001/*
002 * Copyright (C) 2011 The Guava Authors
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
005 * in compliance with the License. You may obtain a copy of the License at
006 *
007 * http://www.apache.org/licenses/LICENSE-2.0
008 *
009 * Unless required by applicable law or agreed to in writing, software distributed under the License
010 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
011 * or implied. See the License for the specific language governing permissions and limitations under
012 * the License.
013 */
014
015package com.google.common.net;
016
017import com.google.common.annotations.GwtCompatible;
018
019/**
020 * Contains constant definitions for the HTTP header field names. See:
021 *
022 * <ul>
023 *   <li><a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a>
024 *   <li><a href="http://www.ietf.org/rfc/rfc2183.txt">RFC 2183</a>
025 *   <li><a href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a>
026 *   <li><a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a>
027 *   <li><a href="http://www.ietf.org/rfc/rfc5988.txt">RFC 5988</a>
028 * </ul>
029 *
030 * @author Kurt Alfred Kluever
031 * @since 11.0
032 */
033@GwtCompatible
034@ElementTypesAreNonnullByDefault
035public final class HttpHeaders {
036  private HttpHeaders() {}
037
038  // HTTP Request and Response header fields
039
040  /** The HTTP {@code Cache-Control} header field name. */
041  public static final String CACHE_CONTROL = "Cache-Control";
042  /** The HTTP {@code Content-Length} header field name. */
043  public static final String CONTENT_LENGTH = "Content-Length";
044  /** The HTTP {@code Content-Type} header field name. */
045  public static final String CONTENT_TYPE = "Content-Type";
046  /** The HTTP {@code Date} header field name. */
047  public static final String DATE = "Date";
048  /** The HTTP {@code Pragma} header field name. */
049  public static final String PRAGMA = "Pragma";
050  /** The HTTP {@code Via} header field name. */
051  public static final String VIA = "Via";
052  /** The HTTP {@code Warning} header field name. */
053  public static final String WARNING = "Warning";
054
055  // HTTP Request header fields
056
057  /** The HTTP {@code Accept} header field name. */
058  public static final String ACCEPT = "Accept";
059  /** The HTTP {@code Accept-Charset} header field name. */
060  public static final String ACCEPT_CHARSET = "Accept-Charset";
061  /** The HTTP {@code Accept-Encoding} header field name. */
062  public static final String ACCEPT_ENCODING = "Accept-Encoding";
063  /** The HTTP {@code Accept-Language} header field name. */
064  public static final String ACCEPT_LANGUAGE = "Accept-Language";
065  /** The HTTP {@code Access-Control-Request-Headers} header field name. */
066  public static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
067  /** The HTTP {@code Access-Control-Request-Method} header field name. */
068  public static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
069  /** The HTTP {@code Authorization} header field name. */
070  public static final String AUTHORIZATION = "Authorization";
071  /** The HTTP {@code Connection} header field name. */
072  public static final String CONNECTION = "Connection";
073  /** The HTTP {@code Cookie} header field name. */
074  public static final String COOKIE = "Cookie";
075  /**
076   * The HTTP <a href="https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header">{@code
077   * Cross-Origin-Resource-Policy}</a> header field name.
078   *
079   * @since 28.0
080   */
081  public static final String CROSS_ORIGIN_RESOURCE_POLICY = "Cross-Origin-Resource-Policy";
082  /**
083   * The HTTP <a href="https://tools.ietf.org/html/rfc8470">{@code Early-Data}</a> header field
084   * name.
085   *
086   * @since 27.0
087   */
088  public static final String EARLY_DATA = "Early-Data";
089  /** The HTTP {@code Expect} header field name. */
090  public static final String EXPECT = "Expect";
091  /** The HTTP {@code From} header field name. */
092  public static final String FROM = "From";
093  /**
094   * The HTTP <a href="https://tools.ietf.org/html/rfc7239">{@code Forwarded}</a> header field name.
095   *
096   * @since 20.0
097   */
098  public static final String FORWARDED = "Forwarded";
099  /**
100   * The HTTP {@code Follow-Only-When-Prerender-Shown} header field name.
101   *
102   * @since 17.0
103   */
104  public static final String FOLLOW_ONLY_WHEN_PRERENDER_SHOWN = "Follow-Only-When-Prerender-Shown";
105  /** The HTTP {@code Host} header field name. */
106  public static final String HOST = "Host";
107  /**
108   * The HTTP <a href="https://tools.ietf.org/html/rfc7540#section-3.2.1">{@code HTTP2-Settings}
109   * </a> header field name.
