Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 1 of 9
`Case 5:18-md-02834—BLF Document 521-3 Filed 09/06/19 Page 1 of 9
`
`
`
`EXHIBIT 2
`
`
`EXHIBIT 2
`
`
`
`
`Case 5:18-md-02834—BLF Document 521-3 Filed 09/06/19 Page 1 of 9
`
`
`
`EXHIBIT 2
`
`
`EXHIBIT 2
`
`
`
`
`
`Page 1 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 2 of 9
`
`Network Working Group R. Fielding
`Request for Comments: 2616 UC Irvine
`Obsoletes: 2068 J. Gettys
`Category: Standards Track Compaq/W3C
` J. Mogul
` Compaq
` H. Frystyk
` W3C/MIT
` L. Masinter
` Xerox
` P. Leach
` Microsoft
` T. Berners-Lee
` W3C/MIT
` June 1999
`
` Hypertext Transfer Protocol -- HTTP/1.1
`Status of this Memo
` This document specifies an Internet standards track protocol for the
` Internet community, and requests discussion and suggestions for
` improvements. Please refer to the current edition of the "Internet
` Official Protocol Standards" (STD 1) for the standardization state
` and status of this protocol. Distribution of this memo is unlimited.
`Copyright Notice
` Copyright (C) The Internet Society (1999). All Rights Reserved.
`Abstract
` The Hypertext Transfer Protocol (HTTP) is an application-level
` protocol for distributed, collaborative, hypermedia information
` systems. It is a generic, stateless, protocol which can be used for
` many tasks beyond its use for hypertext, such as name servers and
` distributed object management systems, through extension of its
` request methods, error codes and headers [47]. A feature of HTTP is
` the typing and negotiation of data representation, allowing systems
` to be built independently of the data being transferred.
` HTTP has been in use by the World-Wide Web global information
` initiative since 1990. This specification defines the protocol
` referred to as "HTTP/1.1", and is an update to RFC 2068 [33].
`
`Fielding, et al. Standards Track [Page 1]
`RFC 2616 HTTP/1.1 June 1999
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 2 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 3 of 9
`
`Table of Contents
` 1 Introduction ...................................................7
` 1.1 Purpose......................................................7
` 1.2 Requirements .................................................8
` 1.3 Terminology ..................................................8
` 1.4 Overall Operation ...........................................12
` 2 Notational Conventions and Generic Grammar ....................14
` 2.1 Augmented BNF ...............................................14
` 2.2 Basic Rules .................................................15
` 3 Protocol Parameters ...........................................17
` 3.1 HTTP Version ................................................17
` 3.2 Uniform Resource Identifiers ................................18
` 3.2.1 General Syntax ...........................................19
` 3.2.2 http URL .................................................19
` 3.2.3 URI Comparison ...........................................20
` 3.3 Date/Time Formats ...........................................20
` 3.3.1 Full Date ................................................20
` 3.3.2 Delta Seconds ............................................21
` 3.4 Character Sets ..............................................21
` 3.4.1 Missing Charset ..........................................22
` 3.5 Content Codings .............................................23
` 3.6 Transfer Codings ............................................24
` 3.6.1 Chunked Transfer Coding ..................................25
` 3.7 Media Types .................................................26
` 3.7.1 Canonicalization and Text Defaults .......................27
` 3.7.2 Multipart Types ..........................................27
` 3.8 Product Tokens ..............................................28
` 3.9 Quality Values ..............................................29
` 3.10 Language Tags ...............................................29
` 3.11 Entity Tags .................................................30
` 3.12 Range Units .................................................30
` 4 HTTP Message ..................................................31
` 4.1 Message Types ...............................................31
` 4.2 Message Headers .............................................31
` 4.3 Message Body ................................................32
` 4.4 Message Length ..............................................33
` 4.5 General Header Fields .......................................34
` 5 Request .......................................................35
` 5.1 Request-Line ................................................35
` 5.1.1 Method ...................................................36
` 5.1.2 Request-URI ..............................................36
` 5.2 The Resource Identified by a Request ........................38
` 5.3 Request Header Fields .......................................38
` 6 Response ......................................................39
` 6.1 Status-Line .................................................39
` 6.1.1 Status Code and Reason Phrase ............................39
