Web application security - the fast guide 1.1 | Page 29

Chapter 2 - Web Application technologies P a g e | 29
� � �
Cookie : An HTTP cookie previously sent by the server with Set-Cookie Accept : specify certain media types which are acceptable for the response Accept-language : restricts the set of natural languages that are preferred as a response to the request Accept-encoding : restricts the content-coding that are acceptable in the response
2.2.2 HTTP Response :
HTTP / 1.1 200 OK Date : Wed , 02 Sep 2015 15:29:57 GMT Server : Apache X-Powered-By : PHP / 5.4.40 Expires : Thu , 19 Nov 1981 08:52:00 GMT Cache-Control : no-store , no-cache , must-revalidate , post-check = 0 , pre-check = 0 Pragma : no-cache Content-Length : 2149 Content-Type : text / html Connection : close
� First line in HTTP Response contains the used version and the status code . In our example the version is 1.1 and the status code is ( 200 ) which refers to the fact that the requested resource was retrieved successfully , lot of other choices are available the most common are ( 404 ) for not found and ( 403 ) for forbidden . The main notation depends on the most left number : ( 1 ) Is to provide information . ( 2 ) When the request is successful ( 3 ) This is the redirection code which means that the request will be redirected . ( 4 ) When an error occurs . The status code is followed by description of status code in our example case it is ( OK ). � Date header specifies the date of response . � Server header specifies the name of web server software that answer the request in our example it is Apache server � X-Powered-By : it is nonstandard header specifies the technology used to create the response . � Pragma : specifies wither to put the response in the cache or not � Expires : specifies when the cached content should expire , as you see in that header the value is in the past which refers to the fact that the response content will not be cached .