110   *
111   * @since 24.0
112   */
113  public static final String HTTP2_SETTINGS = "HTTP2-Settings";
114  /** The HTTP {@code If-Match} header field name. */
115  public static final String IF_MATCH = "If-Match";
116  /** The HTTP {@code If-Modified-Since} header field name. */
117  public static final String IF_MODIFIED_SINCE = "If-Modified-Since";
118  /** The HTTP {@code If-None-Match} header field name. */
119  public static final String IF_NONE_MATCH = "If-None-Match";
120  /** The HTTP {@code If-Range} header field name. */
121  public static final String IF_RANGE = "If-Range";
122  /** The HTTP {@code If-Unmodified-Since} header field name. */
123  public static final String IF_UNMODIFIED_SINCE = "If-Unmodified-Since";
124  /** The HTTP {@code Last-Event-ID} header field name. */
125  public static final String LAST_EVENT_ID = "Last-Event-ID";
126  /** The HTTP {@code Max-Forwards} header field name. */
127  public static final String MAX_FORWARDS = "Max-Forwards";
128  /** The HTTP {@code Origin} header field name. */
129  public static final String ORIGIN = "Origin";
130  /**
131   * The HTTP <a href="https://github.com/WICG/origin-isolation">{@code Origin-Isolation}</a> header
132   * field name.
133   *
134   * @since 30.1
135   */
136  public static final String ORIGIN_ISOLATION = "Origin-Isolation";
137  /** The HTTP {@code Proxy-Authorization} header field name. */
138  public static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
139  /** The HTTP {@code Range} header field name. */
140  public static final String RANGE = "Range";
141  /** The HTTP {@code Referer} header field name. */
142  public static final String REFERER = "Referer";
143  /**
144   * The HTTP <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a> header
145   * field name.
146   *
147   * @since 23.4
148   */
149  public static final String REFERRER_POLICY = "Referrer-Policy";
150
151  /**
152   * Values for the <a href="https://www.w3.org/TR/referrer-policy/">{@code Referrer-Policy}</a>
153   * header.
154   *
155   * @since 23.4
156   */
157  public static final class ReferrerPolicyValues {
158    private ReferrerPolicyValues() {}
159
160    public static final String NO_REFERRER = "no-referrer";
161    public static final String NO_REFFERER_WHEN_DOWNGRADE = "no-referrer-when-downgrade";
162    public static final String SAME_ORIGIN = "same-origin";
163    public static final String ORIGIN = "origin";
164    public static final String STRICT_ORIGIN = "strict-origin";
165    public static final String ORIGIN_WHEN_CROSS_ORIGIN = "origin-when-cross-origin";
166    public static final String STRICT_ORIGIN_WHEN_CROSS_ORIGIN = "strict-origin-when-cross-origin";
167    public static final String UNSAFE_URL = "unsafe-url";
168  }
169
170  /**
171   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
172   * Service-Worker}</a> header field name.
173   *
174   * @since 20.0
175   */
176  public static final String SERVICE_WORKER = "Service-Worker";
177  /** The HTTP {@code TE} header field name. */
178  public static final String TE = "TE";
179  /** The HTTP {@code Upgrade} header field name. */
180  public static final String UPGRADE = "Upgrade";
181  /**
182   * The HTTP <a href="https://w3c.github.io/webappsec-upgrade-insecure-requests/#preference">{@code
183   * Upgrade-Insecure-Requests}</a> header field name.
184   *
185   * @since 28.1
186   */
187  public static final String UPGRADE_INSECURE_REQUESTS = "Upgrade-Insecure-Requests";
188
189  /** The HTTP {@code User-Agent} header field name. */
190  public static final String USER_AGENT = "User-Agent";
191
192  // HTTP Response header fields
193
194  /** The HTTP {@code Accept-Ranges} header field name. */
195  public static final String ACCEPT_RANGES = "Accept-Ranges";
196  /** The HTTP {@code Access-Control-Allow-Headers} header field name. */
197  public static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
198  /** The HTTP {@code Access-Control-Allow-Methods} header field name. */
199  public static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
200  /** The HTTP {@code Access-Control-Allow-Origin} header field name. */
201  public static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
202  /**
203   * The HTTP <a href="https://wicg.github.io/private-network-access/#headers">{@code
204   * Access-Control-Allow-Private-Network}</a> header field name.
