HTTP Response Headers
HTTP request headers provide information about the request, response, or other entities being sent.
In this section, we will specifically introduce HTTP response headers.
| Response Header | Description |
|---|---|
| Allow | Which request methods the server supports (e.g., GET, POST). |
| Content-Encoding | The encoding method of the document. The content type specified by Content-Type header can only be obtained after decoding. Using gzip compression can significantly reduce the download time of HTML documents. Java's GZIPOutputStream can easily perform gzip compression, but it is only supported by Netscape on Unix and IE 4, IE 5 on Windows. Therefore, the Servlet should check if the browser supports gzip by looking at the Accept-Encoding header (i.e., request.getHeader("Accept-Encoding")). It should return a gzip-compressed HTML page for browsers that support gzip and a regular page for others. |
| Content-Length | Indicates the content length. This data is only required when the browser uses persistent HTTP connections. If you want to take advantage of persistent connections, you can write the output document into a ByteArrayOutputStream, check its size, then put that value into the Content-Length header, and finally send the content via byteArrayStream.writeTo(response.getOutputStream()). |
| Content-Type | Indicates the MIME type of the document. The Servlet defaults to text/plain, but it usually needs to be explicitly set to text/html. Since Content-Type is often set, HttpServletResponse provides a dedicated method setContentType. |
| Date | The current GMT time. You can use setDateHeader to set this header to avoid the hassle of converting time formats. |
| Expires | When should the document be considered expired and no longer cached? |
| Last-Modified | The last modification time of the document. The client can provide a date via the If-Modified-Since request header, and the request will be treated as a conditional GET. Only documents modified after the specified time will be returned; otherwise, a 304 (Not Modified) status will be returned. Last-Modified can also be set using the setDateHeader method. |
| Location | Indicates where the client should go to retrieve the document. Location is usually not set directly but through the sendRedirect method of HttpServletResponse, which also sets the status code to 302. |
| Refresh | Indicates how many seconds after the browser should refresh the document. Besides refreshing the current document, you can also make the browser read a specified page by setHeader("Refresh", "5; URL=http://host/path"). Note that this functionality is usually implemented by setting the HTML page HEAD area with <META HTTP-EQUIV="Refresh" CONTENT="5;URL=http://host/path">, as automatic refresh or redirection is crucial for those who cannot use CGI or Servlet. However, for Servlets, setting the Refresh header directly is more convenient. Note that the meaning of Refresh is "refresh this page or visit the specified page after N seconds," not "refresh this page or visit the specified page every N seconds." Therefore, continuous refreshing requires sending a Refresh header each time, while sending a 204 status code can prevent the browser from continuing to refresh, whether using the Refresh header or <META HTTP-EQUIV="Refresh" ...>. Note that the Refresh header is not part of the official HTTP 1.1 specification but an extension, yet both Netscape and IE support it. |
| Server | The name of the server. Servlets generally do not set this value, but it is set by the Web server itself. |
| Set-Cookie | Sets the Cookie associated with the page. Servlets should not use response.setHeader("Set-Cookie", ...), but should use the dedicated method addCookie provided by HttpServletResponse. See the discussion below about Cookie setting. |
| WWW-Authenticate | What type of authorization information should the client provide in the Authorization header? This header is required in the response containing the 401 (Unauthorized) status line. For example, response.setHeader("WWW-Authenticate", "BASIC realm=\"executives\""). Note that Servlets generally do not handle this aspect, but rather leave it to the specialized mechanisms of the web server to control access to password-protected pages (e.g., .htaccess). |