HTTP Status Codes Donnerstag, 13. Juni 2019 10:10   Erklärung zu Analyse :   Performance Analyse Tool :   Below you can find a list with a number of HTTP headers and a short description. Most of them are explained in more detail in further articles of this series. This list is far from complete, it just contains the most frequent ones.
Key Description Possible values(s)
Accept-Encoding This request header indicates the types of data encodings that are accepted by the browser. The value often indicates whether the browser is able to decode compressed resources or not, and if so, which type of compression.This header is described in more detail in part 16. gzip, deflate
Connection This header indicates whether if the connection can stay open for a next request. Opening a connection costs precious time, so it is never a good idea to open and close a connection with each request. Since HTTP/1.1 the default value is Keep-Alive but HTTP/1.1 also comes with a newer value, pipelining. Keep-Alive, pipelining
Cookie If cookies are enabled on the browser, this header contains the cookies applicable for the host.  
User-Agent This request header mentions the type of the browser and its version. This can be handy for the server if different rendering need to be applied based on the requesting browser. Mozilla/5.0 or Internet Explorer or Chrome
Host This response header contains the URL of the server.  
Expires This header is issued by the server to indicate until when a resource can be stored in the cache. As long as this date is not expired, the resource will be used from cache. As you will see in further articles, the availability of other headers can take precedence over the Expires header forcing the browser to execute a conditional GET.This is described in more detail in part 11 and part 13.  Date/time value
Cache-Control

This response header is issued by the server to indicate how long a resource will remain valid.Cache-Control can have the following values:

  • public: the resource can only be cached by clients

  • private: the resource can only be cached on the server

Cache-Control uses the max-age directive to specify how long a component can be cached. It defines the freshness window in seconds. If less than max-age seconds have passed since the component was requested, the browser will use the cached version, thus avoiding an additional HTTP request.

You could specify both response headers, Expires and Cache-Control max-age. If both are present, the HTTP specification dictates that the max-age directive will override the Expires header.

You can find more details in more detail in part 11.