205   *
206   * @since 31.1
207   */
208  public static final String ACCESS_CONTROL_ALLOW_PRIVATE_NETWORK =
209      "Access-Control-Allow-Private-Network";
210  /** The HTTP {@code Access-Control-Allow-Credentials} header field name. */
211  public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
212  /** The HTTP {@code Access-Control-Expose-Headers} header field name. */
213  public static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers";
214  /** The HTTP {@code Access-Control-Max-Age} header field name. */
215  public static final String ACCESS_CONTROL_MAX_AGE = "Access-Control-Max-Age";
216  /** The HTTP {@code Age} header field name. */
217  public static final String AGE = "Age";
218  /** The HTTP {@code Allow} header field name. */
219  public static final String ALLOW = "Allow";
220  /** The HTTP {@code Content-Disposition} header field name. */
221  public static final String CONTENT_DISPOSITION = "Content-Disposition";
222  /** The HTTP {@code Content-Encoding} header field name. */
223  public static final String CONTENT_ENCODING = "Content-Encoding";
224  /** The HTTP {@code Content-Language} header field name. */
225  public static final String CONTENT_LANGUAGE = "Content-Language";
226  /** The HTTP {@code Content-Location} header field name. */
227  public static final String CONTENT_LOCATION = "Content-Location";
228  /** The HTTP {@code Content-MD5} header field name. */
229  public static final String CONTENT_MD5 = "Content-MD5";
230  /** The HTTP {@code Content-Range} header field name. */
231  public static final String CONTENT_RANGE = "Content-Range";
232  /**
233   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-header-field">{@code
234   * Content-Security-Policy}</a> header field name.
235   *
236   * @since 15.0
237   */
238  public static final String CONTENT_SECURITY_POLICY = "Content-Security-Policy";
239  /**
240   * The HTTP <a href="http://w3.org/TR/CSP/#content-security-policy-report-only-header-field">
241   * {@code Content-Security-Policy-Report-Only}</a> header field name.
242   *
243   * @since 15.0
244   */
245  public static final String CONTENT_SECURITY_POLICY_REPORT_ONLY =
246      "Content-Security-Policy-Report-Only";
247  /**
248   * The HTTP nonstandard {@code X-Content-Security-Policy} header field name. It was introduced in
249   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Firefox until
250   * version 23 and the Internet Explorer version 10. Please, use {@link #CONTENT_SECURITY_POLICY}
251   * to pass the CSP.
252   *
253   * @since 20.0
254   */
255  public static final String X_CONTENT_SECURITY_POLICY = "X-Content-Security-Policy";
256  /**
257   * The HTTP nonstandard {@code X-Content-Security-Policy-Report-Only} header field name. It was
258   * introduced in <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the
259   * Firefox until version 23 and the Internet Explorer version 10. Please, use {@link
260   * #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
261   *
262   * @since 20.0
263   */
264  public static final String X_CONTENT_SECURITY_POLICY_REPORT_ONLY =
265      "X-Content-Security-Policy-Report-Only";
266  /**
267   * The HTTP nonstandard {@code X-WebKit-CSP} header field name. It was introduced in <a
268   * href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
269   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY} to pass the CSP.
270   *
271   * @since 20.0
272   */
273  public static final String X_WEBKIT_CSP = "X-WebKit-CSP";
274  /**
275   * The HTTP nonstandard {@code X-WebKit-CSP-Report-Only} header field name. It was introduced in
276   * <a href="https://www.w3.org/TR/2011/WD-CSP-20111129/">CSP v.1</a> and used by the Chrome until
277   * version 25. Please, use {@link #CONTENT_SECURITY_POLICY_REPORT_ONLY} to pass the CSP.
278   *
279   * @since 20.0
280   */
281  public static final String X_WEBKIT_CSP_REPORT_ONLY = "X-WebKit-CSP-Report-Only";
282  /**
283   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP">{@code
284   * Cross-Origin-Embedder-Policy}</a> header field name.
285   *
286   * @since 30.0
287   */
288  public static final String CROSS_ORIGIN_EMBEDDER_POLICY = "Cross-Origin-Embedder-Policy";
289  /**
290   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
291   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
292   *
293   * @since 30.0
294   */
295  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
296      "Cross-Origin-Embedder-Policy-Report-Only";
297  /**
298   * The HTTP Cross-Origin-Opener-Policy header field name.
