001/* 002 * Copyright (C) 2011 The Guava Authors 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except 005 * in compliance with the License. You may obtain a copy of the License at 006 * 007 * http://www.apache.org/licenses/LICENSE-2.0 008 * 009 * Unless required by applicable law or agreed to in writing, software distributed under the License 010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 011 * or implied. See the License for the specific language governing permissions and limitations under 012 * the License. 013 */ 014 015package com.google.common.net; 016 017import com.google.common.annotations.GwtCompatible; 018 019/** 020 * Contains constant definitions for the HTTP header field names. See: 021 * 022 * <ul> 023 * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> 024 * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a> 025 * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> 026 * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> 027 * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a> 028 * </ul> 029 * 030 * @author Kurt Alfred Kluever 031 * @since 11.0 032 */ 033@GwtCompatible 034public final class HttpHeaders { 035 private HttpHeaders() {} 036 037 // HTTP Request and Response header fields 038 039 /** The HTTP {@code Cache-Control} header field name. */ 040 public static final String CACHE_CONTROL = "Cache-Control"; 041 /** The HTTP {@code Content-Length} header field name. */ 042 public static final String CONTENT_LENGTH = "Content-Length"; 043 /** The HTTP {@code Content-Type} header field name. */ 044 public static final String CONTENT_TYPE = "Content-Type"; 045 /** The HTTP {@code Date} header field name. */ 046 public static final String DATE = "Date"; 047 /** The HTTP {@code Pragma} header field name. */ 048 public static final String PRAGMA = "Pragma"; 049 /** The HTTP {@code Via} header field name. */ 050 public static final String VIA = "Via"; 051 /** The HTTP {@code Warning} header field name. */ 052 public static final String WARNING = "Warning"; 053 054 // HTTP Request header fields 055 056 /** The HTTP {@code Accept} header field name. */ 057 public static final String ACCEPT = "Accept"; 058 /** The HTTP {@code Accept-Charset} header field name. */ 059 public static final String ACCEPT_CHARSET = "Accept-Charset"; 060 /** The HTTP {@code Accept-Encoding} header field name. */ 061 public static final String ACCEPT_ENCODING = "Accept-Encoding"; 062 /** The HTTP {@code Accept-Language} header field name. */ 063 public static final String ACCEPT_LANGUAGE = "Accept-Language"; 064 /** The HTTP {@code Access-Control-Request-Headers} header field name. */ 065 public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers"; 066 /** The HTTP {@code Access-Control-Request-Method} header field name. */ 067 public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method"; 068 /** The HTTP {@code Authorization} header field name. */ 069 public static final String AUTHORIZATION = "Authorization"; 070 /** The HTTP {@code Connection} header field name. */ 071 public static final String CONNECTION = "Connection"; 072 /** The HTTP {@code Cookie} header field name. */ 073 public static final String COOKIE = "Cookie"; 074 /** 075 * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code 076 * Cross-Origin-Resource-Policy}</a> header field name. 077 * 078 * @since 28.0 079 */ 080 public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy"; 081 082 /** 083 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8470">{@code Early-Data}</a> header 084 * field name. 085 * 086 * @since 27.0 087 */ 088 public static final String EARLY_DATA = "Early-Data"; 089 090 /** The HTTP {@code Expect} header field name. */ 091 public static final String EXPECT = "Expect"; 092 /** The HTTP {@code From} header field name. */ 093 public static final String FROM = "From"; 094 095 /** 096 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7239">{@code Forwarded}</a> header 097 * field name. 098 * 099 * @since 20.0 100 */ 101 public static final String FORWARDED = "Forwarded"; 102 103 /** 104 * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name. 105 * 106 * @since 17.0 107 */ 108 public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown"; 109 /** The HTTP {@code Host} header field name. */ 110 public static final String HOST = "Host"; 111 112 /** 113 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7540#section-3.2.1">{@code 114 * HTTP2-Settings} </a> header field name. 115 * 116 * @since 24.0 117 */ 118 public static final String HTTP2_SETTINGS = "HTTP2-Settings"; 119 120 /** The HTTP {@code If-Match} header field name. */ 121 public static final String