Source code

001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.GwtCompatible;
018
019/**
020 * Contains constant definitions for the HTTP header field names. See:
021 *
022 * <ul>
023 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
028 * </ul>
029 *
030 * @author Kurt Alfred Kluever
031 * @since 11.0
032 */
033@GwtCompatible
034public final class HttpHeaders {
035  private HttpHeaders() {}
036
037  // HTTP Request and Response header fields
038
039  /** The HTTP {@code Cache-Control} header field name. */
040  public static final String CACHE_CONTROL = "Cache-Control";
041
042  /** The HTTP {@code Content-Length} header field name. */
043  public static final String CONTENT_LENGTH = "Content-Length";
044
045  /** The HTTP {@code Content-Type} header field name. */
046  public static final String CONTENT_TYPE = "Content-Type";
047
048  /** The HTTP {@code Date} header field name. */
049  public static final String DATE = "Date";
050
051  /** The HTTP {@code Pragma} header field name. */
052  public static final String PRAGMA = "Pragma";
053
054  /** The HTTP {@code Via} header field name. */
055  public static final String VIA = "Via";
056
057  /** The HTTP {@code Warning} header field name. */
058  public static final String WARNING = "Warning";
059
060  // HTTP Request header fields
061
062  /** The HTTP {@code Accept} header field name. */
063  public static final String ACCEPT = "Accept";
064
065  /** The HTTP {@code Accept-Charset} header field name. */
066  public static final String ACCEPT_CHARSET = "Accept-Charset";
067
068  /** The HTTP {@code Accept-Encoding} header field name. */
069  public static final String ACCEPT_ENCODING = "Accept-Encoding";
070
071  /** The HTTP {@code Accept-Language} header field name. */
072  public static final String ACCEPT_LANGUAGE = "Accept-Language";
073
074  /** The HTTP {@code Accept-Signature} header field name. */
075  public static final String ACCEPT_SIGNATURE = "Accept-Signature";
076
077  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
078  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
079
080  /** The HTTP {@code Access-Control-Request-Method} header field name. */
081  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
082
083  /** The HTTP {@code Authorization} header field name. */
084  public static final String AUTHORIZATION = "Authorization";
085
086  /** The HTTP {@code Connection} header field name. */
087  public static final String CONNECTION = "Connection";
088
089  /** The HTTP {@code Cookie} header field name. */
090  public static final String COOKIE = "Cookie";
091
092  /**
093   * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code
094   * Cross-Origin-Resource-Policy}</a> header field name.
095   *
096   * @since 28.0
097   */
098  public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy";
099
100  /**
101   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8470">{@code Early-Data}</a> header
102   * field name.
103   *
104   * @since 27.0
105   */
106  public static final String EARLY_DATA = "Early-Data";
107
108  /** The HTTP {@code Expect} header field name. */
109  public static final String EXPECT = "Expect";
110
111  /** The HTTP {@code From} header field name. */
112  public static final String FROM = "From";
113
114  /**
115   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7239">{@code Forwarded}</a> header
116   * field name.
117   *
118   * @since 20.0
119   */
120  public static final String FORWARDED = "Forwarded";
121
122  /**
123   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
124   *
125   * @since 17.0
126   */
127  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
128
129  /** The HTTP {@code Host} header field name. */
130  public static final String HOST = "Host";
131
132  /**
133   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7540#section-3.2.1">{@code
134   * HTTP2-Settings} </a> header field name.
135   *
136   * @since 24.0
137   */
138  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
139
140  /** The HTTP {@code If-Match} header field name. */
141  public static final String IF_MATCH = "If-Match";
142
143  /** The HTTP {@code If-Modified-Since} header field name. */
144  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
145
146  /** The HTTP {@code If-None-Match} header field name. */
147  public static final String IF_NONE_MATCH = "If-None-Match";
148
149  /** The HTTP {@code If-Range} header field name. */
150  public static final String IF_RANGE = "If-Range";
151
152  /** The HTTP {@code If-Unmodified-Since} header field name. */
153  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
154
155  /** The HTTP {@code Last-Event-ID} header field name. */
156  public static final String LAST_EVENT_ID = "Last-Event-ID";
157
158  /** The HTTP {@code Max-Forwards} header field name. */
159  public static final String MAX_FORWARDS = "Max-Forwards";
160
161  /** The HTTP {@code Origin} header field name. */
162  public static final String ORIGIN = "Origin";
163
164  /**
165   * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header
166   * field name.
