Request headers used - alphagov/notifications-manuals GitHub Wiki
In order to make further decisions on request headers we decided to keep a list
These were found using git grep headers\\.get and looking at headers sent during a request normally .
The links are indicative they will get out of date, but seemed worth doing.
The following is a list of public facing code bases with headers in each.
Headers potentially used by all flask apps viawerkzeug
- accept-encoding
- Expect
- content-type
- Content-Length
- host
- transfer-encoding
- pragma
- Accept
- Accept-charset
- Accept-language
- Cache-control
- If-Match
- If-None-Match
- If-modified-since
- If-unmodified-since
- If-range
- range
- user-agent
- Authorization
- etag
- location
- last-modified
notifications-utils
notifications-api
notifications-admin
- X-Forwarded-For
- Any use of session implies cookies, implies the cookie header
document-download-frontend
Nothing found
document-download-api
Some other headers that are set that we might want for logging or are consumed by other parts of the infra (or by flask). These are sent in normal requests to admin in chrome
- :authority
- :method
- :path
- :scheme
- accept
- accept-language
- cache-control
- cookie
- priority
- referer
- sec-ch-ua
- sec-ch-ua-mobile
- sec-ch-ua-platform
- sec-fetch-dest
- sec-fetch-mode
- sec-fetch-site
- sec-fetch-user
- upgrade-insecure-requests
- user-agent