View Javadoc
1   /*
2    * Copyright (C) 2011 The Guava Authors
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
5    * in compliance with the License. You may obtain a copy of the License at
6    *
7    * http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software distributed under the License
10   * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11   * or implied. See the License for the specific language governing permissions and limitations under
12   * the License.
13   */
14  
15  package com.google.common.net;
16  
17  import com.google.common.annotations.Beta;
18  import com.google.common.annotations.GwtCompatible;
19  
20  /**
21   * Contains constant definitions for the HTTP header field names. See:
22   * <ul>
23   * <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
24   * <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
25   * <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
26   * <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
27   * <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
28   * </ul>
29   *
30   *
31   * @author Kurt Alfred Kluever
32   * @since 11.0
33   */
34  @GwtCompatible
35  public final class HttpHeaders {
36    private HttpHeaders() {}
37  
38    // HTTP Request and Response header fields
39  
40    /** The HTTP {@code Cache-Control} header field name. */
41    public static final String CACHE_CONTROL = "Cache-Control";
42    /** The HTTP {@code Content-Length} header field name. */
43    public static final String CONTENT_LENGTH = "Content-Length";
44    /** The HTTP {@code Content-Type} header field name. */
45    public static final String CONTENT_TYPE = "Content-Type";
46    /** The HTTP {@code Date} header field name. */
47    public static final String DATE = "Date";
48    /** The HTTP {@code Pragma} header field name. */
49    public static final String PRAGMA = "Pragma";
50    /** The HTTP {@code Via} header field name. */
51    public static final String VIA = "Via";
52    /** The HTTP {@code Warning} header field name. */
53    public static final String WARNING = "Warning";
54  
55    // HTTP Request header fields
56  
57    /** The HTTP {@code Accept} header field name. */
58    public static final String ACCEPT = "Accept";
59    /** The HTTP {@code Accept-Charset} header field name. */
60    public static final String ACCEPT_CHARSET = "Accept-Charset";
61    /** The HTTP {@code Accept-Encoding} header field name. */
62    public static final String ACCEPT_ENCODING = "Accept-Encoding";
63    /** The HTTP {@code Accept-Language} header field name. */
64    public static final String ACCEPT_LANGUAGE = "Accept-Language";
65    /** The HTTP {@code Access-Control-Request-Headers} header field name. */
66    public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
67    /** The HTTP {@code Access-Control-Request-Method} header field name. */
68    public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
69    /** The HTTP {@code Authorization} header field name. */
70    public static final String AUTHORIZATION = "Authorization";
71    /** The HTTP {@code Connection} header field name. */
72    public static final String CONNECTION = "Connection";
73    /** The HTTP {@code Cookie} header field name. */
74    public static final String COOKIE = "Cookie";
75    /** The HTTP {@code Expect} header field name. */
76    public static final String EXPECT = "Expect";
77    /** The HTTP {@code From} header field name. */
78    public static final String FROM = "From";
79    /**
80     * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name.
81     *
82     * @since 20.0
83     */
84    public static final String FORWARDED = "Forwarded";
85    /**
86     * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
87     *
88     * @since 17.0
89     */
90    @Beta
91    public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
92    /** The HTTP {@code Host} header field name. */
93    public static final String HOST = "Host";
94    /** The HTTP {@code If-Match} header field name. */
95    public static final String IF_MATCH = "If-Match";
96    /** The HTTP {@code If-Modified-Since} header field name. */
97    public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
98    /** The HTTP {@code If-None-Match} header field name. */
99    public static final String IF_NONE_MATCH = "If-None-Match";
100   /** The HTTP {@code If-Range} header field name. */
101   public static final String IF_RANGE = "If-Range";
102   /** The HTTP {@code If-Unmodified-Since} header field name. */
103   public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
104   /** The HTTP {@code Last-Event-ID} header field name. */
105   public static final String LAST_EVENT_ID = "Last-Event-ID";
106   /** The HTTP {@code Max-Forwards} header field name. */
107   public static final String MAX_FORWARDS = "Max-Forwards";
108   /** The HTTP {@code Origin} header field name. */
109   public static final String ORIGIN = "Origin";
110   /** The HTTP {@code Proxy-Authorization} header field name. */
111   public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
112   /** The HTTP {@code Range} header field name. */
113   public static final String RANGE = "Range";
114   /** The HTTP {@code Referer} header field name. */
115   public static final String REFERER = "Referer";
116   /**
117    * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">
118    * {@code Service-Worker}</a> header field name.
119    */
120   public static final String SERVICE_WORKER = "Service-Worker";
121   /** The HTTP {@code TE} header field name. */
122   public static final String TE = "TE";
123   /** The HTTP {@code Upgrade} header field name. */
124   public static final String UPGRADE = "Upgrade";
125   /** The HTTP {@code User-Agent} header field name. */
126   public static final String USER_AGENT = "User-Agent";
127 
128   // HTTP Response header fields
129 
130   /** The HTTP {@code Accept-Ranges} header field name. */
131   public static final String ACCEPT_RANGES = "Accept-Ranges";
132   /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
133   public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
134   /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
135   public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
136   /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
137   public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
138   /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
139   public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
140   /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
141   public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
142   /** The HTTP {@code Access-Control-Max-Age} header field name. */
143   public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
144   /** The HTTP {@code Age} header field name. */
145   public static final String AGE = "Age";
146   /** The HTTP {@code Allow} header field name. */
147   public static final String ALLOW = "Allow";
148   /** The HTTP {@code Content-Disposition} header field name. */
149   public static final String CONTENT_DISPOSITION = "Content-Disposition";
150   /** The HTTP {@code Content-Encoding} header field name. */
151   public static final String CONTENT_ENCODING = "Content-Encoding";
152   /** The HTTP {@code Content-Language} header field name. */
153   public static final String CONTENT_LANGUAGE = "Content-Language";
154   /** The HTTP {@code Content-Location} header field name. */
155   public static final String CONTENT_LOCATION = "Content-Location";
156   /** The HTTP {@code Content-MD5} header field name. */
157   public static final String CONTENT_MD5 = "Content-MD5";
158   /** The HTTP {@code Content-Range} header field name. */
159   public static final String CONTENT_RANGE = "Content-Range";
160   /**
161    * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">
162    * {@code Content-Security-Policy}</a> header field name.