167   *
168   * @since 30.1
169   */
170  public static final String ORIGIN_ISOLATION = "Origin-Isolation";
171
172  /** The HTTP {@code Proxy-Authorization} header field name. */
173  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
174
175  /** The HTTP {@code Range} header field name. */
176  public static final String RANGE = "Range";
177
178  /** The HTTP {@code Referer} header field name. */
179  public static final String REFERER = "Referer";
180
181  /**
182   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
183   * field name.
184   *
185   * @since 23.4
186   */
187  public static final String REFERRER_POLICY = "Referrer-Policy";
188
189  /**
190   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
191   * header.
192   *
193   * @since 23.4
194   */
195  public static final class ReferrerPolicyValues {
196    private ReferrerPolicyValues() {}
197
198    public static final String NO_REFERRER = "no-referrer";
199    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
200    public static final String SAME_ORIGIN = "same-origin";
201    public static final String ORIGIN = "origin";
202    public static final String STRICT_ORIGIN = "strict-origin";
203    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
204    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
205    public static final String UNSAFE_URL = "unsafe-url";
206  }
207
208  /**
209   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
210   * Service-Worker}</a> header field name.
211   *
212   * @since 20.0
213   */
214  public static final String SERVICE_WORKER = "Service-Worker";
215
216  /** The HTTP {@code TE} header field name. */
217  public static final String TE = "TE";
218
219  /** The HTTP {@code Upgrade} header field name. */
220  public static final String UPGRADE = "Upgrade";
221
222  /**
223   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
224   * Upgrade-Insecure-Requests}</a> header field name.
225   *
226   * @since 28.1
227   */
228  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";
229
230  /** The HTTP {@code User-Agent} header field name. */
231  public static final String USER_AGENT = "User-Agent";
232
233  // HTTP Response header fields
234
235  /** The HTTP {@code Accept-Ranges} header field name. */
236  public static final String ACCEPT_RANGES = "Accept-Ranges";
237
238  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
239  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
240
241  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
242  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
243
244  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
245  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
246
247  /**
248   * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code
249   * Access-Control-Allow-Private-Network}</a> header field name.
250   *
251   * @since 31.1
252   */
253  public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK =
254      "Access-Control-Allow-Private-Network";
255
256  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
257  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
258
259  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
260  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
261
262  /** The HTTP {@code Access-Control-Max-Age} header field name. */
263  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
264
265  /** The HTTP {@code Age} header field name. */
266  public static final String AGE = "Age";
267
268  /** The HTTP {@code Allow} header field name. */
269  public static final String ALLOW = "Allow";
270
271  /** The HTTP {@code Content-Disposition} header field name. */
272  public static final String CONTENT_DISPOSITION = "Content-Disposition";
273
274  /** The HTTP {@code Content-Encoding} header field name. */
275  public static final String CONTENT_ENCODING = "Content-Encoding";
276
277  /** The HTTP {@code Content-Language} header field name. */
278  public static final String CONTENT_LANGUAGE = "Content-Language";
279
280  /** The HTTP {@code Content-Location} header field name. */
281  public static final String CONTENT_LOCATION = "Content-Location";
282
283  /** The HTTP {@code Content-MD5} header field name. */
284  public static final String CONTENT_MD5 = "Content-MD5";
285
286  /** The HTTP {@code Content-Range} header field name. */
287  public static final String CONTENT_RANGE = "Content-Range";
288
289  /**
290   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
291   * Content-Security-Policy}</a> header field name.
292   *
293   * @since 15.0
294   */
295  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
296
297  /**
298   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
299   * {@code Content-Security-Policy-Report-Only}</a> header field name.
300   *
301   * @since 15.0
302   */
303  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
304      "Content-Security-Policy-Report-Only";
305
306  /**
307   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
308   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
309   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
310   * to pass the CSP.
311   *
312   * @since 20.0
313   */
314  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
315
316  /**
317   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
318   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
319   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
320   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
321   *
322   * @since 20.0
323   */
324  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
325      "X-Content-Security-Policy-Report-Only";
326
327  /**
328   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
329   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
330   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
331   *
332   * @since 20.0
333   */
334  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
335
336  /**
337   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
338   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
339   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
340   *
341   * @since 20.0
342   */
343  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
344
345  /**
346   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code
347   * Cross-Origin-Embedder-Policy}</a> header field name.