IF_MATCH = "If-Match"; 122 /** The HTTP {@code If-Modified-Since} header field name. */ 123 public static final String IF_MODIFIED_SINCE = "If-Modified-Since"; 124 /** The HTTP {@code If-None-Match} header field name. */ 125 public static final String IF_NONE_MATCH = "If-None-Match"; 126 /** The HTTP {@code If-Range} header field name. */ 127 public static final String IF_RANGE = "If-Range"; 128 /** The HTTP {@code If-Unmodified-Since} header field name. */ 129 public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since"; 130 /** The HTTP {@code Last-Event-ID} header field name. */ 131 public static final String LAST_EVENT_ID = "Last-Event-ID"; 132 /** The HTTP {@code Max-Forwards} header field name. */ 133 public static final String MAX_FORWARDS = "Max-Forwards"; 134 /** The HTTP {@code Origin} header field name. */ 135 public static final String ORIGIN = "Origin"; 136 /** 137 * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header 138 * field name. 139 * 140 * @since 30.1 141 */ 142 public static final String ORIGIN_ISOLATION = "Origin-Isolation"; 143 /** The HTTP {@code Proxy-Authorization} header field name. */ 144 public static final String PROXY_AUTHORIZATION = "Proxy-Authorization"; 145 /** The HTTP {@code Range} header field name. */ 146 public static final String RANGE = "Range"; 147 /** The HTTP {@code Referer} header field name. */ 148 public static final String REFERER = "Referer"; 149 /** 150 * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header 151 * field name. 152 * 153 * @since 23.4 154 */ 155 public static final String REFERRER_POLICY = "Referrer-Policy"; 156 157 /** 158 * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> 159 * header. 160 * 161 * @since 23.4 162 */ 163 public static final class ReferrerPolicyValues { 164 private ReferrerPolicyValues() {} 165 166 public static final String NO_REFERRER = "no-referrer"; 167 public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade"; 168 public static final String SAME_ORIGIN = "same-origin"; 169 public static final String ORIGIN = "origin"; 170 public static final String STRICT_ORIGIN = "strict-origin"; 171 public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin"; 172 public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin"; 173 public static final String UNSAFE_URL = "unsafe-url"; 174 } 175 176 /** 177 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 178 * Service-Worker}</a> header field name. 179 * 180 * @since 20.0 181 */ 182 public static final String SERVICE_WORKER = "Service-Worker"; 183 /** The HTTP {@code TE} header field name. */ 184 public static final String TE = "TE"; 185 /** The HTTP {@code Upgrade} header field name. */ 186 public static final String UPGRADE = "Upgrade"; 187 /** 188 * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code 189 * Upgrade-Insecure-Requests}</a> header field name. 190 * 191 * @since 28.1 192 */ 193 public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests"; 194 195 /** The HTTP {@code User-Agent} header field name. */ 196 public static final String USER_AGENT = "User-Agent"; 197 198 // HTTP Response header fields 199 200 /** The HTTP {@code Accept-Ranges} header field name. */ 201 public static final String ACCEPT_RANGES = "Accept-Ranges"; 202 /** The HTTP {@code Access-Control-Allow-Headers} header field name. */ 203 public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; 204 /** The HTTP {@code Access-Control-Allow-Methods} header field name. */ 205 public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; 206 /** The HTTP {@code Access-Control-Allow-Origin} header field name. */ 207 public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; 208 /** 209 * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code 210 * Access-Control-Allow-Private-Network}</a> header field name. 211 * 212 * @since 31.1 213 */ 214 public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK = 215 "Access-Control-Allow-Private-Network"; 216 /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */ 217 public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; 218 /** The HTTP {@code Access-Control-Expose-Headers} header field name. */ 219 public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; 220 /** The HTTP {@code Access-Control-Max-Age} header field name. */ 221 public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age"; 222 /** The HTTP {@code Age} header field name. */ 223 public static final String AGE = "Age"; 224 /** The HTTP {@code Allow} header field name. */ 225 public static final String ALLOW = "Allow"; 226 /** The HTTP {@code Content-Disposition} header field name. */ 227 public static final String