163    *
164    * @since 15.0
165    */
166   public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
167   /**
168    * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
169    * {@code Content-Security-Policy-Report-Only}</a> header field name.
170    *
171    * @since 15.0
172    */
173   public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
174       "Content-Security-Policy-Report-Only";
175   /**
176    * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
177    * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox
178    * until version 23 and the Internet Explorer version 10.
179    * Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
180    *
181    * @since 20.0
182    */
183   public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
184   /**
185    * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name.
186    * It was introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and
187    * used by the Firefox until version 23 and the Internet Explorer version 10.
188    * Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
189    *
190    * @since 20.0
191    */
192   public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
193       "X-Content-Security-Policy-Report-Only";
194   /**
195    * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in
196    * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
197    * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
198    *
199    * @since 20.0
200    */
201   public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
202   /**
203    * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
204    * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
205    * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
206    *
207    * @since 20.0
208    */
209   public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
210   /** The HTTP {@code ETag} header field name. */
211   public static final String ETAG = "ETag";
212   /** The HTTP {@code Expires} header field name. */
213   public static final String EXPIRES = "Expires";
214   /** The HTTP {@code Last-Modified} header field name. */
215   public static final String LAST_MODIFIED = "Last-Modified";
216   /** The HTTP {@code Link} header field name. */
217   public static final String LINK = "Link";
218   /** The HTTP {@code Location} header field name. */
219   public static final String LOCATION = "Location";
220   /** The HTTP {@code P3P} header field name. Limited browser support. */
221   public static final String P3P = "P3P";
222   /** The HTTP {@code Proxy-Authenticate} header field name. */
223   public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
224   /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
225   public static final String REFRESH = "Refresh";
226   /** The HTTP {@code Retry-After} header field name. */
227   public static final String RETRY_AFTER = "Retry-After";
228   /** The HTTP {@code Server} header field name. */
229   public static final String SERVER = "Server";
230   /**
231    * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">
232    * {@code Service-Worker-Allowed}</a> header field name.
233    *
234    * @since 20.0
235    */
236   public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
237   /** The HTTP {@code Set-Cookie} header field name. */
238   public static final String SET_COOKIE = "Set-Cookie";
239   /** The HTTP {@code Set-Cookie2} header field name. */
240   public static final String SET_COOKIE2 = "Set-Cookie2";
241   /**
242    * The HTTP
243    * <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code Strict-Transport-Security}</a>
244    * header field name.
245    *
246    * @since 15.0
247    */
248   public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
249   /**
250    * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">
251    * {@code Timing-Allow-Origin}</a> header field name.
252    *
253    * @since 15.0
254    */
255   public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
256   /** The HTTP {@code Trailer} header field name. */
257   public static final String TRAILER = "Trailer";
258   /** The HTTP {@code Transfer-Encoding} header field name. */
259   public static final String TRANSFER_ENCODING = "Transfer-Encoding";
260   /** The HTTP {@code Vary} header field name. */
261   public static final String VARY = "Vary";
262   /** The HTTP {@code WWW-Authenticate} header field name. */
263   public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
264 
265   // Common, non-standard HTTP header fields
266 
267   /** The HTTP {@code DNT} header field name. */
268   public static final String DNT = "DNT";
269   /** The HTTP {@code X-Content-Type-Options} header field name. */
270   public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
271   /** The HTTP {@code X-Do-Not-Track} header field name. */
272   public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
273   /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
274   public static final String X_FORWARDED_FOR = "X-Forwarded-For";
275   /** The HTTP {@code X-Forwarded-Proto} header field name. */
276   public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
277   /**
278    * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name.
279    *
280    * @since 20.0
281    */
282   public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
283   /**
284    * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name.
285    *
286    * @since 20.0
287    */
288   public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
289   /** The HTTP {@code X-Frame-Options} header field name. */
290   public static final String X_FRAME_OPTIONS = "X-Frame-Options";
291   /** The HTTP {@code X-Powered-By} header field name. */
292   public static final String X_POWERED_BY = "X-Powered-By";
293   /**
294    * The HTTP
295    * <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code Public-Key-Pins}</a>
296    * header field name.
297    *
298    * @since 15.0
299    */
300   @Beta public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
301   /**
302    * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">
303    * {@code Public-Key-Pins-Report-Only}</a> header field name.
304    *
305    * @since 15.0
306    */
307   @Beta public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
308   /** The HTTP {@code X-Requested-With} header field name. */
309   public static final String X_REQUESTED_WITH = "X-Requested-With";
310   /** The HTTP {@code X-User-IP} header field name. */
311   public static final String X_USER_IP = "X-User-IP";
312   /** The HTTP {@code X-XSS-Protection} header field name. */
313   public static final String X_XSS_PROTECTION = "X-XSS-Protection";
314   /**
315    * The HTTP <a
316    * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
317    * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
318    * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
319    */
320   public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
321   /**
322    * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
323    * {@code Ping-From}</a> header field name.
324    *
325    * @since 19.0
326    */
327   public static final String PING_FROM = "Ping-From";
328   /**
329    * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
330    * {@code Ping-To}</a> header field name.
331    *
332    * @since 19.0
333    */
334   public static final String PING_TO = "Ping-To";
335 }