348   *
349   * @since 30.0
350   */
351  public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy";
352
353  /**
354   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
355   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
356   *
357   * @since 30.0
358   */
359  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
360      "Cross-Origin-Embedder-Policy-Report-Only";
361
362  /**
363   * The HTTP Cross-Origin-Opener-Policy header field name.
364   *
365   * @since 28.2
366   */
367  public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy";
368
369  /** The HTTP {@code ETag} header field name. */
370  public static final String ETAG = "ETag";
371
372  /** The HTTP {@code Expires} header field name. */
373  public static final String EXPIRES = "Expires";
374
375  /** The HTTP {@code Identity-Digest} header field name. */
376  public static final String IDENTITY_DIGEST = "Identity-Digest";
377
378  /** The HTTP {@code Last-Modified} header field name. */
379  public static final String LAST_MODIFIED = "Last-Modified";
380
381  /** The HTTP {@code Link} header field name. */
382  public static final String LINK = "Link";
383
384  /** The HTTP {@code Location} header field name. */
385  public static final String LOCATION = "Location";
386
387  /**
388   * The HTTP {@code Keep-Alive} header field name.
389   *
390   * @since 31.0
391   */
392  public static final String KEEP_ALIVE = "Keep-Alive";
393
394  /**
395   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code
396   * No-Vary-Seearch}</a> header field name.
397   *
398   * @since 32.0.0
399   */
400  public static final String NO_VARY_SEARCH = "No-Vary-Search";
401
402  /**
403   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
404   * header field name.
405   *
406   * @since 27.1
407   */
408  public static final String ORIGIN_TRIAL = "Origin-Trial";
409
410  /** The HTTP {@code P3P} header field name. Limited browser support. */
411  public static final String P3P = "P3P";
412
413  /** The HTTP {@code Proxy-Authenticate} header field name. */
414  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
415
416  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
417  public static final String REFRESH = "Refresh";
418
419  /**
420   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
421   *
422   * @since 27.1
423   */
424  public static final String REPORT_TO = "Report-To";
425
426  /** The HTTP {@code Retry-After} header field name. */
427  public static final String RETRY_AFTER = "Retry-After";
428
429  /** The HTTP {@code Server} header field name. */
430  public static final String SERVER = "Server";
431
432  /**
433   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
434   * name.
435   *
436   * @since 23.6
437   */
438  public static final String SERVER_TIMING = "Server-Timing";
439
440  /**
441   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
442   * Service-Worker-Allowed}</a> header field name.
443   *
444   * @since 20.0
445   */
446  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
447
448  /** The HTTP {@code Set-Cookie} header field name. */
449  public static final String SET_COOKIE = "Set-Cookie";
450
451  /** The HTTP {@code Set-Cookie2} header field name. */
452  public static final String SET_COOKIE2 = "Set-Cookie2";
453
454  /** The HTTP {@code Signature} header field name. */
455  public static final String SIGNATURE = "Signature";
456
457  /** The HTTP {@code Signature-Input} header field name. */
458  public static final String SIGNATURE_INPUT = "Signature-Input";
459
460  /**
461   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap">{@code
462   * SourceMap}</a> header field name.
463   *
464   * @since 27.1
465   */
466  public static final String SOURCE_MAP = "SourceMap";
467
468  /**
469   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code
470   * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a
471   * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced
472   * frames</a>.
473   *
474   * @since 32.0.0
475   */
476  public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode";
477
478  /**
479   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
480   * Strict-Transport-Security}</a> header field name.
481   *
482   * @since 15.0
483   */
484  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
485
486  /**
487   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
488   * Timing-Allow-Origin}</a> header field name.
489   *
490   * @since 15.0
491   */
492  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
493
494  /** The HTTP {@code Trailer} header field name. */
495  public static final String TRAILER = "Trailer";
496
497  /** The HTTP {@code Transfer-Encoding} header field name. */
498  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
499
500  /** The HTTP {@code Vary} header field name. */
501  public static final String VARY = "Vary";
502
503  /** The HTTP {@code WWW-Authenticate} header field name. */
504  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
505
506  // Common, non-standard HTTP header fields
507
508  /** The HTTP {@code DNT} header field name. */
509  public static final String DNT = "DNT";
510
511  /** The HTTP {@code X-Content-Type-Options} header field name. */
512  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
513
514  /**
515   * The HTTP <a
516   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
517   * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of
518   * the device on whose behalf the request is being made.
