Network Working Group M. Nottingham
Internet-Draft
Expires: June 27, 2002 J. Mogul
Compaq WRL
December 27, 2001
HTTP Header Field-Name Registries
draft-nottingham-http-header-reg-00
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 27, 2002.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This note establishes an IANA registry for standardized HTTP header
field-names, and an IANA registry indexing known non-standardized
HTTP header field-names.
Nottingham & Mogul Expires June 27, 2002 [Page 1]
Internet-Draft HTTP Header Registries December 2001
1. Introduction
HTTP/1.0 [1] and HTTP/1.1 [11] define message headers (respectively,
the HTTP-header and message-header protocol elements). These
specifications define a number of HTTP headers themselves, and also
provide for extension through the use of new field-names.
This note establishes two IANA registries; one that catalogs
standardized HTTP header field-names (i.e., those that have been
subject to review as a standards track document in the IETF), and an
advisory registry of known non-standard HTTP header field-names,
which have not yet been subject to review.
This second registry is intended to provide a list of HTTP header
field-names which are in use, and to help implementors and protocol
authors choose new headers field-names with less chance of collision
with already-deployed headers. It operates on a first-come, first-
served basis, and should not be considered to be a means of reserving
or claiming the use of a header field-name.
Neither registry tracks the syntax, semantics or type of field-
values. Only the field-names are registered; all other details are
specified in the defining document referenced by registry entries.
Significant updates to such references (e.g., the replacement of a
Draft Standard RFC by a Proposed Standard RFC, but not the revision
of an Internet-Draft) should be reported to IANA.
Note that while some HTTP headers have different semantics depending
on their context (e.g., Cache-Control in requests and responses),
both registries consider the HTTP header field-name name space
singular.
1.1 Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [4].
An implementation is not compliant if it fails to satisfy one or more
of the MUST or REQUIRED level requirements. An implementation that
satisfies all the MUST or REQUIRED level and all the SHOULD level
requirements is said to be "unconditionally compliant"; one that
satisfies all the MUST level requirements but not all the SHOULD
level requirements is said to be "conditionally compliant".
2. IANA Considerations
IANA shall create registries for two name spaces, as described in
Nottingham & Mogul Expires June 27, 2002 [Page 2]
Internet-Draft HTTP Header Registries December 2001
BCP26 [9]:
o Standardized HTTP Header Field-Name Registry
o Known Non-Standardized HTTP Header Field-Name Registry
2.1 Standardized HTTP Header Field-Name Registry
The Standardized HTTP Header Registry defines the name space for the
field-name in the message-header of an HTTP message.
Values to be added to this name space MUST be subject to review in
the form of a standards track document within the IETF Applications
Area. Header field-names prefixed with 'X-' MUST NOT be registered.
An entry in this registry MUST include a citation to the most up-to-
date standards track document(s) that specifies the syntax and
semantics of the field. If a document either 'Obsoletes' or
'Updates' an older document, the entry SHOULD note that explicitly.
The initial values for this registry are those specified by:
o Hypertext Transfer Protocol -- HTTP/1.1 [11] (obsoletes RFC2068) -
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Accept-
Ranges, Age, Allow, Authorization, Cache-Control, Connect,
Content-Encoding, Content-Language, Content-Length, Content-
Location, Content-MD5, Content-Range, Content-Type, Date, ETag,
Expect, Expires, From, Host, If-Match, If-Modified-Since, If-None-
Match, If-Range, If-Unmodified-Since, Last-Modified, Location,
Max-Forwards, Pragma, Proxy-Authenticate, Proxy-Authorization,
Range, Referer, Retry-After, Server, TE, Trailer, Transfer-
Encoding, Upgrade, User-Agent, Vary, Via, Warning, WWW-
Authenticate, MIME-Version, Content-Disposition
o HTTP Authentication: Basic and Digest Access Authentication [12] -
Authentication-Info
o HTTP State Management Mechanism [3] - Set-Cookie
o HTTP State Management Mechanism [16] (obsoletes RFC2109) - Cookie,
Cookie2, Set-Cookie2
o Web Distributed Authoring and Versioning [10] - DAV, Depth,
Destination, If, Lock-Token, Overwrite, Status-URI, Timeout
o Hypertext Transfer Protocol -- HTTP/1.1 [2] (Proposed Standard -
these field-names are now considered obsolete) - Content-Base,
Nottingham & Mogul Expires June 27, 2002 [Page 3]
Internet-Draft HTTP Header Registries December 2001
Public, Content-Version, Derived-From, Link, URI, Keep-Alive
o Delta Encoding in HTTP [17] - A-IM, Delta-Base, IM
o Instance Digests in HTTP [18] - Digest, Want-Digest
o Simple Hit-Metering and Usage-Limiting for HTTP [5] - Meter
2.2 Known Non-Standardized HTTP Header Field-Name Registry
The Known Non-Standardized HTTP Header Registry attempts to index
HTTP message-header field-names in use. It is advisory only, and is
intended to be used in conjunction with the Standard HTTP Header
Registry as an aid in selecting new field-names, to reduce the
possibility of collision.
