`Case 5:18-md-02834—BLF Document 521-3 Filed 09/06/19 Page 1 of 9
`
`
`
`EXHIBIT 2
`
`
`EXHIBIT 2
`
`
`
`
`
`Page 1 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 2 of 9
`
`Network Working Group R. Fielding
`Request for Comments: 2616 UC Irvine
`Obsoletes: 2068 J. Gettys
`Category: Standards Track Compaq/W3C
` J. Mogul
` Compaq
` H. Frystyk
` W3C/MIT
` L. Masinter
` Xerox
` P. Leach
` Microsoft
` T. Berners-Lee
` W3C/MIT
` June 1999
`
` Hypertext Transfer Protocol -- HTTP/1.1
`Status of this Memo
` This document specifies an Internet standards track protocol for the
` Internet community, and requests discussion and suggestions for
` improvements. Please refer to the current edition of the "Internet
` Official Protocol Standards" (STD 1) for the standardization state
` and status of this protocol. Distribution of this memo is unlimited.
`Copyright Notice
` Copyright (C) The Internet Society (1999). All Rights Reserved.
`Abstract
` The Hypertext Transfer Protocol (HTTP) is an application-level
` protocol for distributed, collaborative, hypermedia information
` systems. It is a generic, stateless, protocol which can be used for
` many tasks beyond its use for hypertext, such as name servers and
` distributed object management systems, through extension of its
` request methods, error codes and headers [47]. A feature of HTTP is
` the typing and negotiation of data representation, allowing systems
` to be built independently of the data being transferred.
` HTTP has been in use by the World-Wide Web global information
` initiative since 1990. This specification defines the protocol
` referred to as "HTTP/1.1", and is an update to RFC 2068 [33].
`
`Fielding, et al. Standards Track [Page 1]
`RFC 2616 HTTP/1.1 June 1999
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 2 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 3 of 9
`
`Table of Contents
` 1 Introduction ...................................................7
` 1.1 Purpose......................................................7
` 1.2 Requirements .................................................8
` 1.3 Terminology ..................................................8
` 1.4 Overall Operation ...........................................12
` 2 Notational Conventions and Generic Grammar ....................14
` 2.1 Augmented BNF ...............................................14
` 2.2 Basic Rules .................................................15
` 3 Protocol Parameters ...........................................17
` 3.1 HTTP Version ................................................17
` 3.2 Uniform Resource Identifiers ................................18
` 3.2.1 General Syntax ...........................................19
` 3.2.2 http URL .................................................19
` 3.2.3 URI Comparison ...........................................20
` 3.3 Date/Time Formats ...........................................20
` 3.3.1 Full Date ................................................20
` 3.3.2 Delta Seconds ............................................21
` 3.4 Character Sets ..............................................21
` 3.4.1 Missing Charset ..........................................22
` 3.5 Content Codings .............................................23
` 3.6 Transfer Codings ............................................24
` 3.6.1 Chunked Transfer Coding ..................................25
` 3.7 Media Types .................................................26
` 3.7.1 Canonicalization and Text Defaults .......................27
` 3.7.2 Multipart Types ..........................................27
` 3.8 Product Tokens ..............................................28
` 3.9 Quality Values ..............................................29
` 3.10 Language Tags ...............................................29
` 3.11 Entity Tags .................................................30
` 3.12 Range Units .................................................30
` 4 HTTP Message ..................................................31
` 4.1 Message Types ...............................................31
` 4.2 Message Headers .............................................31
` 4.3 Message Body ................................................32
` 4.4 Message Length ..............................................33
` 4.5 General Header Fields .......................................34
` 5 Request .......................................................35
` 5.1 Request-Line ................................................35
` 5.1.1 Method ...................................................36
` 5.1.2 Request-URI ..............................................36
` 5.2 The Resource Identified by a Request ........................38
` 5.3 Request Header Fields .......................................38
` 6 Response ......................................................39
` 6.1 Status-Line .................................................39
` 6.1.1 Status Code and Reason Phrase ............................39
` 6.2 Response Header Fields ......................................41
`
`Fielding, et al. Standards Track [Page 2]
`RFC 2616 HTTP/1.1 June 1999
`
` 7 Entity ........................................................42
