需要哪些 HTTP 响应标头 [英] What HTTP response headers are required
问题描述
从服务器发送到客户端需要哪些 HTTP 响应标头?
我致力于优化 HTTP 响应标头,以最大限度地减少 HTTP 响应开销.我知道开销"有些夸张,但我喜欢干净的输出.
我看到很多网站都发送冗余缓存头.
例如
同时指定 Expires
和 Cache-Control: max-age
或同时指定 Last-Modified
和 是多余的>ETag
.
- 来源
- HTTP/1.1:标头字段定义
这取决于你定义为什么是必需的:没有任何情况下必须与每个响应一起发送的标题字段,但是有标题您真正应该发送的字段.唯一接近的标题字段是Date
,但即使在某些情况下也不需要它.
用 RFC 2119 的说法,必须strong> 表示某些东西是规范的要求,不满足要求将是无效的.RFC 7230, 7231, 7232, 7233, 7234,或 7235必须由源服务器发送在所有情况下.
例如,可以省略以下标题(尽管您可能应该发送它们):
7.1.1.2.日期
<块引用>如果源服务器不发送 Date
标头字段,则它不得发送有一个时钟能够提供一个合理的近似值协调世界时的当前实例.源服务器可以如果响应在 1xx 中,则发送 Date
标头字段(信息性)或 5xx(服务器错误)类状态代码.一个在所有其他情况下,源服务器必须发送 Date
标头字段.
注意引文的最后一句话.如果源服务器能够提供合理的近似值",则发送 Date
标头字段必须.UTC 日期,但没有什么能阻止服务器歪曲自己.
7.4.2.服务器
<块引用>源服务器可以在其响应中生成 Server
字段.
3.3.2.内容长度
<块引用>除了[有限数量的预定义案例],在没有Transfer-Encoding
,源服务器应该发送一个Content-Length
当在发送之前已知有效载荷主体大小时的头字段完整的标题部分.
关于 Content-Length
和 Transfer-Encoding
的主题,请注意两者都不能发送,在这种情况下,响应的长度由在服务器关闭连接之前接收到的八位字节数."
3.1.1.5.内容类型
<块引用>如果 Content-Type
标头字段不存在,则收件人可以假设媒体类型为 application/octet-stream
(RFC2046,第 4.5.1 节)或检查数据以确定其类型.
在某些情况下可能需要特定的标头,例如:
- 不支持持久连接的源服务器必须 在每个没有 1xx 状态码的响应中发送
Connection: close
. - 源服务器必须生成一个405(不允许的方法)响应中的
Allow
标头. - 源服务器生成 401(未经授权)响应必须 发送一个
WWW-Authenticate
标头字段,其中包含至少一个质询.
What HTTP response headers are required to be sent from server to the client?
I working to optimize the HTTP response headers to minimize the HTTP response overhead. I know "overhead" is somewhat exaggerated, but I like a clean output.
I see a lot of websites, which sends redundant cache headers.
e.g.
It is redundant to specify both Expires
and Cache-Control: max-age
, or to specify both Last-Modified
and ETag
.
- Source
- HTTP/1.1: Header Field Definitions
It depends on what you define as being required: there are no header fields that must be sent with every response no matter what the circumstances are, but there are header fields that you really should send. The only header field that comes close is Date
, but even it has circumstances under which it is not required.
In the parlance of RFC 2119, the term MUST means that something is a requirement of the specification and not meeting the requirement would be invalid. There are no header fields defined by RFCs 7230, 7231, 7232, 7233, 7234, or 7235 that MUST be sent by an origin server in all cases.
The following headers, for example, can be omitted (though you probably should send them):
7.1.1.2. Date
An origin server MUST NOT send a
Date
header field if it does not have a clock capable of providing a reasonable approximation of the current instance in Coordinated Universal Time. An origin server MAY send aDate
header field if the response is in the 1xx (Informational) or 5xx (Server Error) class of status codes. An origin server MUST send aDate
header field in all other cases.
Note the last sentence of the quote. The Date
header field MUST be sent if the origin server is capable of providing a "reasonable approximation" of the date in UTC, but there is nothing stopping a server from misrepresenting itself.
7.4.2. Server
An origin server MAY generate a
Server
field in its responses.
3.3.2. Content-Length
Aside from [a finite number of predefined cases], in the absence of
Transfer-Encoding
, an origin server SHOULD send aContent-Length
header field when the payload body size is known prior to sending the complete header section.
On the subject of Content-Length
and Transfer-Encoding
, note that neither can be sent, in which case the length of the response is "determined by the number of octets received prior to the server closing the connection."
3.1.1.5. Content-Type
If a
Content-Type
header field is not present, the recipient MAY either assume a media type ofapplication/octet-stream
(RFC2046, Section 4.5.1) or examine the data to determine its type.
There are circumstances under which particular headers can be required, for example:
- An origin server that does not support persistent connections MUST send the
Connection: close
in every response that does not have a 1xx status code. - An origin server MUST generate an
Allow
header in a 405 (Method Not Allowed) response. - An origin server generating a 401 (Unauthorized) response MUST send a
WWW-Authenticate
header field containing at least one challenge.
这篇关于需要哪些 HTTP 响应标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!