299   *
300   * @since 28.2
301   */
302  public static final String CROSS_ORIGIN_OPENER_POLICY = "Cross-Origin-Opener-Policy";
303  /** The HTTP {@code ETag} header field name. */
304  public static final String ETAG = "ETag";
305  /** The HTTP {@code Expires} header field name. */
306  public static final String EXPIRES = "Expires";
307  /** The HTTP {@code Last-Modified} header field name. */
308  public static final String LAST_MODIFIED = "Last-Modified";
309  /** The HTTP {@code Link} header field name. */
310  public static final String LINK = "Link";
311  /** The HTTP {@code Location} header field name. */
312  public static final String LOCATION = "Location";
313  /**
314   * The HTTP {@code Keep-Alive} header field name.
315   *
316   * @since 31.0
317   */
318  public static final String KEEP_ALIVE = "Keep-Alive";
319  /**
320   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/no-vary-search.md">{@code
321   * No-Vary-Seearch}</a> header field name.
322   *
323   * @since 32.0.0
324   */
325  public static final String NO_VARY_SEARCH = "No-Vary-Search";
326  /**
327   * The HTTP <a href="https://googlechrome.github.io/OriginTrials/#header">{@code Origin-Trial}</a>
328   * header field name.
329   *
330   * @since 27.1
331   */
332  public static final String ORIGIN_TRIAL = "Origin-Trial";
333  /** The HTTP {@code P3P} header field name. Limited browser support. */
334  public static final String P3P = "P3P";
335  /** The HTTP {@code Proxy-Authenticate} header field name. */
336  public static final String PROXY_AUTHENTICATE = "Proxy-Authenticate";
337  /** The HTTP {@code Refresh} header field name. Non-standard header supported by most browsers. */
338  public static final String REFRESH = "Refresh";
339  /**
340   * The HTTP <a href="https://www.w3.org/TR/reporting/">{@code Report-To}</a> header field name.
341   *
342   * @since 27.1
343   */
344  public static final String REPORT_TO = "Report-To";
345  /** The HTTP {@code Retry-After} header field name. */
346  public static final String RETRY_AFTER = "Retry-After";
347  /** The HTTP {@code Server} header field name. */
348  public static final String SERVER = "Server";
349  /**
350   * The HTTP <a href="https://www.w3.org/TR/server-timing/">{@code Server-Timing}</a> header field
351   * name.
352   *
353   * @since 23.6
354   */
355  public static final String SERVER_TIMING = "Server-Timing";
356  /**
357   * The HTTP <a href="https://www.w3.org/TR/service-workers/#update-algorithm">{@code
358   * Service-Worker-Allowed}</a> header field name.
359   *
360   * @since 20.0
361   */
362  public static final String SERVICE_WORKER_ALLOWED = "Service-Worker-Allowed";
363  /** The HTTP {@code Set-Cookie} header field name. */
364  public static final String SET_COOKIE = "Set-Cookie";
365  /** The HTTP {@code Set-Cookie2} header field name. */
366  public static final String SET_COOKIE2 = "Set-Cookie2";
367
368  /**
369   * The HTTP <a href="http://goo.gl/Dxx19N">{@code SourceMap}</a> header field name.
370   *
371   * @since 27.1
372   */
373  public static final String SOURCE_MAP = "SourceMap";
374
375  /**
376   * The HTTP <a href="https://github.com/WICG/nav-speculation/blob/main/opt-in.md">{@code
377   * Supports-Loading-Mode}</a> header field name. This can be used to specify, for example, <a
378   * href="https://developer.chrome.com/docs/privacy-sandbox/fenced-frame/#server-opt-in">fenced
379   * frames</a>.
380   *
381   * @since 32.0.0
382   */
383  public static final String SUPPORTS_LOADING_MODE = "Supports-Loading-Mode";
384
385  /**
386   * The HTTP <a href="http://tools.ietf.org/html/rfc6797#section-6.1">{@code
387   * Strict-Transport-Security}</a> header field name.
388   *
389   * @since 15.0
390   */
391  public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
392  /**
393   * The HTTP <a href="http://www.w3.org/TR/resource-timing/#cross-origin-resources">{@code
394   * Timing-Allow-Origin}</a> header field name.
395   *
396   * @since 15.0
397   */
398  public static final String TIMING_ALLOW_ORIGIN = "Timing-Allow-Origin";
399  /** The HTTP {@code Trailer} header field name. */
400  public static final String TRAILER = "Trailer";
401  /** The HTTP {@code Transfer-Encoding} header field name. */
402  public static final String TRANSFER_ENCODING = "Transfer-Encoding";
403  /** The HTTP {@code Vary} header field name. */
404  public static final String VARY = "Vary";
405  /** The HTTP {@code WWW-Authenticate} header field name. */
406  public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
407
408  // Common, non-standard HTTP header fields
409
410  /** The HTTP {@code DNT} header field name. */
411  public static final String DNT = "DNT";
412  /** The HTTP {@code X-Content-Type-Options} header field name. */
413  public static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
414  /**
415   * The HTTP <a
416   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
417   * X-Device-IP}</a> header field name. Header used for VAST requests to provide the IP address of
418   * the device on whose behalf the request is being made.