CONTENT_DISPOSITION = "Content-Disposition"; 228 /** The HTTP {@code Content-Encoding} header field name. */ 229 public static final String CONTENT_ENCODING = "Content-Encoding"; 230 /** The HTTP {@code Content-Language} header field name. */ 231 public static final String CONTENT_LANGUAGE = "Content-Language"; 232 /** The HTTP {@code Content-Location} header field name. */ 233 public static final String CONTENT_LOCATION = "Content-Location"; 234 /** The HTTP {@code Content-MD5} header field name. */ 235 public static final String CONTENT_MD5 = "Content-MD5"; 236 /** The HTTP {@code Content-Range} header field name. */ 237 public static final String CONTENT_RANGE = "Content-Range"; 238 /** 239 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code 240 * Content-Security-Policy}</a> header field name. 241 * 242 * @since 15.0 243 */ 244 public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy"; 245 /** 246 * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field"> 247 * {@code Content-Security-Policy-Report-Only}</a> header field name. 248 * 249 * @since 15.0 250 */ 251 public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY = 252 "Content-Security-Policy-Report-Only"; 253 /** 254 * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in 255 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until 256 * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY} 257 * to pass the CSP. 258 * 259 * @since 20.0 260 */ 261 public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy"; 262 /** 263 * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was 264 * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the 265 * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link 266 * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 267 * 268 * @since 20.0 269 */ 270 public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY = 271 "X-Content-Security-Policy-Report-Only"; 272 /** 273 * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a 274 * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 275 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP. 276 * 277 * @since 20.0 278 */ 279 public static final String X_WEBKIT_CSP = "X-WebKit-CSP"; 280 /** 281 * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in 282 * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until 283 * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP. 284 * 285 * @since 20.0 286 */ 287 public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only"; 288 /** 289 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code 290 * Cross-Origin-Embedder-Policy}</a> header field name. 291 * 292 * @since 30.0 293 */ 294 public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy"; 295 /** 296 * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code 297 * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name. 298 * 299 * @since 30.0 300 */ 301 public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY = 302 "Cross-Origin-Embedder-Policy-Report-Only"; 303 /** 304 * The HTTP Cross-Origin-Opener-Policy header field name. 305 * 306 * @since 28.2 307 */ 308 public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy"; 309 /** The HTTP {@code ETag} header field name. */ 310 public static final String ETAG = "ETag"; 311 /** The HTTP {@code Expires} header field name. */ 312 public static final String EXPIRES = "Expires"; 313 /** The HTTP {@code Last-Modified} header field name. */ 314 public static final String LAST_MODIFIED = "Last-Modified"; 315 /** The HTTP {@code Link} header field name. */ 316 public static final String LINK = "Link"; 317 /** The HTTP {@code Location} header field name. */ 318 public static final String LOCATION = "Location"; 319 /** 320 * The HTTP {@code Keep-Alive} header field name. 321 * 322 * @since 31.0 323 */ 324 public static final String KEEP_ALIVE = "Keep-Alive"; 325 /** 326 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code 327 * No-Vary-Seearch}</a> header field name. 328 * 329 * @since 32.0.0 330 */ 331 public static final String NO_VARY_SEARCH = "No-Vary-Search"; 332 /** 333 * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a> 334 * header field name. 335 * 336 * @since 27.1 337 */ 338 public static final String ORIGIN_TRIAL = "Origin-Trial"; 339 /** The HTTP {@code P3P} header field name. Limited browser support. */ 340 public static final String P3P = "P3P"; 341 /** The HTTP {@code Proxy-Authenticate} header field name. */ 342 public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate"; 343 /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */ 344 public static final String REFRESH = "Refresh"; 345 /** 346 * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name. 