519   *
520   * @since 31.0
521   */
522  public static final String X_DEVICE_IP = "X-Device-IP";
523
524  /**
525   * The HTTP <a
526   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
527   * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link
528   * #REFERER} header value that the on-behalf-of client would have used when making a request
529   * itself.
530   *
531   * @since 31.0
532   */
533  public static final String X_DEVICE_REFERER = "X-Device-Referer";
534
535  /**
536   * The HTTP <a
537   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
538   * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the
539   * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making
540   * a request itself.
541   *
542   * @since 31.0
543   */
544  public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language";
545
546  /**
547   * The HTTP <a
548   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
549   * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the
550   * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making
551   * a request itself.
552   *
553   * @since 31.0
554   */
555  public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With";
556
557  /** The HTTP {@code X-Do-Not-Track} header field name. */
558  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
559
560  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
561  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
562
563  /** The HTTP {@code X-Forwarded-Proto} header field name. */
564  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
565
566  /**
567   * The HTTP <a
568   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host">{@code
569   * X-Forwarded-Host}</a> header field name.
570   *
571   * @since 20.0
572   */
573  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
574
575  /**
576   * The HTTP <a
577   * href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port">{@code
578   * X-Forwarded-Port}</a> header field name.
579   *
580   * @since 20.0
581   */
582  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
583
584  /** The HTTP {@code X-Frame-Options} header field name. */
585  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
586
587  /** The HTTP {@code X-Powered-By} header field name. */
588  public static final String X_POWERED_BY = "X-Powered-By";
589
590  /**
591   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
592   * Public-Key-Pins}</a> header field name.
593   *
594   * @since 15.0
595   */
596  public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
597
598  /**
599   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
600   * Public-Key-Pins-Report-Only}</a> header field name.
601   *
602   * @since 15.0
603   */
604  public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
605
606  /**
607   * The HTTP {@code X-Request-ID} header field name.
608   *
609   * @since 30.1
610   */
611  public static final String X_REQUEST_ID = "X-Request-ID";
612
613  /** The HTTP {@code X-Requested-With} header field name. */
614  public static final String X_REQUESTED_WITH = "X-Requested-With";
615
616  /** The HTTP {@code X-User-IP} header field name. */
617  public static final String X_USER_IP = "X-User-IP";
618
619  /**
620   * The HTTP <a
621   * href="https://learn.microsoft.com/en-us/archive/blogs/ieinternals/internet-explorer-and-custom-http-headers#:~:text=X%2DDownload%2DOptions">{@code
622   * X-Download-Options}</a> header field name.
623   *
624   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
625   * prevented from opening a file download directly; instead, they must first save the file
626   * locally.
627   *
628   * @since 24.1
629   */
630  public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
631
632  /** The HTTP {@code X-XSS-Protection} header field name. */
633  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
634
635  /**
636   * The HTTP <a
637   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
638   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
639   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
640   */
641  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
642
643  /**
644   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
645   * {@code Ping-From}</a> header field name.
646   *
647   * @since 19.0
648   */
649  public static final String PING_FROM = "Ping-From";
650
651  /**
652   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
653   * {@code Ping-To}</a> header field name.
654   *
655   * @since 19.0
656   */
657  public static final String PING_TO = "Ping-To";
658
659  /**
660   * The HTTP <a
661   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
662   * Purpose}</a> header field name.
663   *
664   * @since 28.0
665   */
666  public static final String PURPOSE = "Purpose";
667
668  /**
669   * The HTTP <a
670   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
671   * X-Purpose}</a> header field name.
672   *
673   * @since 28.0
674   */
675  public static final String X_PURPOSE = "X-Purpose";
676
677  /**
678   * The HTTP <a
679   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
680   * X-Moz}</a> header field name.
681   *
682   * @since 28.0
683   */
684  public static final String X_MOZ = "X-Moz";
685
686  /**
687   * The HTTP <a
688   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code
689   * Device-Memory}</a> header field name.
