Network Working Group M. Nottingham Internet-Draft Expires: June 27, 2002 J. Mogul Compaq WRL December 27, 2001 HTTP Header Field-Name Registries draft-nottingham-http-header-reg-00 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on June 27, 2002. Copyright Notice Copyright (C) The Internet Society (2001). All Rights Reserved. Abstract This note establishes an IANA registry for standardized HTTP header field-names, and an IANA registry indexing known non-standardized HTTP header field-names. Nottingham & Mogul Expires June 27, 2002 [Page 1] Internet-Draft HTTP Header Registries December 2001 1. Introduction HTTP/1.0 [1] and HTTP/1.1 [11] define message headers (respectively, the HTTP-header and message-header protocol elements). These specifications define a number of HTTP headers themselves, and also provide for extension through the use of new field-names. This note establishes two IANA registries; one that catalogs standardized HTTP header field-names (i.e., those that have been subject to review as a standards track document in the IETF), and an advisory registry of known non-standard HTTP header field-names, which have not yet been subject to review. This second registry is intended to provide a list of HTTP header field-names which are in use, and to help implementors and protocol authors choose new headers field-names with less chance of collision with already-deployed headers. It operates on a first-come, first- served basis, and should not be considered to be a means of reserving or claiming the use of a header field-name. Neither registry tracks the syntax, semantics or type of field- values. Only the field-names are registered; all other details are specified in the defining document referenced by registry entries. Significant updates to such references (e.g., the replacement of a Draft Standard RFC by a Proposed Standard RFC, but not the revision of an Internet-Draft) should be reported to IANA. Note that while some HTTP headers have different semantics depending on their context (e.g., Cache-Control in requests and responses), both registries consider the HTTP header field-name name space singular. 1.1 Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [4]. An implementation is not compliant if it fails to satisfy one or more of the MUST or REQUIRED level requirements. An implementation that satisfies all the MUST or REQUIRED level and all the SHOULD level requirements is said to be "unconditionally compliant"; one that satisfies all the MUST level requirements but not all the SHOULD level requirements is said to be "conditionally compliant". 2. IANA Considerations IANA shall create registries for two name spaces, as described in Nottingham & Mogul Expires June 27, 2002 [Page 2] Internet-Draft HTTP Header Registries December 2001 BCP26 [9]: o Standardized HTTP Header Field-Name Registry o Known Non-Standardized HTTP Header Field-Name Registry 2.1 Standardized HTTP Header Field-Name Registry The Standardized HTTP Header Registry defines the name space for the field-name in the message-header of an HTTP message. Values to be added to this name space MUST be subject to review in the form of a standards track document within the IETF Applications Area. Header field-names prefixed with 'X-' MUST NOT be registered. An entry in this registry MUST include a citation to the most up-to- date standards track document(s) that specifies the syntax and semantics of the field. If a document either 'Obsoletes' or 'Updates' an older document, the entry SHOULD note that explicitly. The initial values for this registry are those specified by: o Hypertext Transfer Protocol -- HTTP/1.1 [11] (obsoletes RFC2068) - Accept, Accept-Charset, Accept-Encoding, Accept-Language, Accept- Ranges, Age, Allow, Authorization, Cache-Control, Connect, Content-Encoding, Content-Language, Content-Length, Content- Location, Content-MD5, Content-Range, Content-Type, Date, ETag, Expect, Expires, From, Host, If-Match, If-Modified-Since, If-None- Match, If-Range, If-Unmodified-Since, Last-Modified, Location, Max-Forwards, Pragma, Proxy-Authenticate, Proxy-Authorization, Range, Referer, Retry-After, Server, TE, Trailer, Transfer- Encoding, Upgrade, User-Agent, Vary, Via, Warning, WWW- Authenticate, MIME-Version, Content-Disposition