347 * 348 * @since 27.1 349 */ 350 public static final String REPORT_TO = "Report-To"; 351 /** The HTTP {@code Retry-After} header field name. */ 352 public static final String RETRY_AFTER = "Retry-After"; 353 /** The HTTP {@code Server} header field name. */ 354 public static final String SERVER = "Server"; 355 /** 356 * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field 357 * name. 358 * 359 * @since 23.6 360 */ 361 public static final String SERVER_TIMING = "Server-Timing"; 362 /** 363 * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code 364 * Service-Worker-Allowed}</a> header field name. 365 * 366 * @since 20.0 367 */ 368 public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed"; 369 /** The HTTP {@code Set-Cookie} header field name. */ 370 public static final String SET_COOKIE = "Set-Cookie"; 371 /** The HTTP {@code Set-Cookie2} header field name. */ 372 public static final String SET_COOKIE2 = "Set-Cookie2"; 373 374 /** 375 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap">{@code 376 * SourceMap}</a> header field name. 377 * 378 * @since 27.1 379 */ 380 public static final String SOURCE_MAP = "SourceMap"; 381 382 /** 383 * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code 384 * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a 385 * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced 386 * frames</a>. 387 * 388 * @since 32.0.0 389 */ 390 public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode"; 391 392 /** 393 * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code 394 * Strict-Transport-Security}</a> header field name. 395 * 396 * @since 15.0 397 */ 398 public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security"; 399 /** 400 * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code 401 * Timing-Allow-Origin}</a> header field name. 402 * 403 * @since 15.0 404 */ 405 public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin"; 406 /** The HTTP {@code Trailer} header field name. */ 407 public static final String TRAILER = "Trailer"; 408 /** The HTTP {@code Transfer-Encoding} header field name. */ 409 public static final String TRANSFER_ENCODING = "Transfer-Encoding"; 410 /** The HTTP {@code Vary} header field name. */ 411 public static final String VARY = "Vary"; 412 /** The HTTP {@code WWW-Authenticate} header field name. */ 413 public static final String WWW_AUTHENTICATE = "WWW-Authenticate"; 414 415 // Common, non-standard HTTP header fields 416 417 /** The HTTP {@code DNT} header field name. */ 418 public static final String DNT = "DNT"; 419 /** The HTTP {@code X-Content-Type-Options} header field name. */ 420 public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options"; 421 /** 422 * The HTTP <a 423 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 424 * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of 425 * the device on whose behalf the request is being made. 426 * 427 * @since 31.0 428 */ 429 public static final String X_DEVICE_IP = "X-Device-IP"; 430 /** 431 * The HTTP <a 432 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 433 * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link 434 * #REFERER} header value that the on-behalf-of client would have used when making a request 435 * itself. 436 * 437 * @since 31.0 438 */ 439 public static final String X_DEVICE_REFERER = "X-Device-Referer"; 440 /** 441 * The HTTP <a 442 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 443 * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the 444 * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making 445 * a request itself. 446 * 447 * @since 31.0 448 */ 449 public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language"; 450 /** 451 * The HTTP <a 452 * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code 453 * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the 454 * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making 455 * a request itself. 456 * 457 * @since 31.0 458 */ 459 public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With"; 460 /** The HTTP {@code X-Do-Not-Track} header field name. */ 461 public static final String X_DO_NOT_TRACK = "X-Do-Not-Track"; 462 /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */ 463 public static final String X_FORWARDED_FOR = "X-Forwarded-For"; 464 /** The HTTP {@code X-Forwarded-Proto} header field name. */ 465 public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto"; 466 467 /** 468 * The HTTP <a 469 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host">{@code 470 * X-Forwarded-Host}</a> header field name. 471 * 472 * @since 20.0 473 */ 474 public static final String X_FORWARDED_HOST = "X-Forwarded-Host"; 475 476 /** 477 * The HTTP <a 478 * href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port">{@code 479 * X-Forwarded-Port}</a> header field name. 480 * 481 * @since 20.0 482 */ 483 public static final String X_FORWARDED_PORT = "X-Forwarded-Port"; 484 485 /** The HTTP {@code X-Frame-Options} header field name. */ 486 public static final String X_FRAME_OPTIONS = "X-Frame-Options"; 487 /** The HTTP {@code X-Powered-By} header field name. */ 488 public static final String X_POWERED_BY = "X-Powered-By"; 489 /** 490 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 491 * Public-Key-Pins}</a> header field name. 492 * 493 * @since 15.0 494 */ 495 public static final String PUBLIC_KEY_PINS = "Public-Key-Pins"; 496 /** 497 * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code 498 * Public-Key-Pins-Report-Only}</a> header field name. 499 * 500 * @since 15.0 501 */ 502 public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only"; 503 /** 504 * The HTTP {@code X-Request-ID} header field name. 505 * 506 * @since 30.1 507 */ 508 public static final String X_REQUEST_ID = "X-Request-ID"; 509 /** The HTTP {@code X-Requested-With} header field name. */ 510 public static final String X_REQUESTED_WITH = "X-Requested-With"; 511 /** The HTTP {@code X-User-IP} header field name. */ 512 public static final String X_USER_IP = "X-User-IP"; 513 514 /** 515 * The HTTP <a 516 * href="https://learn.microsoft.com/en-us/archive/blogs/ieinternals/internet-explorer-and-custom-http-headers#:~:text=X%2DDownload%2DOptions">{@code 517 * X-Download-Options}</a> header field name. 518 * 519 * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is 520 * prevented from opening a file download directly; instead, they must first save the file 521 * locally. 522 * 523 * @since 24.1 524 */ 525 public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options"; 526 527 /** The HTTP {@code X-XSS-Protection} header field name. */ 528 public static final String X_XSS_PROTECTION = "X-XSS-Protection"; 529 /** 530 * The HTTP <a 531 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code 532 * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off". 533 * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages. 534 */ 535 public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control"; 536 /** 537 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 538 * {@code Ping-From}</a> header field name. 539 * 540 * @since 19.0 541 */ 542 public static final String PING_FROM = "Ping-From"; 543 /** 544 * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing"> 545 * {@code Ping-To}</a> header field name. 546 * 547 * @since 19.0 548 */ 549 public static final String PING_TO = "Ping-To"; 550 551 /** 552 * The HTTP <a 553 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 554 * Purpose}</a> header field name. 555 * 556 * @since 28.0 557 */ 558 public static final String PURPOSE = "Purpose"; 559 /** 560 * The HTTP <a 561 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 562 * X-Purpose}</a> header field name. 563 * 564 * @since 28.0 565 */ 566 public static final String X_PURPOSE = "X-Purpose"; 567 /** 568 * The HTTP <a 569 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code 570 * X-Moz}</a> header field name. 571 * 572 * @since 28.0 573 */ 574 public static final String X_MOZ = "X-Moz"; 575 576 /** 577 * The HTTP <a 578 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code 579 * Device-Memory}</a> header field name. 580 * 581 * @since 31.0 582 */ 583 public static final String DEVICE_MEMORY = "Device-Memory"; 584 585 /** 586 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code 587 * Downlink}</a> header field name. 588 * 589 * @since 31.0 590 */ 591 public static final String DOWNLINK = "Downlink"; 592 593 /** 594 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code 595 * ECT}</a> header field name. 596 * 597 * @since 31.0 598 */ 599 public static final String ECT = "ECT"; 600 601 /** 602 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code 603 * RTT}</a> header field name. 604 * 605 * @since 31.0 606 */ 607 public static final String RTT = "RTT"; 608 609 /** 610 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code 611 * Save-Data}</a> header field name. 612 * 613 * @since 31.0 614 */ 615 public static final String SAVE_DATA = "Save-Data"; 616 617 /** 618 * The HTTP <a 619 * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code 620 * Viewport-Width}</a> header field name. 621 * 622 * @since 31.0 623 */ 624 public static final String VIEWPORT_WIDTH = "Viewport-Width"; 625 626 /** 627 * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code 628 * Width}</a> header