` 7.1 Entity Header Fields ........................................42
` 7.2 Entity Body .................................................43
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 3 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 4 of 9
`
` 7.2.1 Type .....................................................43
` 7.2.2 Entity Length ............................................43
` 8 Connections ...................................................44
` 8.1 Persistent Connections ......................................44
` 8.1.1 Purpose ..................................................44
` 8.1.2 Overall Operation ........................................45
` 8.1.3 Proxy Servers ............................................46
` 8.1.4 Practical Considerations .................................46
` 8.2 Message Transmission Requirements ...........................47
` 8.2.1 Persistent Connections and Flow Control ..................47
` 8.2.2 Monitoring Connections for Error Status Messages .........48
` 8.2.3 Use of the 100 (Continue) Status .........................48
` 8.2.4 Client Behavior if Server Prematurely Closes Connection ..50
` 9 Method Definitions ............................................51
` 9.1 Safe and Idempotent Methods .................................51
` 9.1.1 Safe Methods .............................................51
` 9.1.2 Idempotent Methods .......................................51
` 9.2 OPTIONS .....................................................52
` 9.3 GET .........................................................53
` 9.4 HEAD ........................................................54
` 9.5 POST ........................................................54
` 9.6 PUT .........................................................55
` 9.7 DELETE ......................................................56
` 9.8 TRACE .......................................................56
` 9.9 CONNECT .....................................................57
` 10 Status Code Definitions ......................................57
` 10.1 Informational 1xx ...........................................57
` 10.1.1 100 Continue .............................................58
` 10.1.2 101 Switching Protocols ..................................58
` 10.2 Successful 2xx ..............................................58
` 10.2.1 200 OK ...................................................58
` 10.2.2 201 Created ..............................................59
` 10.2.3 202 Accepted .............................................59
` 10.2.4 203 Non-Authoritative Information ........................59
` 10.2.5 204 No Content ...........................................60
` 10.2.6 205 Reset Content ........................................60
` 10.2.7 206 Partial Content ......................................60
` 10.3 Redirection 3xx .............................................61
` 10.3.1 300 Multiple Choices .....................................61
` 10.3.2 301 Moved Permanently ....................................62
` 10.3.3 302 Found ................................................62
` 10.3.4 303 See Other ............................................63
` 10.3.5 304 Not Modified .........................................63
` 10.3.6 305 Use Proxy ............................................64
` 10.3.7 306 (Unused) .............................................64
`
`Fielding, et al. Standards Track [Page 3]
`RFC 2616 HTTP/1.1 June 1999
`
` 10.3.8 307 Temporary Redirect ...................................65
` 10.4 Client Error 4xx ............................................65
` 10.4.1 400 Bad Request .........................................65
` 10.4.2 401 Unauthorized ........................................66
` 10.4.3 402 Payment Required ....................................66
` 10.4.4 403 Forbidden ...........................................66
` 10.4.5 404 Not Found ...........................................66
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 4 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 5 of 9
`
` 10.4.6 405 Method Not Allowed ..................................66
` 10.4.7 406 Not Acceptable ......................................67
` 10.4.8 407 Proxy Authentication Required .......................67
` 10.4.9 408 Request Timeout .....................................67
` 10.4.10 409 Conflict ............................................67
` 10.4.11 410 Gone ................................................68
` 10.4.12 411 Length Required .....................................68
` 10.4.13 412 Precondition Failed .................................68
` 10.4.14 413 Request Entity Too Large ............................69
` 10.4.15 414 Request-URI Too Long ................................69
` 10.4.16 415 Unsupported Media Type ..............................69
` 10.4.17 416 Requested Range Not Satisfiable .....................69
` 10.4.18 417 Expectation Failed ..................................70
` 10.5 Server Error 5xx ............................................70
` 10.5.1 500 Internal Server Error ................................70
` 10.5.2 501 Not Implemented ......................................70