` 6.2 Response Header Fields ......................................41
`
`Fielding, et al. Standards Track [Page 2]
`RFC 2616 HTTP/1.1 June 1999
`
` 7 Entity ........................................................42
` 7.1 Entity Header Fields ........................................42
` 7.2 Entity Body .................................................43
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 3 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 4 of 9
`
` 7.2.1 Type .....................................................43
` 7.2.2 Entity Length ............................................43
` 8 Connections ...................................................44
` 8.1 Persistent Connections ......................................44
` 8.1.1 Purpose ..................................................44
` 8.1.2 Overall Operation ........................................45
` 8.1.3 Proxy Servers ............................................46
` 8.1.4 Practical Considerations .................................46
` 8.2 Message Transmission Requirements ...........................47
` 8.2.1 Persistent Connections and Flow Control ..................47
` 8.2.2 Monitoring Connections for Error Status Messages .........48
` 8.2.3 Use of the 100 (Continue) Status .........................48
` 8.2.4 Client Behavior if Server Prematurely Closes Connection ..50
` 9 Method Definitions ............................................51
` 9.1 Safe and Idempotent Methods .................................51
` 9.1.1 Safe Methods .............................................51
` 9.1.2 Idempotent Methods .......................................51
` 9.2 OPTIONS .....................................................52
` 9.3 GET .........................................................53
` 9.4 HEAD ........................................................54
` 9.5 POST ........................................................54
` 9.6 PUT .........................................................55
` 9.7 DELETE ......................................................56
` 9.8 TRACE .......................................................56
` 9.9 CONNECT .....................................................57
` 10 Status Code Definitions ......................................57
` 10.1 Informational 1xx ...........................................57
` 10.1.1 100 Continue .............................................58
` 10.1.2 101 Switching Protocols ..................................58
` 10.2 Successful 2xx ..............................................58
` 10.2.1 200 OK ...................................................58
` 10.2.2 201 Created ..............................................59
` 10.2.3 202 Accepted .............................................59
` 10.2.4 203 Non-Authoritative Information ........................59
` 10.2.5 204 No Content ...........................................60
` 10.2.6 205 Reset Content ........................................60
` 10.2.7 206 Partial Content ......................................60
` 10.3 Redirection 3xx .............................................61
` 10.3.1 300 Multiple Choices .....................................61
` 10.3.2 301 Moved Permanently ....................................62
` 10.3.3 302 Found ................................................62
` 10.3.4 303 See Other ............................................63
` 10.3.5 304 Not Modified .........................................63
` 10.3.6 305 Use Proxy ............................................64
` 10.3.7 306 (Unused) .............................................64
`
`Fielding, et al. Standards Track [Page 3]
`RFC 2616 HTTP/1.1 June 1999
`
` 10.3.8 307 Temporary Redirect ...................................65
` 10.4 Client Error 4xx ............................................65
` 10.4.1 400 Bad Request .........................................65
` 10.4.2 401 Unauthorized ........................................66
` 10.4.3 402 Payment Required ....................................66
` 10.4.4 403 Forbidden ...........................................66
` 10.4.5 404 Not Found ...........................................66
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 4 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 5 of 9
`
` 10.4.6 405 Method Not Allowed ..................................66
` 10.4.7 406 Not Acceptable ......................................67
` 10.4.8 407 Proxy Authentication Required .......................67
` 10.4.9 408 Request Timeout .....................................67
` 10.4.10 409 Conflict ............................................67
` 10.4.11 410 Gone ................................................68
` 10.4.12 411 Length Required .....................................68
` 10.4.13 412 Precondition Failed .................................68
` 10.4.14 413 Request Entity Too Large ............................69
` 10.4.15 414 Request-URI Too Long ................................69
` 10.4.16 415 Unsupported Media Type ..............................69
` 10.4.17 416 Requested Range Not Satisfiable .....................69
` 10.4.18 417 Expectation Failed ..................................70
` 10.5 Server Error 5xx ............................................70
