使用“X-..."是安全的HTTP响应中的标头? [英] Is safe to use "X-..." header in a HTTP response?

问题描述

我必须在我的 HTTP 响应中传递元信息，所以我发现我可以使用响应标头，例如X-MyData: 123456".那安全吗?我的意思是，客户端代理可能会删除此标头?

I have to pass a meta-information in my HTTP response so I figured out that I could use the response header, for instance "X-MyData: 123456". Is that safe? I mean, there is a possibility that a client proxy remove this header?

谢谢！

推荐答案

客户端代理可以做它想做的任何事情，但一般不会剥离任何标题.

A client proxy could do anything it wanted, but in general would not strip any headers.

以 X- 开头的标头通常保留用于非标准用途(即未来的标准不会引入以 X- 开头的标头)，但代理可以理解它们并选择根据需要修改它们.

Headers starting with an X- are typically reserved for nonstandard usage (i.e. no future standard will introduce a header starting X-) but a proxy may understand them and choose to modify them as it wants.

这篇关于使用“X-..."是安全的HTTP响应中的标头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！