Request for Comments: 2616                                   UC Irvine
Obsoletes: 2068                                              J. Gettys
Category: Standards Track                                   Compaq/W3C
                                                              J. Mogul
                                                                Compaq
                                                            H. Frystyk
                                                               W3C/MIT
                                                           L. Masinter
                                                                 Xerox
                                                              P. Leach
                                                             Microsoft
                                                        T. Berners-Lee
                                                               W3C/MIT
                                                             June 1999

Hypertext Transfer Protocol -- HTTP/1.1

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. It is a generic, stateless, protocol which can be used for many tasks beyond its use for hypertext, such as name servers and distributed object management systems, through extension of its request methods, error codes and headers [47]. A feature of HTTP is the typing and negotiation of data representation, allowing systems to be built independently of the data being transferred.

HTTP has been in use by the World-Wide Web global information initiative since 1990. This specification defines the protocol referred to as "HTTP/1.1", and is an update to RFC 2068 [33].

Table of Contents

  1. Introduction ... 1
    1. Purpose ... 1.1
    2. Requirements ... 1.2
    3. Terminology ... 1.3
    4. Overall Operation ... 1.4
  2. Notational Conventions and Generic Grammar ... 2
    1. Augmented BNF ... 2.1
    2. Basic Rules ... 2.2
  3. Protocol Parameters ... 3
    1. HTTP Version ... 3.1
    2. Uniform Resource Identifiers ... 3.2
      1. General Syntax ... 3.2.1
      2. http URL ... 3.2.2
      3. URI Comparison ... 3.2.3
    3. Date/Time Formats ... 3.3
      1. Full Date ... 3.3.1
      2. Delta Seconds ... 3.3.2
    4. Character Sets ... 3.4
      1. Missing Charset ... 3.4.1
    5. Content Codings ... 3.5
    6. Transfer Codings ... 3.6
      1. Chunked Transfer Coding ... 3.6.1
    7. Media Types ... 3.7
      1. Canonicalization and Text Defaults ... 3.7.1
      2. Multipart Types ... 3.7.2
    8. Product Tokens ... 3.8
    9. Quality Values ... 3.9
    10. Language Tags ... 3.10
    11. Entity Tags ... 3.11
    12. Range Units ... 3.12
  4. HTTP Message ... 4
    1. Message Types ... 4.1
    2. Message Headers ... 4.2
    3. Message Body ... 4.3
    4. Message Length ... 4.4
    5. General Header Fields ... 4.5
  5. Request ... 5
    1. Request-Line ... 5.1
      1. Method ... 5.1.1
      2. Request-URI ... 5.1.2
    2. The Resource Identified by a Request ... 5.2
    3. Request Header Fields ... 5.3
  6. Response ... 6
    1. Status-Line ... 6.1
      1. Status Code and Reason Phrase ... 6.1.1
    2. Response Header Fields ... 6.2
  7. Entity ... 7
    1. Entity Header Fields ... 7.1
    2. Entity Body ... 7.2
      1. Type ... 7.2.1
      2. Entity Length ... 7.2.2
  8. Connections ... 8
    1. Persistent Connections ... 8.1
      1. Purpose ... 8.1.1
      2. Overall Operation ... 8.1.2
      3. Proxy Servers ... 8.1.3
      4. Practical Considerations ... 8.1.4
    2. Message Transmission Requirements ... 8.2
      1. Persistent Connections and Flow Control ... 8.2.1
      2. Monitoring Connections for Error Status Messages ... 8.2.2
      3. Use of the 100 (Continue) Status ... 8.2.3
