34

What is the mandatory information a HTTP Request Header must contain ?

stevek-pro
  • 474
  • 1
  • 4
  • 7

2 Answers2

46

GET / HTTP/1.0 is a legal HTTP request.

If there's no Host header field, you may not get the results you were hoping for if the destination server is a virtual host that doesn't have its own IP address to distinguish itself from other virtual hosts.

HTTP 1.1 requires the Host field.

Alois Mahdal
  • 263
  • 1
  • 4
  • 17
gbroiles
  • 1,344
  • 8
  • 8
  • 1
    I did a bit research myself and you are right @gbroiles. For Name Based Virtual Hosting a Browser with HTTP 1.1 is required in general. The browsers sends the hostname in the host header and the Web server serves name based virtual hosts if configured. With older browsers and HTTP 1.0 that is somewhat possible, but you need a workaround like apache's ServerPath Directive. Luckily newer browsers implement extensions when using HTTP 1.0 to ensure sending the host header field. http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html – stevek-pro Jul 28 '10 at 22:54
  • 1
    Are there still browsers that actually do HTTP 1.0? – Pacerier Mar 09 '13 at 04:44
  • Lots of user agents use HTTP 1.0. People using web browsers will use HTTP 1.1 or 2.0 where possible but they may access via a proxy that only supports HTTP 1.0. Crawlers or bots may use HTTP 1.0. Simple clients like `wget` use HTTP 1.0. Note that there is no effort server-side required to support HTTP 1.0 clients, because a HTTP 1.1 compliant server will support HTTP 1.0 clients (HTTP 1.1 is built to be a progressive enhancement on top of HTTP 1.0; non-compatible features such as chunked encoding and keep-alive default to off for HTTP 1.0 requests). – thomasrutter Apr 04 '18 at 02:16
1

None of the HTTP Headers are required in an HTTP/1.0 Request. There are no required Response headers either.

All that and more in HTTP 1.1 - RFC 2616

Community
  • 1
Chris S
  • 77,337
  • 11
  • 120
  • 212
  • 19
    You're mistaken. According to the RFC you linked here: "A client MUST include a Host header field in all HTTP/1.1 request messages". So the `Host` header _is_ mandatory. – user219882 Nov 27 '12 at 11:27
  • 3
    Correct, but there's no requirement that a client use HTTP/1.1 in the first place. – Chris S Nov 27 '12 at 14:45
  • 1
    Content-Length or Transfer-Encoding is mandatory (either of them must be present) – Deathspike Jun 16 '13 at 15:57
  • 2
    Content-Length or Transfer-Encoding are only mandatory if an entity is delivered with the request or response, and in many cases a request or response will lack an entity (like a GET request, or a 302 response). – Brandon Rhodes Sep 19 '14 at 22:44
  • 6
    I cant downvote but this answer is wrong. Please fix or remove. – vikingsteve Nov 09 '16 at 09:26
  • 4
    I agree with vikingsteve. Your answer implies that HTTP 1.1 does not have any required headers. – nullstellensatz Jan 02 '17 at 22:15
  • this is very misleading.. please correct or remove.. – java_doctor_101 Jul 01 '19 at 20:12
  • If you reference the HTTP 1.1 protocol, It's on you to abide by those requirements in your post. To expand on that, the statement "no requirement that a client use HTTP/1.1" is irrelevant to your answer - because your answer is heavily tied to the reference *you* make. This is why this post is misleading and wrong and I'm a bit surprised this hasn't been amended in 10 years. – Torxed Sep 29 '20 at 07:38