HTTP resources and specifications
{{HTTPSidebar}}
HTTP was first specified in the early 1990s. Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.
| Specification | Title | Status |
|---|---|---|
{{rfc(9110)}} |
HTTP Semantics | Internet Standard |
{{rfc(9111)}} |
HTTP Caching | Internet Standard |
{{rfc(9112)}} |
HTTP/1.1 | Internet Standard |
{{rfc(9113)}} |
HTTP/2 | Proposed Standard |
{{rfc(9114)}} |
HTTP/3 | Proposed Standard |
{{rfc(5861)}} |
HTTP Cache-Control Extensions for Stale Content | Informational |
{{rfc(8246)}} |
HTTP Immutable Responses | Proposed Standard |
{{rfc(6265)}} |
HTTP State Management Mechanism Defines Cookies | Proposed Standard |
| Draft spec | Cookie Prefixes | IETF Draft |
| Draft spec | Same-Site Cookies | IETF Draft |
| Draft spec | Deprecate modification of ‘secure’ cookies from non-secure origins | IETF Draft |
{{rfc(2145)}} |
Use and Interpretation of HTTP Version Numbers | Informational |
{{rfc(6585)}} |
Additional HTTP Status Codes | Proposed Standard |
{{rfc(7725)}} |
An HTTP Status Code to Report Legal Obstacles | On the standard track |
{{rfc(2397)}} |
The “data” URL scheme | Proposed Standard |
{{rfc(3986)}} |
Uniform Resource Identifier (URI): Generic Syntax | Internet Standard |
{{rfc(5988)}} |
Web Linking Defines the {{HTTPHeader("Link")}} header |
Proposed Standard |
| Draft spec | HTTP Client Hints | IETF Draft |
{{rfc(7578)}} |
Returning Values from Forms: multipart/form-data | Proposed Standard |
{{rfc(6266)}} |
Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) | Proposed Standard |
{{rfc(2183)}} |
Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field Only a subset of syntax of the {{HTTPHeader("Content-Disposition")}} header can be used in the context of HTTP messages. |
Proposed Standard |
{{rfc(7239)}} |
Forwarded HTTP Extension | Proposed Standard |
{{rfc(6455)}} |
The WebSocket Protocol | Proposed Standard |
{{rfc(5246)}} |
The Transport Layer Security (TLS) Protocol Version 1.2 This specification has been modified by subsequent RFCs, but these modifications have no effect on the HTTP protocol. | Proposed Standard |
{{rfc(8446)}} |
The Transport Layer Security (TLS) Protocol Version 1.3 Supersedes TLS 1.2. | Proposed Standard |
{{rfc(2817)}} |
Upgrading to TLS Within HTTP/1.1 | Proposed Standard |
{{rfc(7541)}} |
HPACK: Header Compression for HTTP/2 | On the standard track |
{{rfc(7838)}} |
HTTP Alternative Services | On the standard track |
{{rfc(7301)}} |
Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension Used to negotiate HTTP/2 at the transport to save an extra request/response round trip. | Proposed Standard |
{{rfc(6454)}} |
The Web Origin Concept | Proposed Standard |
| Fetch | Cross-Origin Resource Sharing | Living Standard |
{{rfc(7034)}} |
HTTP Header Field X-Frame-Options | Informational |
{{rfc(6797)}} |
HTTP Strict Transport Security (HSTS) | Proposed Standard |
| Upgrade Insecure Requests | Upgrade Insecure Requests | Candidate Recommendation |
| Content Security Policy 1.0 | Content Security Policy 1.0 CSP 1.1 and CSP 3.0 doesn’t extend the HTTP standard | Obsolete |
| Microsoft document | Specifying legacy document modes* Defines X-UA-Compatible | Note |
{{rfc(5689)}} |
HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) These extensions of the Web, as well as CardDAV and CalDAV, are out-of-scope for HTTP on the Web. Modern APIs for application are defines using the RESTful pattern nowadays. | Proposed Standard |
{{rfc(2324)}} |
Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) | April 1st joke spec |
{{rfc(7168)}} |
The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA) | April 1st joke spec |
| HTML Living Standard | HTML Defines extensions of HTTP for Server-Sent Events | Living Standard |
| Reporting API | Report-To header |
Draft |
| Draft spec | Expect-CT Extension for HTTP | IETF Draft |
{{rfc(7486)}} |
HTTP Origin-Bound Auth (HOBA) | Experimental |
See also
- Evolution of HTTP
- Glossary terms:
{{glossary('HTTP')}}{{glossary('HTTP_2', 'HTTP/2')}}{{glossary('QUIC')}}{{glossary('TCP', 'Transmission Control Protocol (TCP)')}}