Source code

001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.GwtCompatible;
018
019/**
020 * Contains constant definitions for the HTTP header field names. See:
021 *
022 * <ul>
023 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
028 * </ul>
029 *
030 * @author Kurt Alfred Kluever
031 * @since 11.0
032 */
033@GwtCompatible
034public final class HttpHeaders {
035  private HttpHeaders() {}
036
037  // HTTP Request and Response header fields
038
039  /** The HTTP {@code Cache-Control} header field name. */
040  public static final String CACHE_CONTROL = "Cache-Control";
041
042  /** The HTTP {@code Content-Length} header field name. */
043  public static final String CONTENT_LENGTH = "Content-Length";
044
045  /** The HTTP {@code Content-Type} header field name. */
046  public static final String CONTENT_TYPE = "Content-Type";
047
048  /** The HTTP {@code Date} header field name. */
049  public static final String DATE = "Date";
050
051  /** The HTTP {@code Pragma} header field name. */
052  public static final String PRAGMA = "Pragma";
053
054  /** The HTTP {@code Via} header field name. */
055  public static final String VIA = "Via";
056
057  /** The HTTP {@code Warning} header field name. */
058  public static final String WARNING = "Warning";
059
060  // HTTP Request header fields
061
062  /** The HTTP {@code Accept} header field name. */
063  public static final String ACCEPT = "Accept";
064
065  /** The HTTP {@code Accept-Charset} header field name. */
066  public static final String ACCEPT_CHARSET = "Accept-Charset";
067
068  /** The HTTP {@code Accept-Encoding} header field name. */
069  public static final String ACCEPT_ENCODING = "Accept-Encoding";
070
071  /** The HTTP {@code Accept-Language} header field name. */
072  public static final String ACCEPT_LANGUAGE = "Accept-Language";
073
074  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
075  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
076
077  /** The HTTP {@code Access-Control-Request-Method} header field name. */
078  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
079
080  /** The HTTP {@code Authorization} header field name. */
081  public static final String AUTHORIZATION = "Authorization";
082
083  /** The HTTP {@code Connection} header field name. */
084  public static final String CONNECTION = "Connection";
085
086  /** The HTTP {@code Cookie} header field name. */
087  public static final String COOKIE = "Cookie";
088
089  /**
090   * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code
091   * Cross-Origin-Resource-Policy}</a> header field name.
092   *
093   * @since 28.0
094   */
095  public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy";
096
097  /**
098   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8470">{@code Early-Data}</a> header
099   * field name.
100   *
101   * @since 27.0
102   */
103  public static final String EARLY_DATA = "Early-Data";
104
105  /** The HTTP {@code Expect} header field name. */
106  public static final String EXPECT = "Expect";
107
108  /** The HTTP {@code From} header field name. */
109  public static final String FROM = "From";
110
111  /**
112   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7239">{@code Forwarded}</a> header
113   * field name.
114   *
115   * @since 20.0
116   */
117  public static final String FORWARDED = "Forwarded";
118
119  /**
120   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
121   *
122   * @since 17.0
123   */
124  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
125
126  /** The HTTP {@code Host} header field name. */
127  public static final String HOST = "Host";
128
129  /**
130   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7540#section-3.2.1">{@code
131   * HTTP2-Settings} </a> header field name.
132   *
133   * @since 24.0
134   */
135  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
136
137  /** The HTTP {@code If-Match} header field name. */
138  public static final String IF_MATCH = "If-Match";
139
140  /** The HTTP {@code If-Modified-Since} header field name. */
141  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
142
143  /** The HTTP {@code If-None-Match} header field name. */
144  public static final String IF_NONE_MATCH = "If-None-Match";
145
146  /** The HTTP {@code If-Range} header field name. */
147  public static final String IF_RANGE = "If-Range";
148
149  /** The HTTP {@code If-Unmodified-Since} header field name. */
150  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
151
152  /** The HTTP {@code Last-Event-ID} header field name. */
153  public static final String LAST_EVENT_ID = "Last-Event-ID";
154
155  /** The HTTP {@code Max-Forwards} header field name. */
156  public static final String MAX_FORWARDS = "Max-Forwards";
157
158  /** The HTTP {@code Origin} header field name. */
159  public static final String ORIGIN = "Origin";
160
161  /**
162   * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header
163   * field name.
