Tuesday, August 9, 2016

Format of an HTTP Response

                                     Crimson Security Group
                                                             We yearn security.....

Format of an HTTP Response


Similar to an HTTP Request, an HTTP Response also has three main components, which are :

 a) Protocol/Version, Status Code, and its Description - 

The very first line of a valid HTTP Response is consists of the protocol name, it's version, status code of the request, and a short description of the status code. A status code of 200 means the processing of request was successful and the description in this case will be 'OK'. Similarly, a status code of '404' means the file requested was not found at the HTTP Server at the expected location and the description in this case is 'File Not Found'.

b) HTTP Response Headers

similar to HTTP Request Headers, HTTP Response Headers also contain useful information. The only difference is that HTTP Request Headers contain information about the environment of the client machine whereas HTTP Response Headers contain information about the environment of the server machine. This is easy to understand as HTTP Requests are formed at the client machine whereas HTTP Responses are formed at the server machine. Few of these HTTP Response headers are: Server, Content-Type, Last-Modified, Content-Length, etc.

c)HTTP Response Body

This the actual response which is rendered in the client window (the browser window). The content of the body will be HTML code. Similar to HTTP Request, in this case also the Body and the Headers components are separated by a mandatory blank line (CRLF sequence). 



 




HTTP status Codes :   


Reference Links :
 
https://httpstatuses.com/ 

https://www.smartlabsoftware.com/ref/http-status-codes.htm

https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html


HTTP Response Headers:

The response-header fields allow the server to pass additional information about the response which cannot be placed in the Status- Line. These header fields give information about the server and about further access to the resource identified by the Request-URI

1) Accept-Ranges - The Accept-Ranges response-header field allows the   
     server to indicate its acceptance of range requests for a resource.

2) Age - The Age response-header field conveys the sender's estimate of the
     amount of time since the response (or its revalidation) was generated at 
     the origin server. A cached response is "fresh" if its age does not exceed
     its freshness lifetime.

3) ETag - The ETag response-header field provides the current value of the
     entity tag for the requested variant. 

4) Proxy-Authenticate - The Proxy-Authenticate response-header field 
     MUST be included as part of a 407 (Proxy Authentication Required)
     response. The field value consists of a challenge that indicates the
     authentication scheme and parameters applicable to the proxy for this
     Request-URI.

5)  Server - The Server response-header field contains information about
      the software used by the origin server to handle the request 

6) WWW-Authenticate - The WWW-Authenticate response-header field MUST 
    be included in 401 (Unauthorized) response messages. The field value consists
    of at least one challenge that indicates the authentication scheme(s) and
   parameters applicable to the Request-URI. 

so many response headers are there, but we are not going to discuss here.When we involve in to learning vulnerabilities one by one I can add.Below you can find links for further studying....




Reference Link:

       https://www.whitehatsec.com/blog/list-of-http-response-headers/
      
       https://www.w3.org/Protocols/rfc2616/rfc2616.html














Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)