * 623 * @since 31.0 624 */ 625 public static final String VIEWPORT_WIDTH = "Viewport-Width"; 626 627 /** 628 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code 629 * Width}</a> header field name. 630 * 631 * @since 31.0 632 */ 633 public static final String WIDTH = "Width"; 634 635 /** 636 * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a> 637 * header field name. 638 * 639 * @since 31.0 640 */ 641 public static final String PERMISSIONS_POLICY = "Permissions-Policy"; 642 643 /** 644 * The HTTP <a 645 * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code 646 * Permissions-Policy-Report-Only}</a> header field name. 647 * 648 * @since 33.2.0 649 */ 650 public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only"; 651 652 /** 653 * The HTTP <a 654 * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code 655 * Sec-CH-Prefers-Color-Scheme}</a> header field name. 656 * 657 * <p>This header is experimental. 658 * 659 * @since 31.0 660 */ 661 public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme"; 662 663 /** 664 * The HTTP <a 665 * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code 666 * Accept-CH}</a> header field name. 667 * 668 * @since 31.0 669 */ 670 public static final String ACCEPT_CH = "Accept-CH"; 671 /** 672 * The HTTP <a 673 * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code 674 * Critical-CH}</a> header field name. 675 * 676 * @since 31.0 677 */ 678 public static final String CRITICAL_CH = "Critical-CH"; 679 680 /** 681 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a> 682 * header field name. 683 * 684 * @since 30.0 685 */ 686 public static final String SEC_CH_UA = "Sec-CH-UA"; 687 /** 688 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code 689 * Sec-CH-UA-Arch}</a> header field name. 690 * 691 * @since 30.0 692 */ 693 public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch"; 694 /** 695 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code 696 * Sec-CH-UA-Model}</a> header field name. 697 * 698 * @since 30.0 699 */ 700 public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model"; 701 /** 702 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code 703 * Sec-CH-UA-Platform}</a> header field name. 704 * 705 * @since 30.0 706 */ 707 public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform"; 708 /** 709 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code 710 * Sec-CH-UA-Platform-Version}</a> header field name. 711 * 712 * @since 30.0 713 */ 714 public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version"; 715 /** 716 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code 717 * Sec-CH-UA-Full-Version}</a> header field name. 718 * 719 * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}. 720 * @since 30.0 721 */ 722 @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version"; 723 /** 724 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code 725 * Sec-CH-UA-Full-Version}</a> header field name. 726 * 727 * @since 31.1 728 */ 729 public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List"; 730 /** 731 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code 732 * Sec-CH-UA-Mobile}</a> header field name. 733 * 734 * @since 30.0 735 */ 736 public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile"; 737 /** 738 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code 739 * Sec-CH-UA-WoW64}</a> header field name. 740 * 741 * @since 32.0.0 742 */ 743 public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64"; 744 /** 745 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code 746 * Sec-CH-UA-Bitness}</a> header field name. 747 * 748 * @since 31.0 749 */ 750 public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness"; 751 752 /** 753 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code 754 * Sec-CH-UA-Form-Factor}</a> header field name. 755 * 756 * @deprecated Prefer {@link SEC_CH_UA_FORM_FACTORS}. 757 * @since 32.0.0 758 */ 759 @Deprecated public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor"; 760 761 /** 762 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factors">{@code 763 * Sec-CH-UA-Form-Factors}</a> header field name. 764 * 765 * @since 33.3.0 766 */ 767 public static final String SEC_CH_UA_FORM_FACTORS = "Sec-CH-UA-Form-Factors"; 768 769 /** 770 * The HTTP <a 771 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code 772 * Sec-CH-Viewport-Width}</a> header field name. 773 * 774 * @since 32.0.0 775 */ 776 public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width"; 777 /** 778 * The HTTP <a 779 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code 780 * Sec-CH-Viewport-Height}</a> header field name. 781 * 782 * @since 32.0.0 783 */ 784 public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height"; 785 /** 786 * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code 787 * Sec-CH-DPR}</a> header field name. 788 * 789 * @since 32.0.0 790 */ 791 public static final String SEC_CH_DPR = "Sec-CH-DPR"; 792 /** 793 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a> 794 * header field name. 795 * 796 * @since 27.1 797 */ 798 public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest"; 799 /** 800 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a> 801 * header field name. 802 * 803 * @since 27.1 804 */ 805 public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode"; 806 /** 807 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a> 808 * header field name. 809 * 810 * @since 27.1 811 */ 812 public static final String SEC_FETCH_SITE = "Sec-Fetch-Site"; 813 /** 814 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a> 815 * header field name. 816 * 817 * @since 27.1 818 */ 819 public static final String SEC_FETCH_USER = "Sec-Fetch-User"; 820 /** 821 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a> 822 * header field name. 823 * 824 * @since 26.0 825 */ 826 public static final String SEC_METADATA = "Sec-Metadata"; 827 828 /** 829 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https">{@code 830 * Sec-Token-Binding}</a> header field name. 831 * 832 * @since 25.1 833 */ 834 public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding"; 835 836 /** 837 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code 838 * Sec-Provided-Token-Binding-ID}</a> header field name. 839 * 840 * @since 25.1 841 */ 842 public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID"; 843 844 /** 845 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code 846 * Sec-Referred-Token-Binding-ID}</a> header field name. 847 * 848 * @since 25.1 849 */ 850 public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID"; 851 852 /** 853 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 854 * Sec-WebSocket-Accept}</a> header field name. 855 * 856 * @since 28.0 857 */ 858 public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept"; 859 860 /** 861 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 862 * Sec-WebSocket-Extensions}</a> header field name. 863 * 864 * @since 28.0 865 */ 866 public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions"; 867 868 /** 869 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code Sec-WebSocket-Key}</a> 870 * header field name. 871 * 872 * @since 28.0 873 */ 874 public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key"; 875 876 /** 877 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 878 * Sec-WebSocket-Protocol}</a> header field name. 879 * 880 * @since 28.0 881 */ 882 public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol"; 883 884 /** 885 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 886 * Sec-WebSocket-Version}</a> header field name. 887 * 888 * @since 28.0 889 */ 890 public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version"; 891 892 /** 893 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 894 * Sec-Browsing-Topics}</a> header field name. 895 * 896 * @since 32.0.0 897 */ 898 public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics"; 899 /** 900 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 901 * Observe-Browsing-Topics}</a> header field name. 902 * 903 * @since 32.0.0 904 */ 905 public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics"; 906 907 /** 908 * The HTTP <a 909 * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code 910 * Sec-Ad-Auction-Fetch}</a> header field name. 911 * 912 * @since 33.0.0 913 */ 914 public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch"; 915 916 /** 917 * The HTTP <a 918 * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code 919 * Sec-GPC}</a> header field name. 920 * 921 * @since 33.2.0 922 */ 923 public static final String SEC_GPC = "Sec-GPC"; 924 925 /** 926 * The HTTP <a 927 * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code 928 * Ad-Auction-Signals}</a> header field name. 929 * 930 * @since 33.0.0 931 */ 932 public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals"; 933 934 /** 935 * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code 936 * Ad-Auction-Allowed}</a> header field name. 937 * 938 * @since 33.2.0 939 */ 940 public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed"; 941 942 /** 943 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8586">{@code CDN-Loop}</a> header 944 * field name. 945 * 946 * @since 28.0 947 */ 948 public static final String CDN_LOOP = "CDN-Loop"; 949 950 /** 951 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7838#page-8">{@code Alt-Svc}</a> 952 * header field name. 953 * 954 * @since 33.4.0 955 */ 956 public static final String ALT_SVC = "Alt-Svc"; 957}