` 10.5.3 502 Bad Gateway ..........................................70
` 10.5.4 503 Service Unavailable ..................................70
` 10.5.5 504 Gateway Timeout ......................................71
` 10.5.6 505 HTTP Version Not Supported ...........................71
` 11 Access Authentication ........................................71
` 12 Content Negotiation ..........................................71
` 12.1 Server-driven Negotiation ...................................72
` 12.2 Agent-driven Negotiation ....................................73
` 12.3 Transparent Negotiation .....................................74
` 13 Caching in HTTP ..............................................74
` 13.1.1 Cache Correctness ........................................75
` 13.1.2 Warnings .................................................76
` 13.1.3 Cache-control Mechanisms .................................77
` 13.1.4 Explicit User Agent Warnings .............................78
` 13.1.5 Exceptions to the Rules and Warnings .....................78
` 13.1.6 Client-controlled Behavior ...............................79
` 13.2 Expiration Model ............................................79
` 13.2.1 Server-Specified Expiration ..............................79
` 13.2.2 Heuristic Expiration .....................................80
` 13.2.3 Age Calculations .........................................80
` 13.2.4 Expiration Calculations ..................................83
` 13.2.5 Disambiguating Expiration Values .........................84
` 13.2.6 Disambiguating Multiple Responses ........................84
` 13.3 Validation Model ............................................85
` 13.3.1 Last-Modified Dates ......................................86
`
`Fielding, et al. Standards Track [Page 4]
`RFC 2616 HTTP/1.1 June 1999
`
` 13.3.2 Entity Tag Cache Validators ..............................86
` 13.3.3 Weak and Strong Validators ...............................86
` 13.3.4 Rules for When to Use Entity Tags and Last-Modified Dates.89
` 13.3.5 Non-validating Conditionals ..............................90
` 13.4 Response Cacheability .......................................91
` 13.5 Constructing Responses From Caches ..........................92
` 13.5.1 End-to-end and Hop-by-hop Headers ........................92
` 13.5.2 Non-modifiable Headers ...................................92
` 13.5.3 Combining Headers ........................................94
` 13.5.4 Combining Byte Ranges ....................................95
` 13.6 Caching Negotiated Responses ................................95
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 5 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 6 of 9
`
` 13.7 Shared and Non-Shared Caches ................................96
` 13.8 Errors or Incomplete Response Cache Behavior ................97
` 13.9 Side Effects of GET and HEAD ................................97
` 13.10 Invalidation After Updates or Deletions ...................97
` 13.11 Write-Through Mandatory ...................................98
` 13.12 Cache Replacement .........................................99
` 13.13 History Lists .............................................99
` 14 Header Field Definitions ....................................100
` 14.1 Accept .....................................................100
` 14.2 Accept-Charset .............................................102
` 14.3 Accept-Encoding ............................................102
` 14.4 Accept-Language ............................................104
` 14.5 Accept-Ranges ..............................................105
` 14.6 Age ........................................................106
` 14.7 Allow ......................................................106
` 14.8 Authorization ..............................................107
` 14.9 Cache-Control ..............................................108
` 14.9.1 What is Cacheable .......................................109
` 14.9.2 What May be Stored by Caches ............................110
` 14.9.3 Modifications of the Basic Expiration Mechanism .........111
` 14.9.4 Cache Revalidation and Reload Controls ..................113
` 14.9.5 No-Transform Directive ..................................115
` 14.9.6 Cache Control Extensions ................................116
` 14.10 Connection ...............................................117
` 14.11 Content-Encoding .........................................118
` 14.12 Content-Language .........................................118
` 14.13 Content-Length ...........................................119
` 14.14 Content-Location .........................................120
` 14.15 Content-MD5 ..............................................121
` 14.16 Content-Range ............................................122
` 14.17 Content-Type .............................................124
` 14.18 Date .....................................................124
` 14.18.1 Clockless Origin Server Operation ......................125
` 14.19 ETag .....................................................126
` 14.20 Expect ...................................................126