Values to be added to this name space are registered on a first-come,
first-served basis. Registrations SHOULD consist of a field-name, a
reference to the defining document(s) (if available), and a point of
contact for the registration. Header field-names prefixed with 'X-'
MUST NOT be registered.
The initial values for the registry should consider the referenced
document's author(s) as the point of contact for registration, if
available.
When a value is registered in the Standardized HTTP Header Field-Name
Registry, any corresponding value in the Known Non-Standardized HTTP
Header Field-Name Registry MUST be removed.
The IESG MAY appoint a domain expert to control registration if it is
judged that the facility is being abused.
The initial values for this registry are:
o Transparent Content Negotiation in HTTP [6] - Accept-Features,
Alternates, Negotiate, TCN, Variant-Vary
o The Safe Response Header Field [7] - Safe
o Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) [8] - Accept-
Additions
o The Secure HyperText Transfer Protocol [13] - Content-Privacy-
Domain, MAC-Info, Prearranged-Key-Info
o An HTTP Extension Framework [14] - C-Ext, C-Man, C-Opt, Ext, Man,
Nottingham & Mogul Expires June 27, 2002 [Page 4]
Internet-Draft HTTP Header Registries December 2001
Opt
o PICS Label Distribution Label Syntax and Communication Protocols
[20] - PICS-Label, Protocol, Protocol-Request
o Platform For Privacy Preferences 1.0 [19] - P3P
o PEP - an Extension Mechanism for HTTP [23] - C-PEP, C-PEP-Info,
PEP, Pep-Info
o The HTTP Distribution and Replication Protocol [24] - Content-ID,
Differential-ID
o ESI Architecture [21] - Surrogate-Capability, Surrogate-Control
o Selecting Payment Mechanisms Over HTTP [22] - Protocol, Protocol-
Info, Protocol-Query, Protocol-Request
o Implementation of OPS Over HTTP [25] - GetProfile, ProfileObject,
SetProfile
o Notification for Proxy Caches [26] - Proxy-Features, Proxy-
Instruction
o Object Header lines in HTTP [27] - Content-Transfer-Encoding,
Cost, Message-ID, Title, Version
o A Proposed Extension Mechanism for HTTP [28] - Extension
o WIRE - W3 Identifier Resolution Extensions [29] - Optional,
Resolution-Hint
o Duplicate Suppression in HTTP [30] - SubOK, Subst
o Specification of HTTP/1.1 OPTIONS messages [31] - Compliance, Non-
Compliance
o Undocumented HTTP header field-names - [NOTE: these headers may be
removed from future drafts; please forward any known reference for
them ]
* Widely-used undocumented headers - Request-Range, UA-Color, UA-
CPU, UA-OS, UA-Pixels
* Implementation errors - Referrer
* Private features - Copyright, Content, Author, Contact,
Keywords, Generator, Description, Command, Session, Type,
Nottingham & Mogul Expires June 27, 2002 [Page 5]
Internet-Draft HTTP Header Registries December 2001
Message
* Abandoned proposals - Unless-Modified-Since
3. Security Considerations
HTTP header field-name registrations do not guarantee that the
specified semantic or syntax of a field-value will be honored.
References
[1] Berners-Lee, T., Fielding, R. and H. Nielsen, "Hypertext
Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996.
[2] Fielding, R., Gettys, J., Mogul, J., Nielsen, H. and T.
Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC
2068, January 1997.
[3] Kristol, D. and L. Montulli, "HTTP State Management Mechanism",
RFC 2109, February 1997.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[5] Mogul, J. and P. Leach, "Simple Hit-Metering and Usage-Limiting
for HTTP", RFC 2227, October 1997.
[6] Holtman, K. and A. Mutz, "Transparent Content Negotiation in
HTTP", RFC 2295, March 1998.
[7] Holtman, K., "The Safe Response Header Field", RFC 2310, April
1998.
[8] Masinter, L., "Hyper Text Coffee Pot Control Protocol (HTCPCP/
1.0)", RFC 2324, April 1998.
[9] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October
1998.
[10] Goland, Y., Whitehead, E., Faizi, A., Carter, S. and D. Jensen,
"HTTP Extensions for Distributed Authoring -- WEBDAV", RFC
2518, February 1999.
[11] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L.,
Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999.
Nottingham & Mogul Expires June 27, 2002 [Page 6]
Internet-Draft HTTP Header Registries December 2001
[12] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
Leach, P., Luotonen, A. and L. Stewart, "HTTP Authentication:
Basic and Digest Access Authentication", RFC 2617, June 1999.
[13] Rescorla, E. and A. Schiffman, "The Secure HyperText Transfer
Protocol", RFC 2660, August 1999.