      4. Client Behavior if Server Prematurely Closes Connection ... 8.2.4
  9. Method Definitions ... 9
    1. Safe and Idempotent Methods ... 9.1
      1. Safe Methods ... 9.1.1
      2. Idempotent Methods ... 9.1.2
    2. OPTIONS ... 9.2
    3. GET ... 9.3
    4. HEAD ... 9.4
    5. POST ... 9.5
    6. PUT ... 9.6
    7. DELETE ... 9.7
    8. TRACE ... 9.8
    9. CONNECT ... 9.9
  10. Status Code Definitions ... 10
    1. Informational 1xx ... 10.1
      1. 100 Continue ... 10.1.1
      2. 101 Switching Protocols ... 10.1.2
    2. Successful 2xx ... 10.2
      1. 200 OK ... 10.2.1
      2. 201 Created ... 10.2.2
      3. 202 Accepted ... 10.2.3
      4. 203 Non-Authoritative Information ... 10.2.4
      5. 204 No Content ... 10.2.5
      6. 205 Reset Content ... 10.2.6
      7. 206 Partial Content ... 10.2.7
    3. Redirection 3xx ... 10.3
      1. 300 Multiple Choices ... 10.3.1
      2. 301 Moved Permanently ... 10.3.2
      3. 302 Found ... 10.3.3
      4. 303 See Other ... 10.3.4
      5. 304 Not Modified ... 10.3.5
      6. 305 Use Proxy ... 10.3.6
      7. 306 (Unused) ... 10.3.7
      8. 307 Temporary Redirect ... 10.3.8
    4. Client Error 4xx ... 10.4
      1. 400 Bad Request ... 10.4.1
      2. 401 Unauthorized ... 10.4.2
      3. 402 Payment Required ... 10.4.3
      4. 403 Forbidden ... 10.4.4
      5. 404 Not Found ... 10.4.5
      6. 405 Method Not Allowed ... 10.4.6
      7. 406 Not Acceptable ... 10.4.7
      8. 407 Proxy Authentication Required ... 10.4.8
      9. 408 Request Timeout ... 10.4.9
      10. 409 Conflict ... 10.4.10
      11. 410 Gone ... 10.4.11
      12. 411 Length Required ... 10.4.12
      13. 412 Precondition Failed ... 10.4.13
      14. 413 Request Entity Too Large ... 10.4.14
      15. 414 Request-URI Too Long ... 10.4.15
      16. 415 Unsupported Media Type ... 10.4.16
      17. 416 Requested Range Not Satisfiable ... 10.4.17
      18. 417 Expectation Failed ... 10.4.18
    5. Server Error 5xx ... 10.5
      1. 500 Internal Server Error ... 10.5.1
      2. 501 Not Implemented ... 10.5.2
      3. 502 Bad Gateway ... 10.5.3
      4. 503 Service Unavailable ... 10.5.4
      5. 504 Gateway Timeout ... 10.5.5
      6. 505 HTTP Version Not Supported ... 10.5.6
  11. Access Authentication ... 11
  12. Content Negotiation ... 12
    1. Server-driven Negotiation ... 12.1
    2. Agent-driven Negotiation ... 12.2
    3. Transparent Negotiation ... 12.3
  13. Caching in HTTP ... 13
    1. @@ missing
      1. Cache Correctness ... 13.1.1
      2. Warnings ... 13.1.2
      3. Cache-control Mechanisms ... 13.1.3
      4. Explicit User Agent Warnings ... 13.1.4
      5. Exceptions to the Rules and Warnings ... 13.1.5
      6. Client-controlled Behavior ... 13.1.6
    2. Expiration Model ... 13.2
      1. Server-Specified Expiration ... 13.2.1
      2. Heuristic Expiration ... 13.2.2
      3. Age Calculations ... 13.2.3
      4. Expiration Calculations ... 13.2.4
      5. Disambiguating Expiration Values ... 13.2.5
      6. Disambiguating Multiple Responses ... 13.2.6
    3. Validation Model ... 13.3
      1. Last-Modified Dates ... 13.3.1
      2. Entity Tag Cache Validators ... 13.3.2
      3. Weak and Strong Validators ... 13.3.3
      4. Rules for When to Use Entity Tags and Last-Modified Dates ... 13.3.4
      5. Non-validating Conditionals ... 13.3.5
    4. Response Cacheability ... 13.4
    5. Constructing Responses From Caches ... 13.5
      1. End-to-end and Hop-by-hop Headers ... 13.5.1
      2. Non-modifiable Headers ... 13.5.2
      3. Combining Headers ... 13.5.3
      4. Combining Byte Ranges ... 13.5.4
    6. Caching Negotiated Responses ... 13.6
    7. Shared and Non-Shared Caches ... 13.7
    8. Errors or Incomplete Response Cache Behavior ... 13.8
    9. Side Effects of GET and HEAD ... 13.9
