How many headers are allowed in HTTP protocol?











up vote
0
down vote

favorite












I would like to know how many headers are allowed in HTTP protocol. Is there any limit on this?



Is this limit different for Request and Response?



Gone through HTTP RFC, but no luck. Could you please provide me any official document or link about this.










share|improve this question


























    up vote
    0
    down vote

    favorite












    I would like to know how many headers are allowed in HTTP protocol. Is there any limit on this?



    Is this limit different for Request and Response?



    Gone through HTTP RFC, but no luck. Could you please provide me any official document or link about this.










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I would like to know how many headers are allowed in HTTP protocol. Is there any limit on this?



      Is this limit different for Request and Response?



      Gone through HTTP RFC, but no luck. Could you please provide me any official document or link about this.










      share|improve this question













      I would like to know how many headers are allowed in HTTP protocol. Is there any limit on this?



      Is this limit different for Request and Response?



      Gone through HTTP RFC, but no luck. Could you please provide me any official document or link about this.







      http networking






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 19 at 9:18









      bhanu7k

      535




      535
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote



          accepted










          HTTP/1.1 does not define such a limit. See RFC 7230, Section 3.2.5 (https://greenbytes.de/tech/webdav/rfc7230.html#field.limits):




          3.2.5. Field Limits



          HTTP does not place a predefined limit on the length of each header
          field or on the length of the header section as a whole, as described
          in Section 2.5. Various ad hoc limitations on individual header field
          length are found in practice, often depending on the specific field
          semantics.



          A server that receives a request header field, or set of fields,
          larger than it wishes to process MUST respond with an appropriate 4xx
          (Client Error) status code. Ignoring such header fields would increase
          the server's vulnerability to request smuggling attacks (Section 9.5).



          A client MAY discard or truncate received header fields that are
          larger than the client wishes to process if the field semantics are
          such that the dropped value(s) can be safely ignored without changing
          the message framing or response semantics.







          share|improve this answer




























            up vote
            0
            down vote













            HTTP does not define any limit. But beware that web servers may define the max size of headers they receive.



            "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]." Source: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html






            share|improve this answer

















            • 1




              How is this quote relevant? (apart from being from an obsolete spec)
              – Julian Reschke
              Nov 19 at 10:08











            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53371496%2fhow-many-headers-are-allowed-in-http-protocol%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote



            accepted










            HTTP/1.1 does not define such a limit. See RFC 7230, Section 3.2.5 (https://greenbytes.de/tech/webdav/rfc7230.html#field.limits):




            3.2.5. Field Limits



            HTTP does not place a predefined limit on the length of each header
            field or on the length of the header section as a whole, as described
            in Section 2.5. Various ad hoc limitations on individual header field
            length are found in practice, often depending on the specific field
            semantics.



            A server that receives a request header field, or set of fields,
            larger than it wishes to process MUST respond with an appropriate 4xx
            (Client Error) status code. Ignoring such header fields would increase
            the server's vulnerability to request smuggling attacks (Section 9.5).



            A client MAY discard or truncate received header fields that are
            larger than the client wishes to process if the field semantics are
            such that the dropped value(s) can be safely ignored without changing
            the message framing or response semantics.







            share|improve this answer

























              up vote
              2
              down vote



              accepted










              HTTP/1.1 does not define such a limit. See RFC 7230, Section 3.2.5 (https://greenbytes.de/tech/webdav/rfc7230.html#field.limits):




              3.2.5. Field Limits



              HTTP does not place a predefined limit on the length of each header
              field or on the length of the header section as a whole, as described
              in Section 2.5. Various ad hoc limitations on individual header field
              length are found in practice, often depending on the specific field
              semantics.



              A server that receives a request header field, or set of fields,
              larger than it wishes to process MUST respond with an appropriate 4xx
              (Client Error) status code. Ignoring such header fields would increase
              the server's vulnerability to request smuggling attacks (Section 9.5).