[14] Nielsen, H., Leach, P. and S. Lawrence, "An HTTP Extension
Framework", RFC 2774, February 2000.
[15] Herriot, R., Butler, S., Moore, P., Turner, R. and J. Wenn,
"Internet Printing Protocol/1.1: Encoding and Transport", RFC
2910, September 2000.
[16] Kristol, D. and L. Montulli, "HTTP State Management Mechanism",
RFC 2965, October 2000.
[17] Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A.,
Goland, Y., van Hoff, A. and D. Hellerstein, "Delta Encoding in
HTTP", October 2001, <http://search.ietf.org/internet-drafts/
draft-mogul-http-delta-10.txt>.
[18] Mogul, J. and A. van Hoff, "Instance Digests in HTTP", October
2001, <http://search.ietf.org/internet-drafts/draft-mogul-http-
digest-05.txt>.
[19] Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall,
M. and J. Reagle, "Platform For Privacy Preferences 1.0 - P3P",
W3C WD-P3P, September 2001, <http://www.w3.org/TR/P3P>.
[20] Krauskopf, T., Miller, J., Resnick, P. and W. Treese, "PICS
Label Distribution Label Syntax and Communication Protocols",
W3C REC-PICS-labels, October 1996, <http://www.w3.org/TR/REC-
PICS-labels>.
[21] Nottingham, M. and X. Liu, "ESI Architecture", W3C NOTE-edge-
arch, August 2001, <http://www.w3.org/TR/edge-arch>.
[22] Eastlake, D., Khare, R. and J. Miller, "Selecting Payment
Mechanisms Over HTTP", W3C WD-jepi-uppflow, January 1997,
<http://www.w3.org/TR/WD-jepi-uppflow>.
[23] Frystyk Nielsen, H., Connolly, D., Khare, R. and E.
Prud'hommeaux, "PEP - an Extension Mechanism for HTTP", W3C WD-
http-pep, November 1997, <http://www.w3.org/TR/WD-http-pep>.
[24] van Hoff, A., Giannadnrea, J., Hapner, M., Carter, S. and M.
Medin, "The HTTP Distribution and Replication Protocol", W3C
Nottingham & Mogul Expires June 27, 2002 [Page 7]
Internet-Draft HTTP Header Registries December 2001
NOTE-DRP, August 1997, <http://www.w3.org/TR/NOTE-drp>.
[25] Hensley, P., Metral, M., Shardanand, U., Converse, D. and M.
Myers, "Implementation of OPS Over HTTP", W3C NOTE-OPS-
OverHTTP, June 1997, <http://www.w3.org/TR/NOTE-OPS-
OverHTTP.html>.
[26] Hallam-Baker, P., "Notification for Proxy Caches", W3C WD-
proxy, February 1996, <http://www.w3.org/TR/WD-proxy>.
[27] "Object Header lines in HTTP", May 1994, <http://www.w3.org/
Protocols/HTTP/Object_Headers.html>.
[28] Kristol, D., "A Proposed Extension Mechanism for HTTP", January
1995, <http://www1.ics.uci.edu/pub/ietf/http/draft-kristol-
http-extensions-00.txt>.
[29] Girod, L., Chen, B., Frystyk Nielsen, H. and J. Mallery, "WIRE
- W3 Identifier Resolution Extensions", March 1998, <http://
www1.ics.uci.edu/pub/ietf/http/draft-girod-w3-id-res-ext-
00.txt>.
[30] Mogul, J. and A. van Hoff, "Duplicate Suppression in HTTP",
April 1998, <http://www1.ics.uci.edu/pub/ietf/http/draft-mogul-
http-dupsup-00.txt>.
[31] Mogul, J., Cohen, J. and S. Lawrence, "Specification of HTTP/
1.1 OPTIONS messages", August 1997, <http://www1.ics.uci.edu/
pub/ietf/http/draft-ietf-http-options-02.txt>.
[32] Feldmann, A., "Usage of HTTP header fields", December 1998,
<http://www.research.att.com/~anja/w3c_webchar/
http_header.html>.
Authors' Addresses
Mark Nottingham
EMail: mnot@pobox.com
URI: http://www.mnot.net/
Nottingham & Mogul Expires June 27, 2002 [Page 8]
Internet-Draft HTTP Header Registries December 2001
Jeffrey C. Mogul
Western Research Laboratory, Compaq Computer Corporation
250 University Avenue
Palo Alto, CA 94305
US
Phone: 1 650 617 3304 (email preferred)
EMail: mogul@pa.dec.com
Appendix A. Acknowledgements
The authors would like to thank Anja Feldmann for "Usage of HTTP
header fields" [32] and the http-wg mailing list members for their
input.
Nottingham & Mogul Expires June 27, 2002 [Page 9]
Internet-Draft HTTP Header Registries December 2001
Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Nottingham & Mogul Expires June 27, 2002 [Page 10]