419   *
420   * @since 31.0
421   */
422  public static final String X_DEVICE_IP = "X-Device-IP";
423  /**
424   * The HTTP <a
425   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
426   * X-Device-Referer}</a> header field name. Header used for VAST requests to provide the {@link
427   * #REFERER} header value that the on-behalf-of client would have used when making a request
428   * itself.
429   *
430   * @since 31.0
431   */
432  public static final String X_DEVICE_REFERER = "X-Device-Referer";
433  /**
434   * The HTTP <a
435   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
436   * X-Device-Accept-Language}</a> header field name. Header used for VAST requests to provide the
437   * {@link #ACCEPT_LANGUAGE} header value that the on-behalf-of client would have used when making
438   * a request itself.
439   *
440   * @since 31.0
441   */
442  public static final String X_DEVICE_ACCEPT_LANGUAGE = "X-Device-Accept-Language";
443  /**
444   * The HTTP <a
445   * href="https://iabtechlab.com/wp-content/uploads/2019/06/VAST_4.2_final_june26.pdf">{@code
446   * X-Device-Requested-With}</a> header field name. Header used for VAST requests to provide the
447   * {@link #X_REQUESTED_WITH} header value that the on-behalf-of client would have used when making
448   * a request itself.
449   *
450   * @since 31.0
451   */
452  public static final String X_DEVICE_REQUESTED_WITH = "X-Device-Requested-With";
453  /** The HTTP {@code X-Do-Not-Track} header field name. */
454  public static final String X_DO_NOT_TRACK = "X-Do-Not-Track";
455  /** The HTTP {@code X-Forwarded-For} header field name (superseded by {@code Forwarded}). */
456  public static final String X_FORWARDED_FOR = "X-Forwarded-For";
457  /** The HTTP {@code X-Forwarded-Proto} header field name. */
458  public static final String X_FORWARDED_PROTO = "X-Forwarded-Proto";
459  /**
460   * The HTTP <a href="http://goo.gl/lQirAH">{@code X-Forwarded-Host}</a> header field name.
461   *
462   * @since 20.0
463   */
464  public static final String X_FORWARDED_HOST = "X-Forwarded-Host";
465  /**
466   * The HTTP <a href="http://goo.gl/YtV2at">{@code X-Forwarded-Port}</a> header field name.
467   *
468   * @since 20.0
469   */
470  public static final String X_FORWARDED_PORT = "X-Forwarded-Port";
471  /** The HTTP {@code X-Frame-Options} header field name. */
472  public static final String X_FRAME_OPTIONS = "X-Frame-Options";
473  /** The HTTP {@code X-Powered-By} header field name. */
474  public static final String X_POWERED_BY = "X-Powered-By";
475  /**
476   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
477   * Public-Key-Pins}</a> header field name.
478   *
479   * @since 15.0
480   */
481  public static final String PUBLIC_KEY_PINS = "Public-Key-Pins";
482  /**
483   * The HTTP <a href="http://tools.ietf.org/html/draft-evans-palmer-key-pinning">{@code
484   * Public-Key-Pins-Report-Only}</a> header field name.
485   *
486   * @since 15.0
487   */
488  public static final String PUBLIC_KEY_PINS_REPORT_ONLY = "Public-Key-Pins-Report-Only";
489  /**
490   * The HTTP {@code X-Request-ID} header field name.
491   *
492   * @since 30.1
493   */
494  public static final String X_REQUEST_ID = "X-Request-ID";
495  /** The HTTP {@code X-Requested-With} header field name. */
496  public static final String X_REQUESTED_WITH = "X-Requested-With";
497  /** The HTTP {@code X-User-IP} header field name. */
498  public static final String X_USER_IP = "X-User-IP";
499  /**
500   * The HTTP <a href="https://goo.gl/VKpXxa">{@code X-Download-Options}</a> header field name.
501   *
502   * <p>When the new X-Download-Options header is present with the value {@code noopen}, the user is
503   * prevented from opening a file download directly; instead, they must first save the file
504   * locally.