    10. Invalidation After Updates or Deletions ... 13.10
    11. Write-Through Mandatory ... 13.11
    12. Cache Replacement ... 13.12
    13. History Lists ... 13.13
  14. Header Field Definitions ... 14
    1. Accept ... 14.1
    2. Accept-Charset ... 14.2
    3. Accept-Encoding ... 14.3
    4. Accept-Language ... 14.4
    5. Accept-Ranges ... 14.5
    6. Age ... 14.6
    7. Allow ... 14.7
    8. Authorization ... 14.8
    9. Cache-Control ... 14.9
      1. What is Cacheable ... 14.9.1
      2. What May be Stored by Caches ... 14.9.2
      3. Modifications of the Basic Expiration Mechanism ... 14.9.3
      4. Cache Revalidation and Reload Controls ... 14.9.4
      5. No-Transform Directive ... 14.9.5
      6. Cache Control Extensions ... 14.9.6
    10. Connection ... 14.10
    11. Content-Encoding ... 14.11
    12. Content-Language ... 14.12
    13. Content-Length ... 14.13
    14. Content-Location ... 14.14
    15. Content-MD5 ... 14.15
    16. Content-Range ... 14.16
    17. Content-Type ... 14.17
    18. Date ... 14.18
      1. Clockless Origin Server Operation ... 14.18.1
    19. ETag ... 14.19
    20. Expect ... 14.20
    21. Expires ... 14.21
    22. From ... 14.22
    23. Host ... 14.23
    24. If-Match ... 14.24
    25. If-Modified-Since ... 14.25
    26. If-None-Match ... 14.26
    27. If-Range ... 14.27
    28. If-Unmodified-Since ... 14.28
    29. Last-Modified ... 14.29
    30. Location ... 14.30
    31. Max-Forwards ... 14.31
    32. Pragma ... 14.32
    33. Proxy-Authenticate ... 14.33
    34. Proxy-Authorization ... 14.34
    35. Range ... 14.35
      1. Byte Ranges ... 14.35.1
      2. Range Retrieval Requests ... 14.35.2
    36. Referer ... 14.36
    37. Retry-After ... 14.37
    38. Server ... 14.38
    39. TE ... 14.39
    40. Trailer ... 14.40
    41. Transfer-Encoding ... 14.41
    42. Upgrade ... 14.42
    43. User-Agent ... 14.43
    44. Vary ... 14.44
    45. Via ... 14.45
    46. Warning ... 14.46
    47. WWW-Authenticate ... 14.47
  15. Security Considerations ... 15
    1. Personal Information ... 15.1
      1. Abuse of Server Log Information ... 15.1.1
      2. Transfer of Sensitive Information ... 15.1.2
      3. Encoding Sensitive Information in URI's ... 15.1.3
      4. Privacy Issues Connected to Accept Headers ... 15.1.4
    2. Attacks Based On File and Path Names ... 15.2
    3. DNS Spoofing ... 15.3
    4. Location Headers and Spoofing ... 15.4
    5. Content-Disposition Issues ... 15.5
    6. Authentication Credentials and Idle Clients ... 15.6
    7. Proxies and Caching ... 15.7
      1. Denial of Service Attacks on Proxies ... 15.7.1
  16. Acknowledgments ... 16
  17. References ... 17
  18. Authors' Addresses ... 18
  19. Appendices ... 19
    1. Internet Media Type message/http and application/http ... 19.1
    2. Internet Media Type multipart/byteranges ... 19.2
    3. Tolerant Applications ... 19.3
    4. Differences Between HTTP Entities and RFC 2045 Entities ... 19.4
      1. MIME-Version ... 19.4.1
      2. Conversion to Canonical Form ... 19.4.2
      3. Conversion of Date Formats ... 19.4.3
      4. Introduction of Content-Encoding ... 19.4.4
      5. No Content-Transfer-Encoding ... 19.4.5
      6. Introduction of Transfer-Encoding ... 19.4.6
      7. MHTML and Line Length Limitations ... 19.4.7
    5. Additional Features ... 19.5
      1. Content-Disposition ... 19.5.1
    6. Compatibility with Previous Versions ... 19.6
      1. Changes from HTTP/1 ... 19.6.1
      2. Compatibility with HTTP/1 ... 19.6.2
      3. Changes from RFC 2068 ... 19.6.3
  20. Index ... 20
  21. Full Copyright Statement ... 21
derived from HTTP/1.1, Internet RFC 2616, Fielding, et al.
using rfc2html Revision: 1.5 Date: 2001/06/28 15:10:34 by Dan Connolly