` 10.5.1 500 Internal Server Error ................................70
` 10.5.2 501 Not Implemented ......................................70
` 10.5.3 502 Bad Gateway ..........................................70
` 10.5.4 503 Service Unavailable ..................................70
` 10.5.5 504 Gateway Timeout ......................................71
` 10.5.6 505 HTTP Version Not Supported ...........................71
` 11 Access Authentication ........................................71
` 12 Content Negotiation ..........................................71
` 12.1 Server-driven Negotiation ...................................72
` 12.2 Agent-driven Negotiation ....................................73
` 12.3 Transparent Negotiation .....................................74
` 13 Caching in HTTP ..............................................74
` 13.1.1 Cache Correctness ........................................75
` 13.1.2 Warnings .................................................76
` 13.1.3 Cache-control Mechanisms .................................77
` 13.1.4 Explicit User Agent Warnings .............................78
` 13.1.5 Exceptions to the Rules and Warnings .....................78
` 13.1.6 Client-controlled Behavior ...............................79
` 13.2 Expiration Model ............................................79
` 13.2.1 Server-Specified Expiration ..............................79
` 13.2.2 Heuristic Expiration .....................................80
` 13.2.3 Age Calculations .........................................80
` 13.2.4 Expiration Calculations ..................................83
` 13.2.5 Disambiguating Expiration Values .........................84
` 13.2.6 Disambiguating Multiple Responses ........................84
` 13.3 Validation Model ............................................85
` 13.3.1 Last-Modified Dates ......................................86
`
`Fielding, et al. Standards Track [Page 4]
`RFC 2616 HTTP/1.1 June 1999
`
` 13.3.2 Entity Tag Cache Validators ..............................86
` 13.3.3 Weak and Strong Validators ...............................86
` 13.3.4 Rules for When to Use Entity Tags and Last-Modified Dates.89
` 13.3.5 Non-validating Conditionals ..............................90
` 13.4 Response Cacheability .......................................91
` 13.5 Constructing Responses From Caches ..........................92
` 13.5.1 End-to-end and Hop-by-hop Headers ........................92
` 13.5.2 Non-modifiable Headers ...................................92
` 13.5.3 Combining Headers ........................................94
` 13.5.4 Combining Byte Ranges ....................................95
` 13.6 Caching Negotiated Responses ................................95
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 5 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 6 of 9
`
` 13.7 Shared and Non-Shared Caches ................................96
` 13.8 Errors or Incomplete Response Cache Behavior ................97
` 13.9 Side Effects of GET and HEAD ................................97
` 13.10 Invalidation After Updates or Deletions ...................97
` 13.11 Write-Through Mandatory ...................................98
` 13.12 Cache Replacement .........................................99
` 13.13 History Lists .............................................99
` 14 Header Field Definitions ....................................100
` 14.1 Accept .....................................................100
` 14.2 Accept-Charset .............................................102
` 14.3 Accept-Encoding ............................................102
` 14.4 Accept-Language ............................................104
` 14.5 Accept-Ranges ..............................................105
` 14.6 Age ........................................................106
` 14.7 Allow ......................................................106
` 14.8 Authorization ..............................................107
` 14.9 Cache-Control ..............................................108
` 14.9.1 What is Cacheable .......................................109
` 14.9.2 What May be Stored by Caches ............................110
` 14.9.3 Modifications of the Basic Expiration Mechanism .........111
` 14.9.4 Cache Revalidation and Reload Controls ..................113
` 14.9.5 No-Transform Directive ..................................115
` 14.9.6 Cache Control Extensions ................................116
` 14.10 Connection ...............................................117
` 14.11 Content-Encoding .........................................118
` 14.12 Content-Language .........................................118
` 14.13 Content-Length ...........................................119
` 14.14 Content-Location .........................................120
` 14.15 Content-MD5 ..............................................121
` 14.16 Content-Range ............................................122
` 14.17 Content-Type .............................................124
` 14.18 Date .....................................................124
` 14.18.1 Clockless Origin Server Operation ......................125