164   *
165   * @since 30.1
166   */
167  public static final String ORIGIN_ISOLATION = "Origin-Isolation";
168
169  /** The HTTP {@code Proxy-Authorization} header field name. */
170  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
171
172  /** The HTTP {@code Range} header field name. */
173  public static final String RANGE = "Range";
174
175  /** The HTTP {@code Referer} header field name. */
176  public static final String REFERER = "Referer";
177
178  /**
179   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
180   * field name.
181   *
182   * @since 23.4
183   */
184  public static final String REFERRER_POLICY = "Referrer-Policy";
185
186  /**
187   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
188   * header.
189   *
190   * @since 23.4
191   */
192  public static final class ReferrerPolicyValues {
193    private ReferrerPolicyValues() {}
194
195    public static final String NO_REFERRER = "no-referrer";
196    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
197    public static final String SAME_ORIGIN = "same-origin";
198    public static final String ORIGIN = "origin";
199    public static final String STRICT_ORIGIN = "strict-origin";
200    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
201    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
202    public static final String UNSAFE_URL = "unsafe-url";
203  }
204
205  /**
206   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
207   * Service-Worker}</a> header field name.
208   *
209   * @since 20.0
210   */
211  public static final String SERVICE_WORKER = "Service-Worker";
212
213  /** The HTTP {@code TE} header field name. */
214  public static final String TE = "TE";
215
216  /** The HTTP {@code Upgrade} header field name. */
217  public static final String UPGRADE = "Upgrade";
218
219  /**
220   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
221   * Upgrade-Insecure-Requests}</a> header field name.
222   *
223   * @since 28.1
224   */
225  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";
226
227  /** The HTTP {@code User-Agent} header field name. */
228  public static final String USER_AGENT = "User-Agent";
229
230  // HTTP Response header fields
231
232  /** The HTTP {@code Accept-Ranges} header field name. */
233  public static final String ACCEPT_RANGES = "Accept-Ranges";
234
235  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
236  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
237
238  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
239  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
240
241  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
242  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
243
244  /**
245   * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code
246   * Access-Control-Allow-Private-Network}</a> header field name.
247   *
248   * @since 31.1
249   */
250  public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK =
251      "Access-Control-Allow-Private-Network";
252
253  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
254  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
255
256  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
257  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
258
259  /** The HTTP {@code Access-Control-Max-Age} header field name. */
260  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
261
262  /** The HTTP {@code Age} header field name. */
263  public static final String AGE = "Age";
264
265  /** The HTTP {@code Allow} header field name. */
266  public static final String ALLOW = "Allow";
267
268  /** The HTTP {@code Content-Disposition} header field name. */
269  public static final String CONTENT_DISPOSITION = "Content-Disposition";
270
271  /** The HTTP {@code Content-Encoding} header field name. */
272  public static final String CONTENT_ENCODING = "Content-Encoding";
273
274  /** The HTTP {@code Content-Language} header field name. */
275  public static final String CONTENT_LANGUAGE = "Content-Language";
276
277  /** The HTTP {@code Content-Location} header field name. */
278  public static final String CONTENT_LOCATION = "Content-Location";
279
280  /** The HTTP {@code Content-MD5} header field name. */
281  public static final String CONTENT_MD5 = "Content-MD5";
282
283  /** The HTTP {@code Content-Range} header field name. */
284  public static final String CONTENT_RANGE = "Content-Range";
285
286  /**
287   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
288   * Content-Security-Policy}</a> header field name.
289   *
290   * @since 15.0
291   */
292  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
293
294  /**
295   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
296   * {@code Content-Security-Policy-Report-Only}</a> header field name.
297   *
298   * @since 15.0
299   */
300  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
301      "Content-Security-Policy-Report-Only";
302
303  /**
304   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
305   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
306   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
307   * to pass the CSP.
308   *
309   * @since 20.0
310   */
311  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
312
313  /**
314   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
315   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
316   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
317   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
318   *
319   * @since 20.0
320   */
321  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
322      "X-Content-Security-Policy-Report-Only";
323
324  /**
325   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
326   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
327   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
328   *
329   * @since 20.0
330   */
331  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
332
333  /**
334   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
335   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
336   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
337   *
338   * @since 20.0
339   */
340  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
341
342  /**
343   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code
344   * Cross-Origin-Embedder-Policy}</a> header field name.
