Reputation: 67037
Which HTTP headers can be combined in a list?
RFC 7230 says (3.2.2 Field Order, markup by me):
A sender MUST NOT generate multiple header fields with the same field name in a message unless either the entire field value for that header field is defined as a comma-separated list [i.e., #(values)] or the header field is a well-known exception (as noted below).
Back in RFC2616, all the headers were contained in a single specification and one could browse through that spec for header definitions that have lists as values.
Nowadays, we have RFC7230 and friends, each specifying its own set of headers.
Is there an (authorative) list somewhere that holds the header names with list values? Or do I need to grep all related RFCs for 1#?
Upvotes: 1
Views: 916
Answers (2)
Reputation:
Of the standard HTTP request headers, these can have multiple values separated by a comma ,:
A-IM
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Access-Control-Request-Headers
Cache-Control
Connection
Content-Encoding
Expect
Forwarded
If-Match
If-None-Match
Range
TE
Trailer
Transfer-Encoding
Upgrade
Via
Warning
these can have them separated by a semicolon ;:
Content-Type
Cookie
Prefer
and these shouldn't have multiple values (or can but with some other syntax, for example the User-Agent header can pretty much be arbitrary text):
Accept-Datetime
Access-Control-Request-Method
Authorization
Content-Length
Content-MD5
Date
From
Host
HTTP2-Settings
If-Modified-Since
If-Range
If-Unmodified-Since
Max-Forwards
Origin
Pragma
Proxy-Authorization
Referer
User-Agent
This doesn't include response headers, and any non-standard HTTP request headers. I made these lists by quickly glancing at the RFC listed in that table on Wikipedia for each header, I could've misclassified a few.
Upvotes: 1
Reputation: 99495
The only known exception is Set-Cookie. Many HTTP frameworks that encapsulate HTTP headers tend to treat all headers the exact same way, but have a specific exception for Set-Cookie. No other headers have this problem, and no standard new headers would be introduced with this problem.
Pick a random HTTP framework for any language, and chances are that there there's some special handling for just Set-Cookie.
It's possible that other non-standard headers have this issue.
Upvotes: 0
Related Questions
- What HTTP response headers are required
- Custom HTTP headers : naming conventions
- Possible types of a HTTP header value
- Standard for adding multiple values of a single HTTP Header to a request or response
- Naming convention behind HTTP headers
- How many headers are allowed in HTTP protocol?
- Where can I find a List of Standard HTTP Header Values?
- Where can I see a list of all necessary headers for HTTP requests
- What are the required HTTP headers fields
- Analysis of HTTP header