HTTP Lessons – Glossary
HTTP Lessons – Lesson 1 – Overview of basic concepts
HTTP Lessons – Lesson 2 – Architectural Aspects
HTTP Lessons – Lesson 3 – Client Identity
HTTP Lessons – Lesson 4 – Client Authentication Mechanisms
HTTP Lessons – Lesson 5 – Security
HTTP Lessons – Glossary
This glossary contains essential terms for the HTTP tutorial series. This glossary can be helpful if you need to quickly understand what HTTP status codes mean.
In the HTTP glossary you can find the following;
- Request Methods
- Status Codes
- Headings
- MIME Types
Request Methods
| Method | Explanation | Is There a Request Body? |
|---|---|---|
| CONNECT | The HTTP CONNECT method initiates two-way communication with the requested resource. It can be used to open a tunnel. | No |
| DELETE | The DELETE method requests the resource server to delete the resource identified by the Request-URI. | No |
| GET | The HTTP GET method requests a representation of a specified resource. Requests using GET retrieve only data. | No |
| HEAD | The HTTP HEAD method requests the same headers that would be returned if the specified resource were requested with an HTTP GET method. For example, such a request might be made before deciding to download a large resource to conserve bandwidth. | No |
| OPTIONS | The HTTP OPTIONS method is used to define communication options for the target resource. The client can specify a specific URL for the OPTIONS method, or an asterisk (*) to refer to the entire server. | No |
| POST | The HTTP POST method sends data to the server. The type of the request body is indicated by the Content-Type header. | Yes |
| IDOL | The HTTP PUT request method creates a new resource or changes the representation of the target resource with the request payload. | Yes |
| TRACE | The TRACE method is used to invoke a remote application layer loop of the request message. | No |
Status Codes
These two tables define the status code ranges and all status codes.
Status Code Ranges;
| December | Defined Range | Category |
|---|---|---|
| 100-199 | 100-101 | To inform |
| 200–299 | 200–206 | Successful |
| 300–399 | 300–305 | Orientation |
| 400–499 | 400–415 | Client error |
| 500–599 | 500–505 | Server Error |
Status Codes
| Status code | Reason phrase | Meaning |
|---|---|---|
| 100 | Continue | This interim response indicates that everything so far is good and the client should either fulfill the request or ignore it as completed. |
| 101 | Switching Protocols | This code is sent by the client in response to an upgrade request header and indicates the protocol that the server has also changed. |
| 200 | ARROW | Request successful. |
| 201 | Created | The request was successful, resulting in the creation of a new resource. This is typically the response sent after a PUT request. |
| 202 | Accepted | The request has been received but has not yet been processed. Not processing the request means that it is impossible for HTTP to send an asynchronous response later indicating the result of processing the request. This is intended for situations where another process or server is processing the request, or for batch processing. |
| 203 | Non-Authoritative Information | This response code means that the metadata sent was not set exactly as it came from the origin server, but was collected from a local or third-party copy. Otherwise, a 200 OK response is preferred. |
| 204 | No Content | There is no content to send for this request, but the headers may be useful. The user agent will refresh its cached headers with new ones for this resource. |
| 205 | Reset Content | This response code is sent after the request is made to notify the user agent sending this request to reset the document image. |
| 206 | Partial Content | This response code is used by the client because of the range header that sends the download to multiple streams. |
| 300 | Multiple Choices | The request has multiple possible responses. The user agent or user must choose one of them. There is no standard way to select one of the responses. |
| 301 | Moved Permanently | This response code means that the URI of the requested resource has changed. The new URI will likely be returned in the response. |
| 302 | Found | This response code means that the URI of the requested resource has been temporarily changed. |
| 303 | See Other | It tells the client that the resource will be fetched using a different URL. This new URL is included in the Location header of the response message. |
| 304 | Not Modified | Clients can make their requests conditionally based on the request headers they include. This code indicates that the resource has not changed. |
| 305 | Use Proxy | The resource must be accessed through a proxy; the location of the proxy is given in the Location header. |
| 306 | (Unused) | This status code is currently obsolete. It was used in a previous version of the HTTP 1.1 specification. |
| 307 | Temporary Redirect | Like the 301 status code; however, the client must use the URL provided in the Location header to temporarily locate the resource. |