345   *
346   * @since 30.0
347   */
348  public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy";
349
350  /**
351   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
352   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
353   *
354   * @since 30.0
355   */
356  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
357      "Cross-Origin-Embedder-Policy-Report-Only";
358
359  /**
360   * The HTTP Cross-Origin-Opener-Policy header field name.
361   *
362   * @since 28.2
363   */
364  public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy";
365
366  /** The HTTP {@code ETag} header field name. */
367  public static final String ETAG = "ETag";
368
369  /** The HTTP {@code Expires} header field name. */
370  public static final String EXPIRES = "Expires";
371
372  /** The HTTP {@code Last-Modified} header field name. */
373  public static final String LAST_MODIFIED = "Last-Modified";
374
375  /** The HTTP {@code Link} header field name. */
376  public static final String LINK = "Link";
377
378  /** The HTTP {@code Location} header field name. */
379  public static final String LOCATION = "Location";
380
381  /**
382   * The HTTP {@code Keep-Alive} header field name.
383   *
384   * @since 31.0
385   */
386  public static final String KEEP_ALIVE = "Keep-Alive";
387
388  /**
389   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code
390   * No-Vary-Seearch}</a> header field name.
391   *
392   * @since 32.0.0
393   */
394  public static final String NO_VARY_SEARCH = "No-Vary-Search";
395
396  /**
397   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
398   * header field name.
399   *
400   * @since 27.1
401   */
402  public static final String ORIGIN_TRIAL = "Origin-Trial";
403
404  /** The HTTP {@code P3P} header field name. Limited browser support. */
405  public static final String P3P = "P3P";
406
407  /** The HTTP {@code Proxy-Authenticate} header field name. */
408  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
409
410  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
411  public static final String REFRESH = "Refresh";
412
413  /**
414   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
415   *
416   * @since 27.1
417   */
418  public static final String REPORT_TO = "Report-To";
419
420  /** The HTTP {@code Retry-After} header field name. */
421  public static final String RETRY_AFTER = "Retry-After";
422
423  /** The HTTP {@code Server} header field name. */
424  public static final String SERVER = "Server";
425
426  /**
427   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
428   * name.
429   *
430   * @since 23.6
431   */
432  public static final String SERVER_TIMING = "Server-Timing";
433
434  /**
435   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
436   * Service-Worker-Allowed}</a> header field name.
437   *
438   * @since 20.0
439   */
440  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
441
442  /** The HTTP {@code Set-Cookie} header field name. */
443  public static final String SET_COOKIE = "Set-Cookie";
444
445  /** The HTTP {@code Set-Cookie2} header field name. */
446  public static final String SET_COOKIE2 = "Set-Cookie2";
447
448  /**
449   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap">{@code
450   * SourceMap}</a> header field name.
451   *
452   * @since 27.1
453   */
454  public static final String SOURCE_MAP = "SourceMap";
455
456  /**
457   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code
458   * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a
459   * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced
460   * frames</a>.
461   *
462   * @since 32.0.0
463   */
464  public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode";
465
466  /**
467   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
468   * Strict-Transport-Security}</a> header field name.
469   *
470   * @since 15.0
471   */
472  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
473
474  /**
475   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
476   * Timing-Allow-Origin}</a> header field name.
477   *
478   * @since 15.0
479   */
480  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
481
482  /** The HTTP {@code Trailer} header field name. */
483  public static final String TRAILER = "Trailer";
484
485  /** The HTTP {@code Transfer-Encoding} header field name. */
486  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
487
488  /** The HTTP {@code Vary} header field name. */
489  public static final String VARY = "Vary";
490
491  /** The HTTP {@code WWW-Authenticate} header field name. */
492  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
493
494  // Common, non-standard HTTP header fields
495
496  /** The HTTP {@code DNT} header field name. */
497  public static final String DNT = "DNT";
498
499  /** The HTTP {@code X-Content-Type-Options} header field name. */
500  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
501
502  /**
503   * The HTTP <a
504   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
505   * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of
506   * the device on whose behalf the request is being made.
