Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

9
  • 2
    Thanks for the answer! But I don't think the "Server"-header is important. It's also a little security protection to avoid this header-entry. Attackers haven't "any" informations like "OS/Webserver/-version". Commented Feb 3, 2011 at 15:31
  • BTW: the default value of the "Connection"-response entry is the value from the requested header-entry "Connection: close/keep-alive"? Commented Feb 3, 2011 at 15:36
  • 1
    Server isn't strictly required, but some clients seem to want it, IIRC. Definitely do cut it down to the bare minimum. WRT Connection: no, it's what the server intends to do with the connection; it chooses which to send. Commented Feb 7, 2011 at 6:40
  • 27
    Strictly speaking, none of them is required; if you look through RFC2616 (and httpbis docs) you'll see that Date can be omitted if the origin server doesn't have a clock; content-type can be omitted (defaults to application/octet-stream) and server is encouraged but not required with a MUST. This is at least partially because we need to be somewhat backwards-compatible with HTTP/0.9, which didn't have headers at all. however, for a response to be useful, it does need some. Commented Apr 26, 2013 at 0:27
  • 5
    @algal When it comes from one of the spec writers I think it's okay. Commented Aug 30, 2014 at 21:09