使用“X-..."是安全的HTTP响应中的标头? [英] Is safe to use "X-..." header in a HTTP response?
问题描述
我必须在我的 HTTP 响应中传递元信息,所以我发现我可以使用响应标头,例如X-MyData: 123456".那安全吗?我的意思是,客户端代理可能会删除此标头?
I have to pass a meta-information in my HTTP response so I figured out that I could use the response header, for instance "X-MyData: 123456". Is that safe? I mean, there is a possibility that a client proxy remove this header?
谢谢!
推荐答案
客户端代理可以做它想做的任何事情,但一般不会剥离任何标题.
A client proxy could do anything it wanted, but in general would not strip any headers.
以 X- 开头的标头通常保留用于非标准用途(即未来的标准不会引入以 X- 开头的标头),但代理可以理解它们并选择根据需要修改它们.
Headers starting with an X- are typically reserved for nonstandard usage (i.e. no future standard will introduce a header starting X-) but a proxy may understand them and choose to modify them as it wants.
这篇关于使用“X-..."是安全的HTTP响应中的标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!