` 14.21 Expires ..................................................127
` 14.22 From .....................................................128
`
`Fielding, et al. Standards Track [Page 5]
`RFC 2616 HTTP/1.1 June 1999
`
` 14.23 Host .....................................................128
` 14.24 If-Match .................................................129
` 14.25 If-Modified-Since ........................................130
` 14.26 If-None-Match ............................................132
` 14.27 If-Range .................................................133
` 14.28 If-Unmodified-Since ......................................134
` 14.29 Last-Modified ............................................134
` 14.30 Location .................................................135
` 14.31 Max-Forwards .............................................136
` 14.32 Pragma ...................................................136
` 14.33 Proxy-Authenticate .......................................137
` 14.34 Proxy-Authorization ......................................137
` 14.35 Range ....................................................138
` 14.35.1 Byte Ranges ...........................................138
` 14.35.2 Range Retrieval Requests ..............................139
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 6 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 7 of 9
`
` 14.36 Referer ..................................................140
` 14.37 Retry-After ..............................................141
` 14.38 Server ...................................................141
` 14.39 TE .......................................................142
` 14.40 Trailer ..................................................143
` 14.41 Transfer-Encoding..........................................143
` 14.42 Upgrade ..................................................144
` 14.43 User-Agent ...............................................145
` 14.44 Vary .....................................................145
` 14.45 Via ......................................................146
` 14.46 Warning ..................................................148
` 14.47 WWW-Authenticate .........................................150
` 15 Security Considerations .......................................150
` 15.1 Personal Information....................................151
` 15.1.1 Abuse of Server Log Information .........................151
` 15.1.2 Transfer of Sensitive Information .......................151
` 15.1.3 Encoding Sensitive Information in URI's .................152
` 15.1.4 Privacy Issues Connected to Accept Headers ..............152
` 15.2 Attacks Based On File and Path Names .......................153
` 15.3 DNS Spoofing ...............................................154
` 15.4 Location Headers and Spoofing ..............................154
` 15.5 Content-Disposition Issues .................................154
` 15.6 Authentication Credentials and Idle Clients ................155
` 15.7 Proxies and Caching ........................................155
` 15.7.1 Denial of Service Attacks on Proxies....................156
` 16 Acknowledgments .............................................156
` 17 References ..................................................158
` 18 Authors' Addresses ..........................................162
` 19 Appendices ..................................................164
` 19.1 Internet Media Type message/http and application/http ......164
` 19.2 Internet Media Type multipart/byteranges ...................165
` 19.3 Tolerant Applications ......................................166
` 19.4 Differences Between HTTP Entities and RFC 2045 Entities ....167
`
`Fielding, et al. Standards Track [Page 6]
`RFC 2616 HTTP/1.1 June 1999
`
` 19.4.1 MIME-Version ............................................167
` 19.4.2 Conversion to Canonical Form ............................167
` 19.4.3 Conversion of Date Formats ..............................168
` 19.4.4 Introduction of Content-Encoding ........................168
` 19.4.5 No Content-Transfer-Encoding ............................168
` 19.4.6 Introduction of Transfer-Encoding .......................169
` 19.4.7 MHTML and Line Length Limitations .......................169
` 19.5 Additional Features ........................................169
` 19.5.1 Content-Disposition .....................................170
` 19.6 Compatibility with Previous Versions .......................170
` 19.6.1 Changes from HTTP/1.0 ...................................171
` 19.6.2 Compatibility with HTTP/1.0 Persistent Connections ......172
` 19.6.3 Changes from RFC 2068 ...................................172
` 20 Index .......................................................175
` 21 Full Copyright Statement ....................................176
`1 Introduction
`1.1 Purpose
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 92 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 8 of 9
`
` on the URI in a Location or Content-Location header MUST only be
` performed if the host part is the same as in the Request-URI.
` A cache that passes through requests for methods it does not
` understand SHOULD invalidate any entities referred to by the
` Request-URI.