` 14.19 ETag .....................................................126
` 14.20 Expect ...................................................126
` 14.21 Expires ..................................................127
` 14.22 From .....................................................128
`
`Fielding, et al. Standards Track [Page 5]
`RFC 2616 HTTP/1.1 June 1999
`
` 14.23 Host .....................................................128
` 14.24 If-Match .................................................129
` 14.25 If-Modified-Since ........................................130
` 14.26 If-None-Match ............................................132
` 14.27 If-Range .................................................133
` 14.28 If-Unmodified-Since ......................................134
` 14.29 Last-Modified ............................................134
` 14.30 Location .................................................135
` 14.31 Max-Forwards .............................................136
` 14.32 Pragma ...................................................136
` 14.33 Proxy-Authenticate .......................................137
` 14.34 Proxy-Authorization ......................................137
` 14.35 Range ....................................................138
` 14.35.1 Byte Ranges ...........................................138
` 14.35.2 Range Retrieval Requests ..............................139
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 6 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 7 of 9
`
` 14.36 Referer ..................................................140
` 14.37 Retry-After ..............................................141
` 14.38 Server ...................................................141
` 14.39 TE .......................................................142
` 14.40 Trailer ..................................................143
` 14.41 Transfer-Encoding..........................................143
` 14.42 Upgrade ..................................................144
` 14.43 User-Agent ...............................................145
` 14.44 Vary .....................................................145
` 14.45 Via ......................................................146
` 14.46 Warning ..................................................148
` 14.47 WWW-Authenticate .........................................150
` 15 Security Considerations .......................................150
` 15.1 Personal Information....................................151
` 15.1.1 Abuse of Server Log Information .........................151
` 15.1.2 Transfer of Sensitive Information .......................151
` 15.1.3 Encoding Sensitive Information in URI's .................152
` 15.1.4 Privacy Issues Connected to Accept Headers ..............152
` 15.2 Attacks Based On File and Path Names .......................153
` 15.3 DNS Spoofing ...............................................154
` 15.4 Location Headers and Spoofing ..............................154
` 15.5 Content-Disposition Issues .................................154
` 15.6 Authentication Credentials and Idle Clients ................155
` 15.7 Proxies and Caching ........................................155
` 15.7.1 Denial of Service Attacks on Proxies....................156
` 16 Acknowledgments .............................................156
` 17 References ..................................................158
` 18 Authors' Addresses ..........................................162
` 19 Appendices ..................................................164
` 19.1 Internet Media Type message/http and application/http ......164
` 19.2 Internet Media Type multipart/byteranges ...................165
` 19.3 Tolerant Applications ......................................166
` 19.4 Differences Between HTTP Entities and RFC 2045 Entities ....167
`
`Fielding, et al. Standards Track [Page 6]
`RFC 2616 HTTP/1.1 June 1999
`
` 19.4.1 MIME-Version ............................................167
` 19.4.2 Conversion to Canonical Form ............................167
` 19.4.3 Conversion of Date Formats ..............................168
` 19.4.4 Introduction of Content-Encoding ........................168
` 19.4.5 No Content-Transfer-Encoding ............................168
` 19.4.6 Introduction of Transfer-Encoding .......................169
` 19.4.7 MHTML and Line Length Limitations .......................169
` 19.5 Additional Features ........................................169
` 19.5.1 Content-Disposition .....................................170
` 19.6 Compatibility with Previous Versions .......................170
` 19.6.1 Changes from HTTP/1.0 ...................................171
` 19.6.2 Compatibility with HTTP/1.0 Persistent Connections ......172
` 19.6.3 Changes from RFC 2068 ...................................172
` 20 Index .......................................................175
` 21 Full Copyright Statement ....................................176
`1 Introduction
`1.1 Purpose
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 92 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 8 of 9
`
` on the URI in a Location or Content-Location header MUST only be
` performed if the host part is the same as in the Request-URI.