o HTTP Authentication: Basic and Digest Access Authentication [12] - Authentication-Info o HTTP State Management Mechanism [3] - Set-Cookie o HTTP State Management Mechanism [16] (obsoletes RFC2109) - Cookie, Cookie2, Set-Cookie2 o Web Distributed Authoring and Versioning [10] - DAV, Depth, Destination, If, Lock-Token, Overwrite, Status-URI, Timeout o Hypertext Transfer Protocol -- HTTP/1.1 [2] (Proposed Standard - these field-names are now considered obsolete) - Content-Base, Nottingham & Mogul Expires June 27, 2002 [Page 3] Internet-Draft HTTP Header Registries December 2001 Public, Content-Version, Derived-From, Link, URI, Keep-Alive o Delta Encoding in HTTP [17] - A-IM, Delta-Base, IM o Instance Digests in HTTP [18] - Digest, Want-Digest o Simple Hit-Metering and Usage-Limiting for HTTP [5] - Meter 2.2 Known Non-Standardized HTTP Header Field-Name Registry The Known Non-Standardized HTTP Header Registry attempts to index HTTP message-header field-names in use. It is advisory only, and is intended to be used in conjunction with the Standard HTTP Header Registry as an aid in selecting new field-names, to reduce the possibility of collision. Values to be added to this name space are registered on a first-come, first-served basis. Registrations SHOULD consist of a field-name, a reference to the defining document(s) (if available), and a point of contact for the registration. Header field-names prefixed with 'X-' MUST NOT be registered. The initial values for the registry should consider the referenced document's author(s) as the point of contact for registration, if available. When a value is registered in the Standardized HTTP Header Field-Name Registry, any corresponding value in the Known Non-Standardized HTTP Header Field-Name Registry MUST be removed. The IESG MAY appoint a domain expert to control registration if it is judged that the facility is being abused. The initial values for this registry are: o Transparent Content Negotiation in HTTP [6] - Accept-Features, Alternates, Negotiate, TCN, Variant-Vary o The Safe Response Header Field [7] - Safe o Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) [8] - Accept- Additions o The Secure HyperText Transfer Protocol [13] - Content-Privacy- Domain, MAC-Info, Prearranged-Key-Info o An HTTP Extension Framework [14] - C-Ext, C-Man, C-Opt, Ext, Man, Nottingham & Mogul Expires June 27, 2002 [Page 4] Internet-Draft HTTP Header Registries December 2001 Opt o PICS Label Distribution Label Syntax and Communication Protocols [20] - PICS-Label, Protocol, Protocol-Request o Platform For Privacy Preferences 1.0 [19] - P3P o PEP - an Extension Mechanism for HTTP [23] - C-PEP, C-PEP-Info, PEP, Pep-Info o The HTTP Distribution and Replication Protocol [24] - Content-ID, Differential-ID o ESI Architecture [21] - Surrogate-Capability, Surrogate-Control o Selecting Payment Mechanisms Over HTTP [22] - Protocol, Protocol- Info, Protocol-Query, Protocol-Request o Implementation of OPS Over HTTP [25] - GetProfile, ProfileObject, SetProfile o Notification for Proxy Caches [26] - Proxy-Features, Proxy- Instruction o Object Header lines in HTTP [27] - Content-Transfer-Encoding, Cost, Message-ID, Title, Version o A Proposed Extension Mechanism for HTTP [28] - Extension o WIRE - W3 Identifier Resolution Extensions [29] - Optional, Resolution-Hint o Duplicate Suppression in HTTP [30] - SubOK, Subst o Specification of HTTP/1.1 OPTIONS messages [31] - Compliance, Non- Compliance o Undocumented HTTP header field-names - [NOTE: these headers may be removed from future drafts; please forward any known reference for them ] * Widely-used undocumented headers - Request-Range, UA-Color, UA- CPU, UA-OS, UA-Pixels * Implementation errors - Referrer * Private features - Copyright, Content, Author, Contact, Keywords, Generator, Description, Command, Session, Type, Nottingham & Mogul Expires June 27, 2002 [Page 5] Internet-Draft HTTP Header Registries December 2001 Message * Abandoned proposals - Unless-Modified-Since 3. Security Considerations HTTP header field-name registrations do not guarantee that the specified semantic or syntax of a field-value will be honored. References [1] Berners-Lee, T., Fielding, R. and H. Nielsen, "Hypertext Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. [2] Fielding, R., Gettys, J., Mogul, J., Nielsen, H. