http - ghdrako/doc_snipets GitHub Wiki

• https://alexandrehtrb.github.io/posts/2024/03/http2-and-http3-explained/
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
• https://developer.mozilla.org/en-US/docs/Web/HTML?retiredLocale=pl
• RFC 9110 HTTP Semantics
• RFC 9111 HTTP Caching
• RFC 9112 Authentication Service
• RFC 9113 HTTP/2
• RFC 9114 HTTP/3 Quic

Headers

Case-insensitive headers

The headers in HTTP are case-insensitive. Some software relies on this fact, and as a result certain gateways might modify and “normalize” these headers.

Custom headers

When you create custom HTTP headers for an application, be aware of the prefix you decide to use. It used to be common to prefix custom headers with X-, for example X-My-Header. This practice is now considered bad (see RFC 6648, which deprecates it). Instead, it makes sense to create a custom prefix, such as the name of the project, product, or company, or an abbreviation of it. This prevents situations where that header will be reused by other developers who mistake it for an official part of the HTTP standard.

Viewing HTTP headers with curl

curl -I https://tutorialinux.com

• Host - only reqired header Host: example.com
• User-Agent - name and version your browser User-Agent: curl 7.0.2
• Authorization ex password or API token ex Authorization: Basic <Base64 encoding user:password>
• Cookie ex Cookie: user:test
• Cache-Control
• If-Modified-Since - only send if resource modified after this time
• Accept - MIME type you want to resposnes be Accept: image/png określa preferowane typy zawartości, które klient jest w stanie zaakceptować
• Content-Type - MIME type of request body ex application/json Content-Type: application/json
• Content-Encoding -
• Accept-Encoding to gzip and then you might get back a compressed response. Accept-Encoding: gzip
• Accept-Language - ex Accept-Language: fr-CA to get response in French
• Connection - close or keep-alive to keep connection open

response code

• Informational responses (100 – 199)
• Successful responses (200 – 299)

204 No Content to indicate that an operation was successful, especially when the API usually returns the resource that was created or modified, but in certain scenarios, like DELETEs or when it would be a waste of resources, it does not.

• Redirection messages (300 – 399)

The 3xx status code is returned quite often to inform the client about redirections, and while it might indicate that some action is needed – perhaps updating a path for some content that has moved – it’s definitely not a failure on its own. One status code in the 3xx range that tends to be seen a lot more often in production than in development is 304 Not Modified. This status code is used when the client, such as a browser or an HTTP library, sends the request with an If-Not-Modified header, especially to take advantage of caching.

• Client error responses (400 – 499)

404 Not Found status code can mean different things depending on the application. 404 can be returned by (file) servers and gateways, but also by the application. It can imply that a route does not exist, but also that a specific resource (for example, a post or comment) does not exist for some reason (for example, if, it was deleted). This is why 404 is often part of the normal response set returned by a healthy application that’s working as designed. In some situations, a client might even depend on this behavior, for example to verify that something doesn’t exist – before creating a certain resource or when indicating to a user whether a certain resource or resource name is already taken.

In other words, the 404 status code alone (without more context about the application and the request) isn’t enough to indicate a problem.

• Server error responses (500 – 599)

HTTP versions

• HTTP/1.0 and HTTP/1.1
• HTTP/2
• HTTP/3 and QUIC