field name. 629 * 630 * @since 31.0 631 */ 632 public static final String WIDTH = "Width"; 633 634 /** 635 * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a> 636 * header field name. 637 * 638 * @since 31.0 639 */ 640 public static final String PERMISSIONS_POLICY = "Permissions-Policy"; 641 642 /** 643 * The HTTP <a 644 * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code 645 * Permissions-Policy-Report-Only}</a> header field name. 646 * 647 * @since 33.2.0 648 */ 649 public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only"; 650 651 /** 652 * The HTTP <a 653 * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code 654 * Sec-CH-Prefers-Color-Scheme}</a> header field name. 655 * 656 * <p>This header is experimental. 657 * 658 * @since 31.0 659 */ 660 public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme"; 661 662 /** 663 * The HTTP <a 664 * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code 665 * Accept-CH}</a> header field name. 666 * 667 * @since 31.0 668 */ 669 public static final String ACCEPT_CH = "Accept-CH"; 670 /** 671 * The HTTP <a 672 * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code 673 * Critical-CH}</a> header field name. 674 * 675 * @since 31.0 676 */ 677 public static final String CRITICAL_CH = "Critical-CH"; 678 679 /** 680 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a> 681 * header field name. 682 * 683 * @since 30.0 684 */ 685 public static final String SEC_CH_UA = "Sec-CH-UA"; 686 /** 687 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code 688 * Sec-CH-UA-Arch}</a> header field name. 689 * 690 * @since 30.0 691 */ 692 public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch"; 693 /** 694 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code 695 * Sec-CH-UA-Model}</a> header field name. 696 * 697 * @since 30.0 698 */ 699 public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model"; 700 /** 701 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code 702 * Sec-CH-UA-Platform}</a> header field name. 703 * 704 * @since 30.0 705 */ 706 public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform"; 707 /** 708 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code 709 * Sec-CH-UA-Platform-Version}</a> header field name. 710 * 711 * @since 30.0 712 */ 713 public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version"; 714 /** 715 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code 716 * Sec-CH-UA-Full-Version}</a> header field name. 717 * 718 * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}. 719 * @since 30.0 720 */ 721 @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version"; 722 /** 723 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code 724 * Sec-CH-UA-Full-Version}</a> header field name. 725 * 726 * @since 31.1 727 */ 728 public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List"; 729 /** 730 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code 731 * Sec-CH-UA-Mobile}</a> header field name. 732 * 733 * @since 30.0 734 */ 735 public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile"; 736 /** 737 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code 738 * Sec-CH-UA-WoW64}</a> header field name. 739 * 740 * @since 32.0.0 741 */ 742 public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64"; 743 /** 744 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code 745 * Sec-CH-UA-Bitness}</a> header field name. 746 * 747 * @since 31.0 748 */ 749 public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness"; 750 751 /** 752 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code 753 * Sec-CH-UA-Form-Factor}</a> header field name. 754 * 755 * @deprecated Prefer {@link SEC_CH_UA_FORM_FACTORS}. 756 * @since 32.0.0 757 */ 758 @Deprecated public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor"; 759 760 /** 761 * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factors">{@code 762 * Sec-CH-UA-Form-Factors}</a> header field name. 763 * 764 * @since 33.3.0 765 */ 766 public static final String SEC_CH_UA_FORM_FACTORS = "Sec-CH-UA-Form-Factors"; 767 768 /** 769 * The HTTP <a 770 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code 771 * Sec-CH-Viewport-Width}</a> header field name. 772 * 773 * @since 32.0.0 774 */ 775 public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width"; 776 /** 777 * The HTTP <a 778 * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code 779 * Sec-CH-Viewport-Height}</a> header field name. 780 * 781 * @since 32.0.0 782 */ 783 public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height"; 784 /** 785 * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code 786 * Sec-CH-DPR}</a> header field