507   *
508   * @since 31.0
509   */
510  public static final String X_DEVICE_IP = "X-Device-IP";
511
512  /**
513   * The HTTP <a
514   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
515   * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link
516   * #REFERER} header value that the on-behalf-of client would have used when making a request
517   * itself.
518   *
519   * @since 31.0
520   */
521  public static final String X_DEVICE_REFERER = "X-Device-Referer";
522
523  /**
524   * The HTTP <a
525   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
526   * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the
527   * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making
528   * a request itself.
529   *
530   * @since 31.0
531   */
532  public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language";
533
534  /**
535   * The HTTP <a
536   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
537   * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the
538   * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making
539   * a request itself.
540   *
541   * @since 31.0
542   */
543  public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With";
544
545  /** The HTTP {@code X-Do-Not-Track} header field name. */
546  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
547
548  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
549  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
550
551  /** The HTTP {@code X-Forwarded-Proto} header field name. */
552  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
553
554  /**
555   * The HTTP <a
556   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host">{@code
557   * X-Forwarded-Host}</a> header field name.
558   *
559   * @since 20.0
560   */
561  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
562
563  /**
564   * The HTTP <a
565   * href="https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html#x-forwarded-port">{@code
566   * X-Forwarded-Port}</a> header field name.
567   *
568   * @since 20.0
569   */
570  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
571
572  /** The HTTP {@code X-Frame-Options} header field name. */
573  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
574
575  /** The HTTP {@code X-Powered-By} header field name. */
576  public static final String X_POWERED_BY = "X-Powered-By";
577
578  /**
579   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
580   * Public-Key-Pins}</a> header field name.
581   *
582   * @since 15.0
583   */
584  public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
585
586  /**
587   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
588   * Public-Key-Pins-Report-Only}</a> header field name.
589   *
590   * @since 15.0
591   */
592  public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
593
594  /**
595   * The HTTP {@code X-Request-ID} header field name.
596   *
597   * @since 30.1
598   */
599  public static final String X_REQUEST_ID = "X-Request-ID";
600
601  /** The HTTP {@code X-Requested-With} header field name. */
602  public static final String X_REQUESTED_WITH = "X-Requested-With";
603
604  /** The HTTP {@code X-User-IP} header field name. */
605  public static final String X_USER_IP = "X-User-IP";
606
607  /**
608   * The HTTP <a
609   * href="https://learn.microsoft.com/en-us/archive/blogs/ieinternals/internet-explorer-and-custom-http-headers#:~:text=X%2DDownload%2DOptions">{@code
610   * X-Download-Options}</a> header field name.
611   *
612   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
613   * prevented from opening a file download directly; instead, they must first save the file
614   * locally.
615   *
616   * @since 24.1
617   */
618  public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
619
620  /** The HTTP {@code X-XSS-Protection} header field name. */
621  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
622
623  /**
624   * The HTTP <a
625   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
626   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
627   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
628   */
629  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
630
631  /**
632   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
633   * {@code Ping-From}</a> header field name.
634   *
635   * @since 19.0
636   */
637  public static final String PING_FROM = "Ping-From";
638
639  /**
640   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
641   * {@code Ping-To}</a> header field name.
642   *
643   * @since 19.0
644   */
645  public static final String PING_TO = "Ping-To";
646
647  /**
648   * The HTTP <a
649   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
650   * Purpose}</a> header field name.
651   *
652   * @since 28.0
653   */
654  public static final String PURPOSE = "Purpose";
655
656  /**
657   * The HTTP <a
658   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
659   * X-Purpose}</a> header field name.
660   *
661   * @since 28.0
662   */
663  public static final String X_PURPOSE = "X-Purpose";
664
665  /**
666   * The HTTP <a
667   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
668   * X-Moz}</a> header field name.
669   *
670   * @since 28.0
671   */
672  public static final String X_MOZ = "X-Moz";
673
674  /**
675   * The HTTP <a
676   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code
677   * Device-Memory}</a> header field name.
678   *
679   * @since 31.0
680   */
681  public static final String DEVICE_MEMORY = "Device-Memory";
682
683  /**
684   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code
685   * Downlink}</a> header field name.