505   *
506   * @since 24.1
507   */
508  public static final String X_DOWNLOAD_OPTIONS = "X-Download-Options";
509  /** The HTTP {@code X-XSS-Protection} header field name. */
510  public static final String X_XSS_PROTECTION = "X-XSS-Protection";
511  /**
512   * The HTTP <a
513   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">{@code
514   * X-DNS-Prefetch-Control}</a> header controls DNS prefetch behavior. Value can be "on" or "off".
515   * By default, DNS prefetching is "on" for HTTP pages and "off" for HTTPS pages.
516   */
517  public static final String X_DNS_PREFETCH_CONTROL = "X-DNS-Prefetch-Control";
518  /**
519   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
520   * {@code Ping-From}</a> header field name.
521   *
522   * @since 19.0
523   */
524  public static final String PING_FROM = "Ping-From";
525  /**
526   * The HTTP <a href="http://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing">
527   * {@code Ping-To}</a> header field name.
528   *
529   * @since 19.0
530   */
531  public static final String PING_TO = "Ping-To";
532
533  /**
534   * The HTTP <a
535   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
536   * Purpose}</a> header field name.
537   *
538   * @since 28.0
539   */
540  public static final String PURPOSE = "Purpose";
541  /**
542   * The HTTP <a
543   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
544   * X-Purpose}</a> header field name.
545   *
546   * @since 28.0
547   */
548  public static final String X_PURPOSE = "X-Purpose";
549  /**
550   * The HTTP <a
551   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#As_a_server_admin.2C_can_I_distinguish_prefetch_requests_from_normal_requests.3F">{@code
552   * X-Moz}</a> header field name.
553   *
554   * @since 28.0
555   */
556  public static final String X_MOZ = "X-Moz";
557
558  /**
559   * The HTTP <a
560   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Device-Memory">{@code
561   * Device-Memory}</a> header field name.
562   *
563   * @since 31.0
564   */
565  public static final String DEVICE_MEMORY = "Device-Memory";
566
567  /**
568   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Downlink">{@code
569   * Downlink}</a> header field name.
570   *
571   * @since 31.0
572   */
573  public static final String DOWNLINK = "Downlink";
574
575  /**
576   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ECT">{@code
577   * ECT}</a> header field name.
578   *
579   * @since 31.0
580   */
581  public static final String ECT = "ECT";
582
583  /**
584   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/RTT">{@code
585   * RTT}</a> header field name.
586   *
587   * @since 31.0
588   */
589  public static final String RTT = "RTT";
590
591  /**
592   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Save-Data">{@code
593   * Save-Data}</a> header field name.
594   *
595   * @since 31.0
596   */
597  public static final String SAVE_DATA = "Save-Data";
598
599  /**
600   * The HTTP <a
601   * href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Viewport-Width">{@code
602   * Viewport-Width}</a> header field name.
603   *
604   * @since 31.0
605   */
606  public static final String VIEWPORT_WIDTH = "Viewport-Width";
607
608  /**
609   * The HTTP <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Width">{@code
610   * Width}</a> header field name.
611   *
612   * @since 31.0
613   */
614  public static final String WIDTH = "Width";
615
616  /**
617   * The HTTP <a href="https://www.w3.org/TR/permissions-policy-1/">{@code Permissions-Policy}</a>
618   * header field name.
619   *
620   * @since 31.0
621   */
622  public static final String PERMISSIONS_POLICY = "Permissions-Policy";
623
624  /**
625   * The HTTP <a
626   * href="https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-report-only-http-header-field">{@code
627   * Permissions-Policy-Report-Only}</a> header field name.
628   *
629   * @since 33.2.0
630   */
631  public static final String PERMISSIONS_POLICY_REPORT_ONLY = "Permissions-Policy-Report-Only";
632
633  /**
634   * The HTTP <a
635   * href="https://wicg.github.io/user-preference-media-features-headers/#sec-ch-prefers-color-scheme">{@code
636   * Sec-CH-Prefers-Color-Scheme}</a> header field name.
637   *
638   * <p>This header is experimental.
639   *
640   * @since 31.0
641   */
642  public static final String SEC_CH_PREFERS_COLOR_SCHEME = "Sec-CH-Prefers-Color-Scheme";
643
644  /**
645   * The HTTP <a
646   * href="https://www.rfc-editor.org/rfc/rfc8942#name-the-accept-ch-response-head">{@code
647   * Accept-CH}</a> header field name.
648   *
649   * @since 31.0
650   */
651  public static final String ACCEPT_CH = "Accept-CH";
652  /**
653   * The HTTP <a
654   * href="https://datatracker.ietf.org/doc/html/draft-davidben-http-client-hint-reliability-03.txt#section-3">{@code
655   * Critical-CH}</a> header field name.