690   *
691   * @since 31.0
692   */
693  public static final String DEVICE_MEMORY = "Device-Memory";
694
695  /**
696   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code
697   * Downlink}</a> header field name.
698   *
699   * @since 31.0
700   */
701  public static final String DOWNLINK = "Downlink";
702
703  /**
704   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code
705   * ECT}</a> header field name.
706   *
707   * @since 31.0
708   */
709  public static final String ECT = "ECT";
710
711  /**
712   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code
713   * RTT}</a> header field name.
714   *
715   * @since 31.0
716   */
717  public static final String RTT = "RTT";
718
719  /**
720   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code
721   * Save-Data}</a> header field name.
722   *
723   * @since 31.0
724   */
725  public static final String SAVE_DATA = "Save-Data";
726
727  /**
728   * The HTTP <a
729   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code
730   * Viewport-Width}</a> header field name.
731   *
732   * @since 31.0
733   */
734  public static final String VIEWPORT_WIDTH = "Viewport-Width";
735
736  /**
737   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code
738   * Width}</a> header field name.
739   *
740   * @since 31.0
741   */
742  public static final String WIDTH = "Width";
743
744  /**
745   * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a>
746   * header field name.
747   *
748   * @since 31.0
749   */
750  public static final String PERMISSIONS_POLICY = "Permissions-Policy";
751
752  /**
753   * The HTTP <a
754   * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code
755   * Permissions-Policy-Report-Only}</a> header field name.
756   *
757   * @since 33.2.0
758   */
759  public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only";
760
761  /**
762   * The HTTP <a
763   * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code
764   * Sec-CH-Prefers-Color-Scheme}</a> header field name.
765   *
766   * <p>This header is experimental.
767   *
768   * @since 31.0
769   */
770  public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme";
771
772  /**
773   * The HTTP <a
774   * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code
775   * Accept-CH}</a> header field name.
776   *
777   * @since 31.0
778   */
779  public static final String ACCEPT_CH = "Accept-CH";
780
781  /**
782   * The HTTP <a
783   * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code
784   * Critical-CH}</a> header field name.
785   *
786   * @since 31.0
787   */
788  public static final String CRITICAL_CH = "Critical-CH";
789
790  /**
791   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a>
792   * header field name.
793   *
794   * @since 30.0
795   */
796  public static final String SEC_CH_UA = "Sec-CH-UA";
797
798  /**
799   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code
800   * Sec-CH-UA-Arch}</a> header field name.
801   *
802   * @since 30.0
803   */
804  public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch";
805
806  /**
807   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code
808   * Sec-CH-UA-Model}</a> header field name.
809   *
810   * @since 30.0
811   */
812  public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model";
813
814  /**
815   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code
816   * Sec-CH-UA-Platform}</a> header field name.
817   *
818   * @since 30.0
819   */
820  public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform";
821
822  /**
823   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code
824   * Sec-CH-UA-Platform-Version}</a> header field name.
825   *
826   * @since 30.0
827   */
828  public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version";
829
830  /**
831   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code
832   * Sec-CH-UA-Full-Version}</a> header field name.
833   *
834   * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}.
835   * @since 30.0
836   */
837  @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version";
838
839  /**
840   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code
841   * Sec-CH-UA-Full-Version}</a> header field name.
842   *
843   * @since 31.1
844   */
845  public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List";
846
847  /**
848   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code
849   * Sec-CH-UA-Mobile}</a> header field name.
850   *
851   * @since 30.0
852   */
853  public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile";
854
855  /**
856   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code
857   * Sec-CH-UA-WoW64}</a> header field name.
858   *
859   * @since 32.0.0
860   */
861  public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64";
862
863  /**
864   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code
865   * Sec-CH-UA-Bitness}</a> header field name.
866   *
867   * @since 31.0
868   */
869  public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness";
870
871  /**
872   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code
873   * Sec-CH-UA-Form-Factor}</a> header field name.
874   *
875   * @deprecated Prefer {@link SEC_CH_UA_FORM_FACTORS}.
876   * @since 32.0.0
877   */
878  @Deprecated public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor";
879
880  /**
881   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factors">{@code
882   * Sec-CH-UA-Form-Factors}</a> header field name.
