HTTP Headers
HTTP supports a large number of headers, some of which are designed for specific unusual purpose. Some headers can be used for both request and response, and others are specific to one of these message types. The following sections describe the headers you are likely to encounter when attacking web applications.
1.General Headers
Connection :-
This types of header tells the other end of the communication whether it should close the TCP connection after the HTTP transmission has completed or keepit open for further messages.
Content-Encoding :-
This header specifies what kind of encoding is being used for the contentcontained in the message body, such as gzip, which is used by some applications
to compress response for faster transmission.
Content-length :-
It specifies the length of the message body, in bytes (except in the case of response to HEAD request, when it indicates the length of the body in the response to the corresponding GET request).Content-Types :-
It specifies the type of content contained in the message body, such as text/html for HTML documents.Transfer-Encoding :-
It specifies any encoding that was performed on the message body to facilitate its transfer over HTTP. It is normally used to specify chunked encoding when this is employed.2.Request Headers
Accept :-
It tells the server what kinds of content the client is willing to accept, such as image types, office documents formats, and so on.Accept-Encoding :-
It tells the server credentials to the server what kind of content encoding the client is willing to accept.Authorization :-
This submits credentials to the server for one of the built HTTP authentication types.Cookies :-
This submits cookies to the server that the server previously issued.Host :-
It specifies the host name that appeared in the full URL(Uniform Resource Locator) being requested.If-Modified-Since :-
It specifies when the browser last recieved the requested resource. If the resource has not changed since that time, the server request may instruct the client to use its cashed copy, using a response with status code 304.If-None-Match :-
It specifies an entity tag, which is an identifier denoting the contents of the message body. The browser submits the entity tag that the server issued with the requested resource when it was last recieved.The server can use the entity tag to determine whether the browser may use its cached copy of the resource.Origin :-
This is used in cross-domain Ajax requests to indicates the domain from which the request originated.Referer :-
It specifies the URL from which the current request originated.User-Agent :-
It provides information about the browser or other client software that generated the request.3.Response Header
Access-Control-Allow-Origin :-
This indicates whether the resource can be retrieved via cross-domain Ajax request.Cache-Control :-
It passes caching directives to the browser (for example, no-cache).E-tag :-
It specifies any entity tag. Clients can submits this identifier in future requests for the same resources in the If-None-Match header to notify the server which version of the resource the browser currently holds in its cache.Expires :-
This tells the browser for how long the contents of the message body are valid. The browser may use the cached copy of this resource until this time.Location :-
It is used in redirection response (those that have a status code starting with 3) to specify the target of the redirect.Pragma :-
This passes caching directives to the browsers (for example, no-cache).
No comments:
Post a Comment