656   *
657   * @since 31.0
658   */
659  public static final String CRITICAL_CH = "Critical-CH";
660
661  /**
662   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua">{@code Sec-CH-UA}</a>
663   * header field name.
664   *
665   * @since 30.0
666   */
667  public static final String SEC_CH_UA = "Sec-CH-UA";
668  /**
669   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-arch">{@code
670   * Sec-CH-UA-Arch}</a> header field name.
671   *
672   * @since 30.0
673   */
674  public static final String SEC_CH_UA_ARCH = "Sec-CH-UA-Arch";
675  /**
676   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-model">{@code
677   * Sec-CH-UA-Model}</a> header field name.
678   *
679   * @since 30.0
680   */
681  public static final String SEC_CH_UA_MODEL = "Sec-CH-UA-Model";
682  /**
683   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform">{@code
684   * Sec-CH-UA-Platform}</a> header field name.
685   *
686   * @since 30.0
687   */
688  public static final String SEC_CH_UA_PLATFORM = "Sec-CH-UA-Platform";
689  /**
690   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-platform-version">{@code
691   * Sec-CH-UA-Platform-Version}</a> header field name.
692   *
693   * @since 30.0
694   */
695  public static final String SEC_CH_UA_PLATFORM_VERSION = "Sec-CH-UA-Platform-Version";
696  /**
697   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version">{@code
698   * Sec-CH-UA-Full-Version}</a> header field name.
699   *
700   * @deprecated Prefer {@link SEC_CH_UA_FULL_VERSION_LIST}.
701   * @since 30.0
702   */
703  @Deprecated public static final String SEC_CH_UA_FULL_VERSION = "Sec-CH-UA-Full-Version";
704  /**
705   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list">{@code
706   * Sec-CH-UA-Full-Version}</a> header field name.
707   *
708   * @since 31.1
709   */
710  public static final String SEC_CH_UA_FULL_VERSION_LIST = "Sec-CH-UA-Full-Version-List";
711  /**
712   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-mobile">{@code
713   * Sec-CH-UA-Mobile}</a> header field name.
714   *
715   * @since 30.0
716   */
717  public static final String SEC_CH_UA_MOBILE = "Sec-CH-UA-Mobile";
718  /**
719   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-wow64">{@code
720   * Sec-CH-UA-WoW64}</a> header field name.
721   *
722   * @since 32.0.0
723   */
724  public static final String SEC_CH_UA_WOW64 = "Sec-CH-UA-WoW64";
725  /**
726   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-bitness">{@code
727   * Sec-CH-UA-Bitness}</a> header field name.
728   *
729   * @since 31.0
730   */
731  public static final String SEC_CH_UA_BITNESS = "Sec-CH-UA-Bitness";
732  /**
733   * The HTTP <a href="https://wicg.github.io/ua-client-hints/#sec-ch-ua-form-factor">{@code
734   * Sec-CH-UA-Form-Factor}</a> header field name.
735   *
736   * @since 32.0.0
737   */
738  public static final String SEC_CH_UA_FORM_FACTOR = "Sec-CH-UA-Form-Factor";
739  /**
740   * The HTTP <a
741   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-width">{@code
742   * Sec-CH-Viewport-Width}</a> header field name.
743   *
744   * @since 32.0.0
745   */
746  public static final String SEC_CH_VIEWPORT_WIDTH = "Sec-CH-Viewport-Width";
747  /**
748   * The HTTP <a
749   * href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-viewport-height">{@code
750   * Sec-CH-Viewport-Height}</a> header field name.
751   *
752   * @since 32.0.0
753   */
754  public static final String SEC_CH_VIEWPORT_HEIGHT = "Sec-CH-Viewport-Height";
755  /**
756   * The HTTP <a href="https://wicg.github.io/responsive-image-client-hints/#sec-ch-dpr">{@code
757   * Sec-CH-DPR}</a> header field name.
758   *
759   * @since 32.0.0
760   */
761  public static final String SEC_CH_DPR = "Sec-CH-DPR";
762  /**
763   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Dest}</a>
764   * header field name.
765   *
766   * @since 27.1
767   */
768  public static final String SEC_FETCH_DEST = "Sec-Fetch-Dest";
769  /**
770   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Mode}</a>
771   * header field name.
772   *
773   * @since 27.1
774   */
775  public static final String SEC_FETCH_MODE = "Sec-Fetch-Mode";
776  /**
777   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-Site}</a>
778   * header field name.