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2068, January 1997. [3] Kristol, D. and L. Montulli, "HTTP State Management Mechanism", RFC 2109, February 1997. [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [5] Mogul, J. and P. Leach, "Simple Hit-Metering and Usage-Limiting for HTTP", RFC 2227, October 1997. [6] Holtman, K. and A. Mutz, "Transparent Content Negotiation in HTTP", RFC 2295, March 1998. [7] Holtman, K., "The Safe Response Header Field", RFC 2310, April 1998. [8] Masinter, L., "Hyper Text Coffee Pot Control Protocol (HTCPCP/ 1.0)", RFC 2324, April 1998. [9] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. [10] Goland, Y., Whitehead, E., Faizi, A., Carter, S. and D. Jensen, "HTTP Extensions for Distributed Authoring -- WEBDAV", RFC 2518, February 1999. [11] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Nottingham & Mogul Expires June 27, 2002 [Page 6] Internet-Draft HTTP Header Registries December 2001 [12] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A. and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [13] Rescorla, E. and A. Schiffman, "The Secure HyperText Transfer Protocol", RFC 2660, August 1999. [14] Nielsen, H., Leach, P. and S. Lawrence, "An HTTP Extension Framework", RFC 2774, February 2000. [15] Herriot, R., Butler, S., Moore, P., Turner, R. and J. Wenn, "Internet Printing Protocol/1.1: Encoding and Transport", RFC 2910, September 2000. [16] Kristol, D. and L. Montulli, "HTTP State Management Mechanism", RFC 2965, October 2000. [17] Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A., Goland, Y., van Hoff, A. and D. Hellerstein, "Delta Encoding in HTTP", October 2001, . [18] Mogul, J. and A. van Hoff, "Instance Digests in HTTP", October 2001, . [19] Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M. and J. Reagle, "Platform For Privacy Preferences 1.0 - P3P", W3C WD-P3P, September 2001, . [20] Krauskopf, T., Miller, J., Resnick, P. and W. Treese, "PICS Label Distribution Label Syntax and Communication Protocols", W3C REC-PICS-labels, October 1996, . [21] Nottingham, M. and X. Liu, "ESI Architecture", W3C NOTE-edge- arch, August 2001, . [22] Eastlake, D., Khare, R. and J. Miller, "Selecting Payment Mechanisms Over HTTP", W3C WD-jepi-uppflow, January 1997, . [23] Frystyk Nielsen, H., Connolly, D., Khare, R. and E. Prud'hommeaux, "PEP - an Extension Mechanism for HTTP", W3C WD- http-pep, November 1997, . [24] van Hoff, A., Giannadnrea, J., Hapner, M., Carter, S. and M. Medin, "The HTTP Distribution and Replication Protocol", W3C Nottingham & Mogul Expires June 27, 2002 [Page 7] Internet-Draft HTTP Header Registries December 2001 NOTE-DRP, August 1997, . [25] Hensley, P., Metral, M., Shardanand, U., Converse, D. and M. Myers, "Implementation of OPS Over HTTP", W3C NOTE-OPS- OverHTTP, June 1997, . [26] Hallam-Baker, P., "Notification for Proxy Caches", W3C WD- proxy, February 1996, . [27] "Object Header lines in HTTP", May 1994, . [28] Kristol, D., "A Proposed Extension Mechanism for HTTP", January 1995, . [29] Girod, L., Chen, B., Frystyk Nielsen, H. and J. Mallery, "WIRE - W3 Identifier Resolution Extensions", March 1998, . [30] Mogul, J. and A. van Hoff, "Duplicate Suppression in HTTP", April 1998, . [31] Mogul, J., Cohen, J. and S. Lawrence, "Specification of HTTP/ 1.1 OPTIONS messages", August 1997, . [32] Feldmann, A., "Usage of HTTP header fields", December 1998, . Authors' Addresses Mark Nottingham EMail: mnot@pobox.com URI: http://www.mnot.net/ Nottingham & Mogul Expires June 27, 2002 [Page 8] Internet-Draft HTTP Header Registries December 2001 Jeffrey C. Mogul Western Research Laboratory, Compaq Computer Corporation 250 University Avenue Palo Alto, CA 94305 US Phone: 1 650 617 3304 (email preferred) EMail: mogul@pa.dec.com Appendix A. Acknowledgements The authors would like to thank Anja Feldmann for "Usage of HTTP header fields" [32] and the http-wg mailing list members for their input. Nottingham & Mogul Expires June 27, 2002 [Page 9] Internet-Draft HTTP Header Registries December 2001 Full Copyright Statement Copyright (C) The Internet Society (2001). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Nottingham & Mogul Expires June 27, 2002 [Page 10]