What is the purpose of "X" at the beginning of some header names?

Asked

Viewed 96 times

6

There are specific HTTP headers that have the purpose of passing some information. As for example the Content-Type that informs the mime of the content you want to receive or send. We also have the Content-Length which determines the size in bytes of a response.

But I have noticed some headers, which have some common characteristics, such as: X-Csrf-Token, X-Frame-Options, X-XSS-Protection or X-UA-Compatible.

They all have the purpose of informing something, obviously, like everyone else.

But I’m curious to know why they all need to start with the letter "X".

  • Does it have any meaning when the header starts with "X"? And if so, what is it?

  • Would it be to create something custom? For example: If I wanted to invent a header to inform the version of the application, I could create something like X-App-Version?

http http-headers
  • 1

    http://stackoverflow.com/questions/3561381/custom-http-headers-naming-conventions

1 answer

6

The use of "X" is a convention of custom protocol developers.

(Practice already discouraged by RFC 6648)

I never found an official version of the use of "X", but the most widespread version is that it is an extra X, an "extra header".

These Header are exactly to send some custom information in Header, such as an Access Token.

Browser other questions tagged http http-headers

You are not signed in. Login or sign up in order to post.