779   *
780   * @since 27.1
781   */
782  public static final String SEC_FETCH_SITE = "Sec-Fetch-Site";
783  /**
784   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Fetch-User}</a>
785   * header field name.
786   *
787   * @since 27.1
788   */
789  public static final String SEC_FETCH_USER = "Sec-Fetch-User";
790  /**
791   * The HTTP <a href="https://w3c.github.io/webappsec-fetch-metadata/">{@code Sec-Metadata}</a>
792   * header field name.
793   *
794   * @since 26.0
795   */
796  public static final String SEC_METADATA = "Sec-Metadata";
797  /**
798   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-https">{@code
799   * Sec-Token-Binding}</a> header field name.
800   *
801   * @since 25.1
802   */
803  public static final String SEC_TOKEN_BINDING = "Sec-Token-Binding";
804  /**
805   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
806   * Sec-Provided-Token-Binding-ID}</a> header field name.
807   *
808   * @since 25.1
809   */
810  public static final String SEC_PROVIDED_TOKEN_BINDING_ID = "Sec-Provided-Token-Binding-ID";
811  /**
812   * The HTTP <a href="https://tools.ietf.org/html/draft-ietf-tokbind-ttrp">{@code
813   * Sec-Referred-Token-Binding-ID}</a> header field name.
814   *
815   * @since 25.1
816   */
817  public static final String SEC_REFERRED_TOKEN_BINDING_ID = "Sec-Referred-Token-Binding-ID";
818  /**
819   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Accept}</a> header
820   * field name.
821   *
822   * @since 28.0
823   */
824  public static final String SEC_WEBSOCKET_ACCEPT = "Sec-WebSocket-Accept";
825  /**
826   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Extensions}</a>
827   * header field name.
828   *
829   * @since 28.0
830   */
831  public static final String SEC_WEBSOCKET_EXTENSIONS = "Sec-WebSocket-Extensions";
832  /**
833   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Key}</a> header
834   * field name.
835   *
836   * @since 28.0
837   */
838  public static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
839  /**
840   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Protocol}</a>
841   * header field name.
842   *
843   * @since 28.0
844   */
845  public static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
846  /**
847   * The HTTP <a href="https://tools.ietf.org/html/rfc6455">{@code Sec-WebSocket-Version}</a> header
848   * field name.
849   *
850   * @since 28.0
851   */
852  public static final String SEC_WEBSOCKET_VERSION = "Sec-WebSocket-Version";
853  /**
854   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
855   * Sec-Browsing-Topics}</a> header field name.
856   *
857   * @since 32.0.0
858   */
859  public static final String SEC_BROWSING_TOPICS = "Sec-Browsing-Topics";
860  /**
861   * The HTTP <a href="https://patcg-individual-drafts.github.io/topics/">{@code
862   * Observe-Browsing-Topics}</a> header field name.
863   *
864   * @since 32.0.0
865   */
866  public static final String OBSERVE_BROWSING_TOPICS = "Observe-Browsing-Topics";
867
868  /**
869   * The HTTP <a
870   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
871   * Sec-Ad-Auction-Fetch}</a> header field name.
872   *
873   * @since 33.0.0
874   */
875  public static final String SEC_AD_AUCTION_FETCH = "Sec-Ad-Auction-Fetch";
876
877  /**
878   * The HTTP <a
879   * href="https://privacycg.github.io/gpc-spec/#the-sec-gpc-header-field-for-http-requests">{@code
880   * Sec-GPC}</a> header field name.
881   *
882   * @since 33.2.0
883   */
884  public static final String SEC_GPC = "Sec-GPC";
885
886  /**
887   * The HTTP <a
888   * href="https://wicg.github.io/turtledove/#handling-direct-from-seller-signals">{@code
889   * Ad-Auction-Signals}</a> header field name.
890   *
891   * @since 33.0.0
892   */
893  public static final String AD_AUCTION_SIGNALS = "Ad-Auction-Signals";
894
895  /**
896   * The HTTP <a href="https://wicg.github.io/turtledove/#http-headerdef-ad-auction-allowed">{@code
897   * Ad-Auction-Allowed}</a> header field name.
898   *
899   * @since 33.2.0
900   */
901  public static final String AD_AUCTION_ALLOWED = "Ad-Auction-Allowed";
902
903  /**
904   * The HTTP <a href="https://tools.ietf.org/html/rfc8586">{@code CDN-Loop}</a> header field name.
905   *
906   * @since 28.0
907   */
908  public static final String CDN_LOOP = "CDN-Loop";
909}