| 400 | Bad Request | Informs the client that it has sent a malformed request. |
| 401 | Unauthorized | It is sent back to the client with appropriate headers asking it to authenticate itself before accessing the resource. |
| 402 | Payment Required | This status code is not currently used, but has been set aside for future use. This status code was created with digital payment methods in mind, but has never been used. |
| 403 | Forbidden | The request was rejected by the server. Typically used for unauthorized requests. |
| 404 | Not Found | The server cannot find the requested URL. |
| 405 | Method Not Allowed | A request was made using a method that is not supported for the requested URL. The Allow header must be included in the response to tell the client which methods are allowed on the requested resource. |
| 406 | Not Acceptable | Clients can specify parameters for what types of body content they are willing to accept. This code is used if there are no resources on the server that match the URL acceptable to the client. |
| 407 | Proxy Authentication Required | Like the 401 status code, but used for proxy servers that require authentication for a resource. |
| 408 | Request Timeout | If a client takes too long to complete its request, the server may send back this status code and close the connection. |
| 409 | Conflict | The request causes some conflicts on the resource. |
| 410 | Gone | This response is generated without the address sent when the requested content is permanently deleted from the server. |
| 411 | Length Required | Servers use this code when they require a Content-Length header in the request message. The server will not accept resource requests without a Content-Length header. |
| 412 | Precondition Failed | If a client makes a conditional request and one of the conditions fails, this response code is returned. |
| 413 | Request Entity Too Large | The client is larger than the limits defined by the server; the server may close the connection or return a Rety-After header field. |
| 414 | Request URI Too Long | The URI requested by the client is longer than the server can interpret. |
| 415 | Unsupported Media Type | The client sent an entity of a content type that the server does not understand or support. |
| 416 | Requested Range Not Satisfiable | The request message requested a resource within a specific range, and that range was invalid or could not be met. |
| 417 | Expectation Failed | This response code means that the server could not meet the expectation specified by the Pending request header field. |
| 500 | Internal Server Error | The server encountered an error that prevented the request from being fulfilled. |
| 501 | Not Implemented | The client made a request that was beyond the server's capabilities. |
| 502 | Bad Gateway | A server acting as a proxy or gateway encountered a forged response from the next link in the request-response chain. |
| 503 | Service Unavailable | The server cannot currently service the request, but will be able to in the future. |
| 504 | Gateway Timeout | The response is similar to a 408 status code, a response from a gateway or proxy that has timed out waiting to respond to a request from another server. |
| 505 | HTTP Version Not Supported | The server received a request for a version of the protocol that it cannot or will not support. |
Reference: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Headers
Both an HTTP request and an HTTP response can contain header fields. These two tables describe the fields and provide simple examples.
Request Headers
| Title | Explanation | Example |
|---|---|---|
| Accept | Can be used to specify some types of media that are acceptable for response | Accept: text/plain |
| Accept-Charset | Indicates which character sets are acceptable for the response. | Accept-Charset: utf-8 |
| Accept-Encoding | Similar to Accept, but also restricts the acceptable content encodings in the response. | Accept-Encoding: gzip, deflate |
| Accept-Language | Similar to Accept, but restricts the set of natural languages preferred in the response. | Accept-Language: en-US |
| Authorization | Authentication credentials for HTTP authentication. | Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== |
| Cache-Control | It is used to specify guidelines that all caching mechanisms along the request-response chain must follow. | Cache-Control: no-cache |
| Connection | Allows the sender to specify the desired options for the particular connection and disallow forwarding via proxy over further connections. | Connection: keep-alive |
| Content-Encoding | Content-Encoding is used to allow a document to be compressed without losing the identity of its underlying media type. | Content-Encoding: gzip |
| Cookie | An HTTP cookie previously sent by the server with Set-Cookie. | Cookie: $Version=1; |
| Content-Length | The length of the request body in octets (8-bit bytes). | Content-Length: 1024 |
| Content-MD5 | A Base64-encoded binary MD5 sum of the contents of the request body. | Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== |