686   *
687   * @since 31.0
688   */
689  public static final String DOWNLINK = "Downlink";
690
691  /**
692   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code
693   * ECT}</a> header field name.
694   *
695   * @since 31.0
696   */
697  public static final String ECT = "ECT";
698
699  /**
700   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code
701   * RTT}</a> header field name.
702   *
703   * @since 31.0
704   */
705  public static final String RTT = "RTT";
706
707  /**
708   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code
709   * Save-Data}</a> header field name.
710   *
711   * @since 31.0
712   */
713  public static final String SAVE_DATA = "Save-Data";
714
715  /**
716   * The HTTP <a
717   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code
718   * Viewport-Width}</a> header field name.
719   *
720   * @since 31.0
721   */
722  public static final String VIEWPORT_WIDTH = "Viewport-Width";
723
724  /**
725   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code
726   * Width}</a> header field name.
727   *
728   * @since 31.0
729   */
730  public static final String WIDTH = "Width";
731
732  /**
733   * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a>
734   * header field name.
735   *
736   * @since 31.0
737   */
738  public static final String PERMISSIONS_POLICY = "Permissions-Policy";
739
740  /**
741   * The HTTP <a
742   * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code
743   * Permissions-Policy-Report-Only}</a> header field name.
744   *
745   * @since 33.2.0
746   */
747  public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only";
748
749  /**
750   * The HTTP <a
751   * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code
752   * Sec-CH-Prefers-Color-Scheme}</a> header field name.
753   *
754   * <p>This header is experimental.
755   *
756   * @since 31.0
757   */
758  public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme";
759
760  /**
761   * The HTTP <a
762   * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code
763   * Accept-CH}</a> header field name.
764   *
765   * @since 31.0
766   */
767  public static final String ACCEPT_CH = "Accept-CH";
768
769  /**
770   * The HTTP <a
771   * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code
772   * Critical-CH}</a> header field name.
773   *
774   * @since 31.0
775   */
776  public static final String CRITICAL_CH = "Critical-CH";
777
778  /**
779   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a>
780   * header field name.
781   *
782   * @since 30.0
783   */
784  public static final String SEC_CH_UA = "Sec-CH-UA";
785
786  /**
787   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code
788   * Sec-CH-UA-Arch}</a> header field name.
789   *
790   * @since 30.0
791   */
792  public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch";
793
794  /**
795   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code
796   * Sec-CH-UA-Model}</a> header field name.
797   *
798   * @since 30.0
799   */
800  public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model";
801
802  /**
803   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code
804   * Sec-CH-UA-Platform}</a> header field name.
805   *
806   * @since 30.0
807   */
808  public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform";
809
810  /**
811   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code
812   * Sec-CH-UA-Platform-Version}</a> header field name.
813   *
814   * @since 30.0
815   */
816  public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version";
817
818  /**
819   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code
820   * Sec-CH-UA-Full-Version}</a> header field name.
821   *
822   * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}.
823   * @since 30.0
824   */
825  @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version";
826
827  /**
828   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code
829   * Sec-CH-UA-Full-Version}</a> header field name.
830   *
831   * @since 31.1
832   */
833  public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List";
834
835  /**
836   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code
837   * Sec-CH-UA-Mobile}</a> header field name.
838   *
839   * @since 30.0
840   */
841  public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile";
842
843  /**
844   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code
845   * Sec-CH-UA-WoW64}</a> header field name.
846   *
847   * @since 32.0.0
848   */
849  public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64";
850
851  /**
852   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code
853   * Sec-CH-UA-Bitness}</a> header field name.
854   *
855   * @since 31.0
856   */
857  public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness";
858
859  /**
860   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code
861   * Sec-CH-UA-Form-Factor}</a> header field name.
862   *
863   * @deprecated Prefer {@link SEC_CH_UA_FORM_FACTORS}.
864   * @since 32.0.0
865   */
866  @Deprecated public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor";
867
868  /**
869   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factors">{@code
870   * Sec-CH-UA-Form-Factors}</a> header field name.
871   *
872   * @since 33.3.0
873   */
874  public static final String SEC_CH_UA_FORM_FACTORS = "Sec-CH-UA-Form-Factors";
875
876  /**
877   * The HTTP <a
878   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code
879   * Sec-CH-Viewport-Width}</a> header field name.
