What's the rationale behind the HTTP Date header?
I have read RFC 2616, but still I wonder, what the Date field is for. There is the Last-Modified field, that actually has a meaning besides just serving metadata, that is, for caching ('If-Modified-Since').
But what use has it to开发者_JAVA技巧 double the info in a separate Date header?
Per the spec, it is used in age calculations. If you don't know what time the server thinks it is, you won't be able to calculate the "age" of a resource. Here's the relevant text from the spec:
Summary of age calculation algorithm, when a cache receives a response:
age_value
is the value of Age: header received by the cache with this response.
date_value
is the value of the origin server'sDate:
header
request_time
is the (local) time when the cache made the request that resulted in this cached response
response_time
is the (local) time when the cache received the response
now
is the current (local) timeapparent_age = max(0, response_time - date_value); corrected_received_age = max(apparent_age, age_value); response_delay = response_time - request_time; corrected_initial_age = corrected_received_age + response_delay; resident_time = now - response_time; current_age = corrected_initial_age + resident_time;
The Date
is needed only for a better work of Expires
header:
Date: Mon, 26 Mar 2012 12:53:02 GMT
Expires: Wed, 25 Apr 2012 12:53:02 GMT
A server or a client may have an incorrect time so client (browser) tries to calculate max age of the resource freshness.
That was one of the reasons why the Cache-Control
tag was introduced.
It uses seconds to expire instead of a fixed time.
I tested Chrome and Firefox and they are fine is response without Date header so it can be safely omitted unless you are still using obsolete Expires
header. If the Date
is missing it just assumed the same as client's time.
It's just insane that in spec the header is mandatory: the date formatting/parsing consumes CPU and network.
Please consider not to use the Date
Header as it is on the list of the "Forbidden header names".
The following description from the MDN web docs might help:
A forbidden header name is the name of any HTTP header that cannot be modified programmatically; specifically, an HTTP request header name (in contrast with a Forbidden response header name).
Modifying such headers is forbidden because the user agent retains full control over them. Names starting with Sec-
are reserved for creating new headers safe from APIs using Fetch that grant developers control over headers, such as XMLHttpRequest.
Forbidden header names start with Proxy- or Sec-, or are one of the following names:
- Accept-Charset
- List item
- Accept-Encoding
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Connection
- Content-Length
- Cookie
- Cookie2
- Date
- DNT
- Expect
- Host
- Keep-Alive
- Origin
- Proxy-
- Sec-
- Referer
- TE
- Trailer
- Transfer-Encoding
- Upgrade
- Via
精彩评论