HTTP resources and specifications

HTTP was first specified in the early 1990s. Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.

Specification Title Status
RFC 7230 Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing Proposed Standard
RFC 7231 Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content Proposed Standard
RFC 7232 Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests Proposed Standard
RFC 7233 Hypertext Transfer Protocol (HTTP/1.1): Range Requests Proposed Standard
RFC 7234 Hypertext Transfer Protocol (HTTP/1.1): Caching Proposed Standard
RFC 5861 HTTP Cache-Control Extensions for Stale Content Informational
RFC 8246 HTTP Immutable Responses Proposed Standard
RFC 7235 Hypertext Transfer Protocol (HTTP/1.1): Authentication Proposed Standard
RFC 6265 HTTP State Management Mechanism Defines Cookies Proposed Standard
Draft spec Cookie Prefixes IETF Draft
Draft spec Same-Site Cookies IETF Draft
Draft spec Deprecate modification of 'secure' cookies from non-secure origins IETF Draft
RFC 2145 Use and Interpretation of HTTP Version Numbers Informational
RFC 6585 Additional HTTP Status Codes Proposed Standard
RFC 7538 The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect) Proposed Standard
RFC 7725 An HTTP Status Code to Report Legal Obstacles On the standard track
RFC 2397 The "data" URL scheme Proposed Standard
RFC 3986 Uniform Resource Identifier (URI): Generic Syntax Internet Standard
RFC 5988 Web Linking Defines the Link header Proposed Standard
Experimental spec Hypertext Transfer Protocol (HTTP) Keep-Alive Header Informational (Expired)
Draft spec HTTP Client Hints IETF Draft
RFC 7578 Returning Values from Forms: multipart/form-data Proposed Standard
RFC 6266 Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) Proposed Standard
RFC 2183 Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field Only a subset of syntax of the Content-Disposition header can be used in the context of HTTP messages. Proposed Standard
RFC 7239 Forwarded HTTP Extension Proposed Standard
RFC 6455 The WebSocket Protocol Proposed Standard
RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2 This specification has been modified by subsequent RFCs, but these modifications have no effect on the HTTP protocol. Proposed Standard
RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 Supersedes TLS 1.2. Proposed Standard
RFC 2817 Upgrading to TLS Within HTTP/1.1 Proposed Standard
RFC 7540 Hypertext Transfer Protocol Version 2 (HTTP/2) Proposed Standard
RFC 7541 HPACK: Header Compression for HTTP/2 On the standard track
RFC 7838 HTTP Alternative Services On the standard track
RFC 7301 Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension Used to negotiate HTTP/2 at the transport to save an extra request/response round trip. Proposed Standard
RFC 6454 The Web Origin Concept Proposed Standard
The definition of 'CORS' in that specification.
Cross-Origin Resource Sharing Living Standard
RFC 7034 HTTP Header Field X-Frame-Options Informational
RFC 6797 HTTP Strict Transport Security (HSTS) Proposed Standard
Upgrade Insecure Requests Upgrade Insecure Requests Candidate Recommendation
Content Security Policy 1.0 Content Security Policy 1.0 CSP 1.1 and CSP 3.0 doesn't extend the HTTP standard Obsolete
Microsoft document Specifying legacy document modes* Defines X-UA-Compatible Note
RFC 5689 HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) These extensions of the Web, as well as CardDAV and CalDAV, are out-of-scope for HTTP on the Web. Modern APIs for application are defines using the RESTful pattern nowadays. Proposed Standard
RFC 2324 Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) April 1st joke spec
RFC 7168 The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA) April 1st joke spec
HTML Living Standard HTML Defines extensions of HTTP for Server-Sent Events Living Standard
Reporting API Report-To header Draft
Draft spec Expect-CT Extension for HTTP IETF Draft