883   *
884   * @since 33.3.0
885   */
886  public static final String SEC_CH_UA_FORM_FACTORS = "Sec-CH-UA-Form-Factors";
887
888  /**
889   * The HTTP <a
890   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code
891   * Sec-CH-Viewport-Width}</a> header field name.
892   *
893   * @since 32.0.0
894   */
895  public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width";
896
897  /**
898   * The HTTP <a
899   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code
900   * Sec-CH-Viewport-Height}</a> header field name.
901   *
902   * @since 32.0.0
903   */
904  public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height";
905
906  /**
907   * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code
908   * Sec-CH-DPR}</a> header field name.
909   *
910   * @since 32.0.0
911   */
912  public static final String SEC_CH_DPR = "Sec-CH-DPR";
913
914  /**
915   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a>
916   * header field name.
917   *
918   * @since 27.1
919   */
920  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
921
922  /**
923   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a>
924   * header field name.
925   *
926   * @since 27.1
927   */
928  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
929
930  /**
931   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a>
932   * header field name.
933   *
934   * @since 27.1
935   */
936  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
937
938  /**
939   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a>
940   * header field name.
941   *
942   * @since 27.1
943   */
944  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
945
946  /**
947   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a>
948   * header field name.
949   *
950   * @since 26.0
951   */
952  public static final String SEC_METADATA = "Sec-Metadata";
953
954  /**
955   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https">{@code
956   * Sec-Token-Binding}</a> header field name.
957   *
958   * @since 25.1
959   */
960  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
961
962  /**
963   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
964   * Sec-Provided-Token-Binding-ID}</a> header field name.
965   *
966   * @since 25.1
967   */
968  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
969
970  /**
971   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
972   * Sec-Referred-Token-Binding-ID}</a> header field name.
973   *
974   * @since 25.1
975   */
976  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
977
978  /**
979   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
980   * Sec-WebSocket-Accept}</a> header field name.
981   *
982   * @since 28.0
983   */
984  public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept";
985
986  /**
987   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
988   * Sec-WebSocket-Extensions}</a> header field name.
989   *
990   * @since 28.0
991   */
992  public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions";
993
994  /**
995   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code Sec-WebSocket-Key}</a>
996   * header field name.
997   *
998   * @since 28.0
999   */
1000  public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
1001
1002  /**
1003   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
1004   * Sec-WebSocket-Protocol}</a> header field name.
1005   *
1006   * @since 28.0
1007   */
1008  public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
1009
1010  /**
1011   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
1012   * Sec-WebSocket-Version}</a> header field name.
1013   *
1014   * @since 28.0
1015   */
1016  public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version";
1017
1018  /**
1019   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
1020   * Sec-Browsing-Topics}</a> header field name.
1021   *
1022   * @since 32.0.0
1023   */
1024  public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics";
1025
1026  /**
1027   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
1028   * Observe-Browsing-Topics}</a> header field name.
1029   *
1030   * @since 32.0.0
1031   */
1032  public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics";
1033
1034  /**
1035   * The HTTP <a
1036   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
1037   * Sec-Ad-Auction-Fetch}</a> header field name.
1038   *
1039   * @since 33.0.0
1040   */
1041  public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch";
1042
1043  /**
1044   * The HTTP <a
1045   * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code
1046   * Sec-GPC}</a> header field name.
1047   *
1048   * @since 33.2.0
1049   */
1050  public static final String SEC_GPC = "Sec-GPC";
1051
1052  /**
1053   * The HTTP <a
1054   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
1055   * Ad-Auction-Signals}</a> header field name.
1056   *
1057   * @since 33.0.0
1058   */
1059  public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals";
1060
1061  /**
1062   * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code
1063   * Ad-Auction-Allowed}</a> header field name.
1064   *
1065   * @since 33.2.0
1066   */
1067  public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed";
1068
1069  /**
1070   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8586">{@code CDN-Loop}</a> header
1071   * field name.
1072   *
1073   * @since 28.0
1074   */
1075  public static final String CDN_LOOP = "CDN-Loop";
1076
1077  /**
1078   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7838#page-8">{@code Alt-Svc}</a>
1079   * header field name.
1080   *
1081   * @since 33.4.0
1082   */
1083  public static final String ALT_SVC = "Alt-Svc";
1084}