name. 787 * 788 * @since 32.0.0 789 */ 790 public static final String SEC_CH_DPR = "Sec-CH-DPR"; 791 /** 792 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a> 793 * header field name. 794 * 795 * @since 27.1 796 */ 797 public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest"; 798 /** 799 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a> 800 * header field name. 801 * 802 * @since 27.1 803 */ 804 public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode"; 805 /** 806 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a> 807 * header field name. 808 * 809 * @since 27.1 810 */ 811 public static final String SEC_FETCH_SITE = "Sec-Fetch-Site"; 812 /** 813 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a> 814 * header field name. 815 * 816 * @since 27.1 817 */ 818 public static final String SEC_FETCH_USER = "Sec-Fetch-User"; 819 /** 820 * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a> 821 * header field name. 822 * 823 * @since 26.0 824 */ 825 public static final String SEC_METADATA = "Sec-Metadata"; 826 827 /** 828 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https">{@code 829 * Sec-Token-Binding}</a> header field name. 830 * 831 * @since 25.1 832 */ 833 public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding"; 834 835 /** 836 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code 837 * Sec-Provided-Token-Binding-ID}</a> header field name. 838 * 839 * @since 25.1 840 */ 841 public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID"; 842 843 /** 844 * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code 845 * Sec-Referred-Token-Binding-ID}</a> header field name. 846 * 847 * @since 25.1 848 */ 849 public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID"; 850 851 /** 852 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 853 * Sec-WebSocket-Accept}</a> header field name. 854 * 855 * @since 28.0 856 */ 857 public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept"; 858 859 /** 860 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 861 * Sec-WebSocket-Extensions}</a> header field name. 862 * 863 * @since 28.0 864 */ 865 public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions"; 866 867 /** 868 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code Sec-WebSocket-Key}</a> 869 * header field name. 870 * 871 * @since 28.0 872 */ 873 public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key"; 874 875 /** 876 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 877 * Sec-WebSocket-Protocol}</a> header field name. 878 * 879 * @since 28.0 880 */ 881 public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol"; 882 883 /** 884 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code 885 * Sec-WebSocket-Version}</a> header field name. 886 * 887 * @since 28.0 888 */ 889 public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version"; 890 891 /** 892 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 893 * Sec-Browsing-Topics}</a> header field name. 894 * 895 * @since 32.0.0 896 */ 897 public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics"; 898 /** 899 * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code 900 * Observe-Browsing-Topics}</a> header field name. 901 * 902 * @since 32.0.0 903 */ 904 public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics"; 905 906 /** 907 * The HTTP <a 908 * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code 909 * Sec-Ad-Auction-Fetch}</a> header field name. 910 * 911 * @since 33.0.0 912 */ 913 public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch"; 914 915 /** 916 * The HTTP <a 917 * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code 918 * Sec-GPC}</a> header field name. 919 * 920 * @since 33.2.0 921 */ 922 public static final String SEC_GPC = "Sec-GPC"; 923 924 /** 925 * The HTTP <a 926 * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code 927 * Ad-Auction-Signals}</a> header field name. 928 * 929 * @since 33.0.0 930 */ 931 public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals"; 932 933 /** 934 * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code 935 * Ad-Auction-Allowed}</a> header field name. 936 * 937 * @since 33.2.0 938 */ 939 public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed"; 940 941 /** 942 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8586">{@code CDN-Loop}</a> header 943 * field name. 944 * 945 * @since 28.0 946 */ 947 public static final String CDN_LOOP = "CDN-Loop"; 948 949 /** 950 * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7838#page-8">{@code Alt-Svc}</a> 951 * header field name. 952 * 953 * @since 33.4.0 954 */ 955 public static final String ALT_SVC = "Alt-Svc"; 956}