`13.11 Write-Through Mandatory
` All methods that might be expected to cause modifications to the
` origin server's resources MUST be written through to the origin
` server. This currently includes all methods except for GET and HEAD.
` A cache MUST NOT reply to such a request from a client before having
` transmitted the request to the inbound server, and having received a
` corresponding response from the inbound server. This does not prevent
` a proxy cache from sending a 100 (Continue) response before the
` inbound server has sent its final reply.
` The alternative (known as "write-back" or "copy-back" caching) is not
` allowed in HTTP/1.1, due to the difficulty of providing consistent
` updates and the problems arising from server, cache, or network
` failure prior to write-back.
`
`Fielding, et al. Standards Track [Page 98]
`RFC 2616 HTTP/1.1 June 1999
`
`13.12 Cache Replacement
` If a new cacheable (see sections 14.9.2, 13.2.5, 13.2.6 and 13.8)
` response is received from a resource while any existing responses for
` the same resource are cached, the cache SHOULD use the new response
` to reply to the current request. It MAY insert it into cache storage
` and MAY, if it meets all other requirements, use it to respond to any
` future requests that would previously have caused the old response to
` be returned. If it inserts the new response into cache storage the
` rules in section 13.5.3 apply.
` Note: a new response that has an older Date header value than
` existing cached responses is not cacheable.
`13.13 History Lists
` User agents often have history mechanisms, such as "Back" buttons and
` history lists, which can be used to redisplay an entity retrieved
` earlier in a session.
` History mechanisms and caches are different. In particular history
` mechanisms SHOULD NOT try to show a semantically transparent view of
` the current state of a resource. Rather, a history mechanism is meant
` to show exactly what the user saw at the time when the resource was
` retrieved.
` By default, an expiration time does not apply to history mechanisms.
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`
`
`Page 93 of 165
`Case 5:18-md-02834-BLF Document 521-3 Filed 09/06/19 Page 9 of 9
`
` If the entity is still in storage, a history mechanism SHOULD display
` it even if the entity has expired, unless the user has specifically
` configured the agent to refresh expired history documents.
` This is not to be construed to prohibit the history mechanism from
` telling the user that a view might be stale.
` Note: if history list mechanisms unnecessarily prevent users from
` viewing stale resources, this will tend to force service authors
` to avoid using HTTP expiration controls and cache controls when
` they would otherwise like to. Service authors may consider it
` important that users not be presented with error messages or
` warning messages when they use navigation controls (such as BACK)
` to view previously fetched resources. Even though sometimes such
` resources ought not to cached, or ought to expire quickly, user
` interface considerations may force service authors to resort to
` other means of preventing caching (e.g. "once-only" URLs) in order
` not to suffer the effects of improperly functioning history
` mechanisms.
`
`Fielding, et al. Standards Track [Page 99]
`RFC 2616 HTTP/1.1 June 1999
`
`14 Header Field Definitions
` This section defines the syntax and semantics of all standard
` HTTP/1.1 header fields. For entity-header fields, both sender and
` recipient refer to either the client or the server, depending on who
` sends and who receives the entity.
`14.1 Accept
` The Accept request-header field can be used to specify certain media
` types which are acceptable for the response. Accept headers can be
` used to indicate that the request is specifically limited to a small
` set of desired types, as in the case of a request for an in-line
` image.
` Accept = "Accept" ":"
` #( media-range [ accept-params ] )
` media-range = ( "*/*"
` | ( type "/" "*" )
` | ( type "/" subtype )
` ) *( ";" parameter )
` accept-params = ";" "q" "=" qvalue *( accept-extension )
` accept-extension = ";" token [ "=" ( token | quoted-string ) ]
` The asterisk "*" character is used to group media types into ranges,
` with "*/*" indicating all media types and "type/*" indicating all
` subtypes of that type. The media-range MAY include media type
` parameters that are applicable to that range.
` Each media-range MAY be followed by one or more accept-params,
`
`https://www.ietf.org/rfc/rfc2616.txt
`
`9/3/2019
`
`