| Content-Type | The MIME type of the body of the request (used with POST and PUT requests). | Content-Type: application/ x-www-form-urlencoded |
| Date | The date and time the message was sent. | Date: Tue, 19 Jun 2012 10:10:10 GMT |
| Expect | Indicates that certain server behaviors are required by the client. | Expect: 100-continue |
| From | The email address of the user making the request. | From: codemazeblog@gmail.com |
| Shoo | The server's domain name (for virtual hosting) and the TCP port number on which the server is listening. The port number can be omitted if the port is the standard port for the requested service. Mandatory since HTTP/1.1. | Shoo: code-maze.com |
| If-Match | The If-Match HTTP request header makes the request conditional. For GET and HEAD methods, the server returns the requested resource only if it matches one of the listed ETags. For PUT and other insecure methods, it will only load the resource in this case. | If-Match: “737060cd8c284d8af7ad3082f209582d” |
| If-Modified-Since | The If-Modified-Since HTTP header makes the request conditional: the server returns the requested resource with a status of 200 when it was last modified after the specified date. If the request has not been modified since then, the response will be 304 without a body; the Last-Modified header contains the last modification date. Unlike If-Modified-Since, If-Modified-Since can only be used with GET or HEAD. | If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT |
| If-None-Match | The If-None-Match HTTP request header makes the request conditional. For the GET and HEAD methods, the server returns the requested resource with a 200 status only if no ETAG matches the specified ETAG. For other methods, the request is processed only if the existing resource's ETAG does not match any listed value. | If-None-Match: “737060cd8c284d8af7ad3082f209582d” |
| If-Range | If the HTTP request header is within the specified range, the range will be granted if the condition is met, and the server will return a 206 Partial Content response with the appropriate body. If the condition is not met, the entire resource will be returned with a 200 OK status. | If-Range: “737060cd8c284d8af7ad3082f209582d” |
| If-Unmodified-Since | The If-Unmodified-Since request HTTP header makes the request conditional: The server returns the requested resource only if it hasn't been modified since a given date. If the request has been modified since a given date, the response will be a 412 (Precondition Failed) error. | If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT |
| Max-Forwards | Limits how long a message can be transmitted through proxies or gateways. | Max-Forwards: 10 |
| Origin | It specifies the source of the request. It specifies only the server name, not any path. | Origin: http://www.code-maze.com |
| Pragma | Application-specific headers that can have various effects anywhere in the request-response chain. | Pragma: no-cache |
| Proxy-Authorization | Authorization credentials to connect to a proxy. | Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== |
| Range | Indicates that only a portion of the resource is requested. Bytes are numbered starting from 0. | Range: bytes=500-999 |
| Referer | Specifies the path of the request before the current request. | Reference: http://www.code-maze.com |
| TE | The TE request header specifies the encodings the user agent is willing to accept (can be confused with Accept-Transfer-Encoding, which might be a more logical name for a header). | TE: trailers, deflate |
| Upgrade | Request that the server upgrade to another protocol. | Upgrade: HTTPS/1.3, IRC/6.9, RTA/x11, websocket |
| User-Agent | Contains client information about the user making the request (such as which browser). | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0 |
| Via | Informs the server about the proxies through which the request is sent. | Via: 1.0 fred, 1.1 example.com(Apache/1.1) |
| Warning | Contains possible problems with the body. | Warning: 199 Miscellaneous warnings |
Response Headings
| Title | Explanation | Example |
|---|---|---|
| Access-Control-Allow-Origin | Specifies which websites can participate in cross-origin resource sharing. | Access-Control-Allow- Origin: * |
| Accept-Ranges | Allows the server to specify which ranges it accepts for a resource. | Accept-Ranges: bytes |
| Age | The Age header contains the time in seconds that the object has been in a proxy cache. | Age: 24 |
| Allow | Lists the set of methods supported by the resource identified by the Request-URI. The purpose of this field is to definitively inform the recipient of the valid methods associated with the resource. | Allow: GET, HEAD, PUT |
| Cache-Control | The Cache-Control global header field is used to specify directives for caching mechanisms in both requests and responses. | Cache-Control: max-age=3600 |
| Connection | Controls whether the network connection remains open after the current operation is completed. | Connection: close |
