This article has an unclear citation style. The references used may be made clearer with a different or consistent style of citation and footnoting.(March 2024) (Learn how and when to remove this template message)
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input. Header injection in HTTP responses can allow for HTTP response splitting, session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirect attacks via the location header.
and 26 Related for: HTTP header injection information
HTTPheaderinjection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically...
HTTPheader fields are a list of strings sent and received by both the client program and server on every HTTP request and response. These headers are...
In HTTP, "Referer" (a misspelling of Referrer) is an optional HTTPheader field that identifies the address of the web page (i.e., the URI or IRI), from...
requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested...
communications, the HTTP 404, 404 not found, 404, 404 error, page not found, or file not found error message is a hypertext transfer protocol (HTTP) standard response...
com/newpage.html"); Here is an example using a PHP redirect: <?php header("Location: https://example.com/newpage.html", true, 301); exit; Here is one way...
Temporarily" rather than "Found". An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation...
ways compression can be done in HTTP. At a lower level, a Transfer-Encoding header field may indicate the payload of an HTTP message is compressed. At a higher...
requests/responses. If the client supports keep-alive, it adds an additional header to the request: Connection: keep-alive When the server receives this request...
interpretation of Content-Length and Transfer-Encoding headers between HTTP server implementations in an HTTP proxy server chain. It was first documented in 2005...
same. The use of ETags in the HTTPheader is optional (not mandatory as with some other fields of the HTTP 1.1 header). The method by which ETags are...
of the resource (byte serving) due to a range header sent by the client. The range header is used by HTTP clients to enable resuming of interrupted downloads...
protected by HTTPS. Additionally, some free-to-use and paid WLAN networks have been observed tampering with webpages by engaging in packet injection in order...
HTTP Message Body is the data bytes transmitted in an HTTP transaction message immediately following the headers if there are any (in the case of HTTP/0...
The HTTP Location header field is returned in responses from an HTTP server under two circumstances: To ask a web browser to load a different web page...
451, it should include a "Link" HTTPheader field whose value is a URI reference identifying itself. The "Link" header field must then have a "rel" parameter...
allow intermediate HTTP nodes (proxy servers, web caches, etc.) to accomplish their functions, some of the HTTPheaders (found in HTTP requests/responses)...
(XHR) is an API in the form of a JavaScript object whose methods transmit HTTP requests from a web browser to a web server. The methods allow a browser-based...
HTTP pipelining is a feature of HTTP/1.1, which allows multiple HTTP requests to be sent over a single TCP connection without waiting for the corresponding...
superseded by alternative methods. HTTP status codes HTTPheaders Content negotiation Apache Week. HTTP/1.1 Byte Serving: definition of byte serving in the...
unchanged. Because of this, S-HTTP could be used concurrently with HTTP (unsecured) on the same port, as the unencrypted header would determine whether the...
supplied, the client re-sends the same request but adds an authentication header that includes the response code. In this example, the server accepts the...
Cookies are set using the Set-Cookie header field, sent in an HTTP response from the web server. This header field instructs the web browser to store...
how well it understands them. More precisely, the user agent provides HTTPheaders that lists acceptable aspects of the resource and quality factors for...