880   *
881   * @since 32.0.0
882   */
883  public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width";
884
885  /**
886   * The HTTP <a
887   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code
888   * Sec-CH-Viewport-Height}</a> header field name.
889   *
890   * @since 32.0.0
891   */
892  public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height";
893
894  /**
895   * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code
896   * Sec-CH-DPR}</a> header field name.
897   *
898   * @since 32.0.0
899   */
900  public static final String SEC_CH_DPR = "Sec-CH-DPR";
901
902  /**
903   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a>
904   * header field name.
905   *
906   * @since 27.1
907   */
908  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
909
910  /**
911   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a>
912   * header field name.
913   *
914   * @since 27.1
915   */
916  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
917
918  /**
919   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a>
920   * header field name.
921   *
922   * @since 27.1
923   */
924  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
925
926  /**
927   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a>
928   * header field name.
929   *
930   * @since 27.1
931   */
932  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
933
934  /**
935   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a>
936   * header field name.
937   *
938   * @since 26.0
939   */
940  public static final String SEC_METADATA = "Sec-Metadata";
941
942  /**
943   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-https">{@code
944   * Sec-Token-Binding}</a> header field name.
945   *
946   * @since 25.1
947   */
948  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
949
950  /**
951   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
952   * Sec-Provided-Token-Binding-ID}</a> header field name.
953   *
954   * @since 25.1
955   */
956  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
957
958  /**
959   * The HTTP <a href="https://datatracker.ietf.org/doc/html/draft-ietf-tokbind-ttrp">{@code
960   * Sec-Referred-Token-Binding-ID}</a> header field name.
961   *
962   * @since 25.1
963   */
964  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
965
966  /**
967   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
968   * Sec-WebSocket-Accept}</a> header field name.
969   *
970   * @since 28.0
971   */
972  public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept";
973
974  /**
975   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
976   * Sec-WebSocket-Extensions}</a> header field name.
977   *
978   * @since 28.0
979   */
980  public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions";
981
982  /**
983   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code Sec-WebSocket-Key}</a>
984   * header field name.
985   *
986   * @since 28.0
987   */
988  public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
989
990  /**
991   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
992   * Sec-WebSocket-Protocol}</a> header field name.
993   *
994   * @since 28.0
995   */
996  public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
997
998  /**
999   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc6455">{@code
1000   * Sec-WebSocket-Version}</a> header field name.
1001   *
1002   * @since 28.0
1003   */
1004  public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version";
1005
1006  /**
1007   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
1008   * Sec-Browsing-Topics}</a> header field name.
1009   *
1010   * @since 32.0.0
1011   */
1012  public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics";
1013
1014  /**
1015   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
1016   * Observe-Browsing-Topics}</a> header field name.
1017   *
1018   * @since 32.0.0
1019   */
1020  public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics";
1021
1022  /**
1023   * The HTTP <a
1024   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
1025   * Sec-Ad-Auction-Fetch}</a> header field name.
1026   *
1027   * @since 33.0.0
1028   */
1029  public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch";
1030
1031  /**
1032   * The HTTP <a
1033   * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code
1034   * Sec-GPC}</a> header field name.
1035   *
1036   * @since 33.2.0
1037   */
1038  public static final String SEC_GPC = "Sec-GPC";
1039
1040  /**
1041   * The HTTP <a
1042   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
1043   * Ad-Auction-Signals}</a> header field name.
1044   *
1045   * @since 33.0.0
1046   */
1047  public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals";
1048
1049  /**
1050   * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code
1051   * Ad-Auction-Allowed}</a> header field name.
1052   *
1053   * @since 33.2.0
1054   */
1055  public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed";
1056
1057  /**
1058   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc8586">{@code CDN-Loop}</a> header
1059   * field name.
1060   *
1061   * @since 28.0
1062   */
1063  public static final String CDN_LOOP = "CDN-Loop";
1064
1065  /**
1066   * The HTTP <a href="https://datatracker.ietf.org/doc/html/rfc7838#page-8">{@code Alt-Svc}</a>
1067   * header field name.
1068   *
1069   * @since 33.4.0
1070   */
1071  public static final String ALT_SVC = "Alt-Svc";
1072}