| Content-Encoding | The type of encoding used on the data. See HTTP compression. | Content-Encoding: gzip |
| Content-Language | Indicates the language of the content presented. | Content-Language: en |
| Content-Length | Response body length in octes (8-bit bytes) | Content-Length: 1024 |
| Content-Location | Alternative location for returned data. | Content-Location: /index.htm |
| Content-MD5 | A Base64-encoded binary MD5 sum of the response content. | Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ== |
| Content-Disposition | Creates an opportunity to raise the "File Download" dialog box in binary format for a known MIME type or to suggest a file name for dynamic content. Quotation marks are required to enter the special characters. | Content-Disposition: attachment; filename=”fname.ext” |
| Content-Range | The Content-Range header indicates where a partial message belongs within the overall content. | Content-Range: bytes 21010-47021/47022 |
| Content-Type | MIME type of the content | Content-Type: text/html; charset=utf-8 |
| Date | The date the message was sent. | Date: Sun, 17 Jun 2017 10:11:12 GMT |
| ETag | The identifying title for a particular version of content, usually a message summary. | ETag: “737060cd8c284d8af7ad3082f209582d” |
| Expires | Returns the date/time the response is valid for. | Expires: Date: Sun, 17 Jun 2017 10:11:12 GMT |
| Last Modified | Contains the requested content, the date and time it was last modified on the server. | Last-Modified: Date: Sun, 17 Jun 2017 10:11:12 GMT |
| Link | Used to express a typed relationship with another resource defined by the relationship type RFC 5988 | Link: ; rel=”alternate” |
| Location | Used in redirection or when a new resource is created. | Location: http://www.code-maze.com/index.html |
| P3P | This header is P3P:CP = “your_compact_policy” Platform for Privacy Preferences (Platform for Privacy Preferences Project – P3P) sets policy. However, P3P never took off, and most browsers never fully implemented it. | P3P: CP=”This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info.” |
| Pragma | Application-specific headers that can have various effects anywhere in the request-response chain. | Pragma: no-cache |
| Proxy-Authenticate | Request authentication to access the proxy. | Proxy-Authenticate: Basic |
| Refresh | Used in a redirect or when a new resource is created. This redirect occurs after 5 seconds. This is a proprietary, non-standard header extension introduced by Netscape and supported by most web browsers. | Refresh: 5; url=http://www.code-maze.com/index.html |
| Retry-After | If a resource is temporarily unavailable, this tells the client to try again after a specified time (seconds). | Retry-After: 240 |
| Server | Server name | Server: Apache/2.4 (Unix) |
| Set-Cookie | Creates an HTTP cookie | Set-Cookie: UserID=1; Max-Age=3600; Version=1 |
| Strict-transfer-Security | Informs the HTTP client how long to cache the HTTPS policy and whether the HSTS Policy applies to subdomains. | Strict-transfer-Security: max-age=16070400; includeSubDomains |
| Trailer | The Trailer response header allows the sender to place additional fields at the end of fragmented messages to provide metadata that can be dynamically generated when the message body is sent, such as a message integrity check, digital signature, or post-processing status. | Trailer: Max-Forwards |
| Transfer-Encoding | The encoding format used to securely transfer the resource to the user. The currently defined methods are: chunked, compress, deflate, gzip, identity. | Transfer-Encoding: chunked |
| Vary | Determines how to match future request headers to decide whether a cached response should be available rather than requesting a new request from the original server. | Vary: * |
| Via | Informs the client about the proxies to which the response was sent. | Via: 1.0 mick, 1.1 baselogic.com(Apache/2.4) |
| Warning | It is general information about problems in the body. | A general warning about possible problems with the entity body. |
| WWW-Authenticate | Specifies the authentication scheme that should be used to access the requested resource. | WWW-Authenticate: Basic |
Reference: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
MIME Types
Due to the amount of Internet Media Types, the most commonly used are listed here.
General MIME Types
| Type | Explanation |
|---|---|
| application | Application-defined format (discrete) |
| audio | Audio format (discrete) |
| chemical | Chemical dataset (discrete IETF extension) |
| image | Image format (discrete) |
| message | Message format (composite) |
| model | 3D model format (discrete IETF extension) |
| multipart | Collection of multiple objects (composite) |
| text | Text format (discrete) |
| video | Video film format (discrete) |
Reference: https://www.iana.org/assignments/media-types/media-types.xhtml
Everything mentioned in this glossary can be found in more detail in the HTTP 1.1 specification document: http://www.ietf.org/rfc/rfc2616.txt
