使用“X -...”是安全的。 HTTP响应中的标头? [英] Is safe to use "X-..." header in a HTTP response?
问题描述
我必须在HTTP响应中传递元信息,所以我想出我可以使用响应头,例如X-MyData:123456。这样安全吗?我的意思是,客户端代理有可能删除此标题吗?
I have to pass a meta-information in my HTTP response so I figured out that I could use the response header, for instance "X-MyData: 123456". Is that safe? I mean, there is a possibility that a client proxy remove this header?
谢谢!
推荐答案
客户端代理可以执行任何想要的操作,但通常不会删除任何标头。
A client proxy could do anything it wanted, but in general would not strip any headers.
以X-开头的标头通常保留用于非标准用法(即没有未来的标准会引入一个起始X-的标题)但是代理可以理解它们并选择根据需要修改它们。
Headers starting with an X- are typically reserved for nonstandard usage (i.e. no future standard will introduce a header starting X-) but a proxy may understand them and choose to modify them as it wants.
这篇关于使用“X -...”是安全的。 HTTP响应中的标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!