              A client MAY discard or truncate received header fields that are
              larger than the client wishes to process if the field semantics are
              such that the dropped value(s) can be safely ignored without changing
              the message framing or response semantics.







              share|improve this answer























                up vote
                2
                down vote



                accepted







                up vote
                2
                down vote



                accepted






                HTTP/1.1 does not define such a limit. See RFC 7230, Section 3.2.5 (https://greenbytes.de/tech/webdav/rfc7230.html#field.limits):




                3.2.5. Field Limits



                HTTP does not place a predefined limit on the length of each header
                field or on the length of the header section as a whole, as described
                in Section 2.5. Various ad hoc limitations on individual header field
                length are found in practice, often depending on the specific field
                semantics.



                A server that receives a request header field, or set of fields,
                larger than it wishes to process MUST respond with an appropriate 4xx
                (Client Error) status code. Ignoring such header fields would increase
                the server's vulnerability to request smuggling attacks (Section 9.5).



                A client MAY discard or truncate received header fields that are
                larger than the client wishes to process if the field semantics are
                such that the dropped value(s) can be safely ignored without changing
                the message framing or response semantics.







                share|improve this answer












                HTTP/1.1 does not define such a limit. See RFC 7230, Section 3.2.5 (https://greenbytes.de/tech/webdav/rfc7230.html#field.limits):




                3.2.5. Field Limits



                HTTP does not place a predefined limit on the length of each header
                field or on the length of the header section as a whole, as described
                in Section 2.5. Various ad hoc limitations on individual header field
                length are found in practice, often depending on the specific field
                semantics.



                A server that receives a request header field, or set of fields,
                larger than it wishes to process MUST respond with an appropriate 4xx
                (Client Error) status code. Ignoring such header fields would increase
                the server's vulnerability to request smuggling attacks (Section 9.5).



                A client MAY discard or truncate received header fields that are
                larger than the client wishes to process if the field semantics are
                such that the dropped value(s) can be safely ignored without changing
                the message framing or response semantics.








                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 19 at 10:12









                Julian Reschke

                26.9k45965




                26.9k45965
























                    up vote
                    0
                    down vote













                    HTTP does not define any limit. But beware that web servers may define the max size of headers they receive.



                    "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]." Source: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html






                    share|improve this answer

















                    • 1




                      How is this quote relevant? (apart from being from an obsolete spec)
                      – Julian Reschke
                      Nov 19 at 10:08















                    up vote
                    0
                    down vote













                    HTTP does not define any limit. But beware that web servers may define the max size of headers they receive.



                    "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]." Source: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html






                    share|improve this answer

















                    • 1




                      How is this quote relevant? (apart from being from an obsolete spec)
                      – Julian Reschke
                      Nov 19 at 10:08













                    up vote
                    0
                    down vote










                    up vote
                    0
                    down vote









                    HTTP does not define any limit. But beware that web servers may define the max size of headers they receive.



                    "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]." Source: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html






                    share|improve this answer












                    HTTP does not define any limit. But beware that web servers may define the max size of headers they receive.



                    "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]." Source: https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Nov 19 at 9:25









                    Ahmad Hijazi

                    838




                    838








                    • 1




                      How is this quote relevant? (apart from being from an obsolete spec)
                      – Julian Reschke
                      Nov 19 at 10:08














                    • 1




                      How is this quote relevant? (apart from being from an obsolete spec)
                      – Julian Reschke
                      Nov 19 at 10:08








                    1




                    1




                    How is this quote relevant? (apart from being from an obsolete spec)
                    – Julian Reschke
                    Nov 19 at 10:08




                    How is this quote relevant? (apart from being from an obsolete spec)
                    – Julian Reschke
                    Nov 19 at 10:08


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53371496%2fhow-many-headers-are-allowed-in-http-protocol%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                    Alcedinidae

                    Origin of the phrase “under your belt”?