开发者

What's the rationale behind the HTTP Date header?

开发者 https://www.devze.com 2022-12-09 09:51 出处:网络
I have read RFC 2616, but still I wonder, what the Date field is for. There is the Last-Modified field, that actually has a meaning besides just serving metadata, that is, for caching (\'If-Modified-S

I have read RFC 2616, but still I wonder, what the Date field is for. There is the Last-Modified field, that actually has a meaning besides just serving metadata, that is, for caching ('If-Modified-Since').

But what use has it to开发者_JAVA技巧 double the info in a separate Date header?


Per the spec, it is used in age calculations. If you don't know what time the server thinks it is, you won't be able to calculate the "age" of a resource. Here's the relevant text from the spec:

Summary of age calculation algorithm, when a cache receives a response:

age_value
is the value of Age: header received by the cache with this response.

date_value
is the value of the origin server's Date: header

request_time
is the (local) time when the cache made the request that resulted in this cached response

response_time
is the (local) time when the cache received the response

now
is the current (local) time

apparent_age = max(0, response_time - date_value);
corrected_received_age = max(apparent_age, age_value);
response_delay = response_time - request_time;
corrected_initial_age = corrected_received_age + response_delay;
resident_time = now - response_time;
current_age   = corrected_initial_age + resident_time;


The Date is needed only for a better work of Expires header:

Date: Mon, 26 Mar 2012 12:53:02 GMT
Expires: Wed, 25 Apr 2012 12:53:02 GMT

A server or a client may have an incorrect time so client (browser) tries to calculate max age of the resource freshness. That was one of the reasons why the Cache-Control tag was introduced. It uses seconds to expire instead of a fixed time.

I tested Chrome and Firefox and they are fine is response without Date header so it can be safely omitted unless you are still using obsolete Expires header. If the Date is missing it just assumed the same as client's time. It's just insane that in spec the header is mandatory: the date formatting/parsing consumes CPU and network.


Please consider not to use the Date Header as it is on the list of the "Forbidden header names".

The following description from the MDN web docs might help:


A forbidden header name is the name of any HTTP header that cannot be modified programmatically; specifically, an HTTP request header name (in contrast with a Forbidden response header name).

Modifying such headers is forbidden because the user agent retains full control over them. Names starting with Sec- are reserved for creating new headers safe from APIs using Fetch that grant developers control over headers, such as XMLHttpRequest.

Forbidden header names start with Proxy- or Sec-, or are one of the following names:

  • Accept-Charset
  • List item
  • Accept-Encoding
  • Access-Control-Request-Headers
  • Access-Control-Request-Method
  • Connection
  • Content-Length
  • Cookie
  • Cookie2
  • Date
  • DNT
  • Expect
  • Host
  • Keep-Alive
  • Origin
  • Proxy-
  • Sec-
  • Referer
  • TE
  • Trailer
  • Transfer-Encoding
  • Upgrade
  • Via
0

精彩评论

暂无评论...
验证码 换一张
取 消