` A cache that passes through requests for methods it does not
` understand SHOULD invalidate any entities referred to by the
` Request-URI.
`13.11 Write-Through Mandatory
` All methods that might be expected to cause modifications to the
` origin server's resources MUST be written through to the origin
` server. This currently includes all methods except for GET and HEAD.
` A cache MUST NOT reply to such a request from a client before having
` transmitted the request to the inbound server, and having received a
` corresponding response from the inbound server. This does not prevent
` a proxy cache from sending a 100 (Continue) response before the
` inbound server has sent its final reply.
` The alternative (known as "write-back" or "copy-back" caching) is not
` allowed in HTTP/1.1, due to the difficulty of providing consistent
` updates and the problems arising from server, cache, or network
` failure prior to write-back.
`
`Fielding, et al. Standards Track [Page 98]
`RFC 2616 HTTP/1.1 June 1999
`
`13.12 Cache Replacement
` If a new cacheable (see sections 14.9.2, 13.2.5, 13.2.6 and 13.8)
` response is received from a resource while any existing responses for
` the same resource are cached, the cache SHOULD use the new response
` to reply to the current request. It MAY insert it into cache storage
` and MAY, if it meets all other requirements, use it to respond to any
` future requests that would previously have caused the old response to
` be returned. If it inserts the new response into cache storage the
` rules in section 13.5.3 apply.
` Note: a new response that has an older Date header value than
` existing cached responses is not cacheable.
`13.13 History Lists
` User agents often have history mechanisms, such as "Back" buttons and
` history lists, which can be used to redisplay an entity retrieved
` earlier in a session.
` History mechanisms and caches are different. In particular history
` mechanisms SHOULD NOT try to show a semantically transparent view of
` the current state of a resource. Rather, a history mechanism is meant
` to show exactly what the user saw at the time when the resource was
` retrieved.
` By default, an expiration time does not apply to history mechanisms.
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 93 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 9 of 9
`
` If the entity is still in storage, a history mechanism SHOULD display
` it even if the entity has expired, unless the user has specifically
` configured the agent to refresh expired history documents.
` This is not to be construed to prohibit the history mechanism from
` telling the user that a view might be stale.
` Note: if history list mechanisms unnecessarily prevent users from
` viewing stale resources, this will tend to force service authors
` to avoid using HTTP expiration controls and cache controls when
` they would otherwise like to. Service authors may consider it
` important that users not be presented with error messages or
` warning messages when they use navigation controls (such as BACK)
` to view previously fetched resources. Even though sometimes such
` resources ought not to cached, or ought to expire quickly, user
` interface considerations may force service authors to resort to
` other means of preventing caching (e.g. "once-only" URLs) in order
` not to suffer the effects of improperly functioning history
` mechanisms.
`
`Fielding, et al. Standards Track [Page 99]
`RFC 2616 HTTP/1.1 June 1999
`
`14 Header Field Definitions
` This section defines the syntax and semantics of all standard
` HTTP/1.1 header fields. For entity-header fields, both sender and
` recipient refer to either the client or the server, depending on who
` sends and who receives the entity.
`14.1 Accept
` The Accept request-header field can be used to specify certain media
` types which are acceptable for the response. Accept headers can be
` used to indicate that the request is specifically limited to a small
` set of desired types, as in the case of a request for an in-line
` image.
` Accept = "Accept" ":"
` #( media-range [ accept-params ] )
` media-range = ( "*/*"
` | ( type "/" "*" )
` | ( type "/" subtype )
` ) *( ";" parameter )
` accept-params = ";" "q" "=" qvalue *( accept-extension )
` accept-extension = ";" token [ "=" ( token | quoted-string ) ]
` The asterisk "*" character is used to group media types into ranges,
` with "*/*" indicating all media types and "type/*" indicating all
` subtypes of that type. The media-range MAY include media type
` parameters that are applicable to that range.
` Each media-range MAY be followed by one or more accept-params,
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