  public, max-age=86400orprivate, max-age=0
Last-Modified The Last-Modified date is an HTTP response header that indicates when the requested resource was last modified. Read more about this in part 11 and part 12.  Date/time value
If-Modified-Since This is a request header that is used to ask the server to validate the requested resource. The date in this header will be the Last-Modified date that was received with the previous request.If the resource was modified since this date, the server will respond with a 200 OK status code and send the resource in the body; if the resource was not modified since this date, the server will respond with a 300 Not Modified status code to indicate that the browser can use the resource from its cache.More on this in part 11.  Date/time value
ETag Entity tags (ETags) are a mechanism that web servers and browsers use to validate cached components. ETags provide another way to evaluate and determine whether the component in the browser’s cache still matches the component or entity on the server.SharePoint has a specific way to calculate ETags. You can read more about this in part 13.  "11713e51210ce1:0"
If-None-Match This is a request header that is used to ask the server to validate the requested resource. The value in this header will be the ETag that was received with the previous request.If the resource was modified since last request, the server will respond with a 200 OK status code and send the resource in the body; if the resource was not modified since this date, the server will respond with a 300 Not Modified status code to indicate that the browser can use the resource from its cache.More on this in part 11.  "11713e51210ce1:0"
Referer This request header contains the URL of the page that contained the link the user is currently following to get to the current page.  
  Aus \<\> **Information responses[Section](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#Information_responses)** > [100 Continue](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/100) > > This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished. > > [101 Switching Protocol](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/101) > > This code is sent in response to an [Upgrade](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade) request header by the client, and indicates the protocol the server is switching to. > > [102 Processing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/102) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > This code indicates that the server has received and is processing the request, but no response is available yet. > > [103 Early Hints](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/103) > > This status code is primarily intended to be used with the [Link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link) header to allow the user agent to start preloading resources while the server is still preparing a response. **Successful responses[Section](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#Successful_responses)** > [200 OK](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/200) > > The request has succeeded. The meaning of a success varies depending on the HTTP method: > > GET: The resource has been fetched and is transmitted in the message body. > > HEAD: The entity headers are in the message body. > > PUT or POST: The resource describing the result of the action is transmitted in the message body. > > TRACE: The message body contains the request message as received by the server > > [201 Created](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/201) > > The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a POST request, or after some PUT requests. > > [202 Accepted](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/202) > > The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing. > > [203 Non-Authoritative Information](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/203) > > This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response. > > [204 No Content](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204) > > There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones. > > [205 Reset Content](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/205) > > This response code is sent after accomplishing request to tell user agent reset document view which sent this request. > > [206 Partial Content](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/206) > > This response code is used because of range header sent by the client to separate download into multiple streams. > > [207 Multi-Status](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/207) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate. > > [208 Multi-Status](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/208) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > Used inside a DAV: propstat response element to avoid enumerating the internal members of multiple bindings to the same collection repeatedly. > > [226 IM Used](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/226) ([HTTP Delta encoding](https://tools.ietf.org/html/rfc3229)) > > The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. **Redirection messages[Section](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#Redirection_messages)** > [300 Multiple Choice](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/300) > > The request has more than one possible response. The user-agent or user should choose one of them. There is no standardized way of choosing one of the responses. > > [301 Moved Permanently](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/301) > > This response code means that the URI of the requested resource has been changed permanently. Probably, the new URI would be given in the response. > > [302 Found](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302) > > This response code means that the URI of requested resource has been changed *temporarily*. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests. > > [303 See Other](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/303) > > The server sent this response to direct the client to get the requested resource at another URI with a GET request. > > [304 Not Modified](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/304) > > This is used for caching purposes. It tells the client that the response has not been modified, so the client can continue to use the same cached version of the response. > > 305 Use Proxy > > Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy. > > 306 unused > > This response code is no longer used, it is just reserved currently. It was used in a previous version of the HTTP 1.1 specification. > > [307 Temporary Redirect](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307) > > The server sends this response to direct the client to get the requested resource at another URI with same method that was used in the prior request. This has the same semantics as the 302 Found HTTP response code, with the exception that the user agent *must not* change the HTTP method used: If a POST was used in the first request, a POST must be used in the second request. > > [308 Permanent Redirect](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308) > > This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent *must not* change the HTTP method used: If a POST was used in the first request, a POST must be used in the second request. **Client error responses[Section](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#Client_error_responses)** > [400 Bad Request](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400) > > This response means that server could not understand the request due to invalid syntax. > > [401 Unauthorized](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/401) > > Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response. > > [402 Payment Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/402)  > > This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems, however this status code is used very rarely and no standard convention exists. > > [403 Forbidden](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403) > > The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client\'s identity is known to the server. > > [404 Not Found](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/404) > > The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web. > > [405 Method Not Allowed](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405) > > The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code. > > [406 Not Acceptable](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/406) > > This response is sent when the web server, after performing [server-driven content negotiation](https://developer.mozilla.org/en-US/docs/HTTP/Content_negotiation#Server-driven_negotiation), doesn\'t find any content following the criteria given by the user agent. > > [407 Proxy Authentication Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/407) > > This is similar to 401 but authentication is needed to be done by a proxy. > > [408 Request Timeout](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/408) > > This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message. > > [409 Conflict](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/409) > > This response is sent when a request conflicts with the current state of the server. > > [410 Gone](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/410) > > This response would be sent when the requested content has been permanently deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code. > > [411 Length Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/411) > > Server rejected the request because the Content-Length header field is not defined and the server requires it. > > [412 Precondition Failed](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/412) > > The client has indicated preconditions in its headers which the server does not meet. > > [413 Payload Too Large](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/413) > > Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field. > > [414 URI Too Long](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/414) > > The URI requested by the client is longer than the server is willing to interpret. > > [415 Unsupported Media Type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/415) > > The media format of the requested data is not supported by the server, so the server is rejecting the request. > > [416 Requested Range Not Satisfiable](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/416) > > The range specified by the Range header field in the request can\'t be fulfilled; it\'s possible that the range is outside the size of the target URI\'s data. > > [417 Expectation Failed](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/417) > > This response code means the expectation indicated by the Expect request header field can\'t be met by the server. > > [418 I\'m a teapot](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/418) > > The server refuses the attempt to brew coffee with a teapot. > > [421 Misdirected Request](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/421) > > The request was directed at a server that is not able to produce a response. This can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI. > > [422 Unprocessable Entity](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > The request was well-formed but was unable to be followed due to semantic errors. > > [423 Locked](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/423) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > The resource that is being accessed is locked. > > [424 Failed Dependency](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/424) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > The request failed due to failure of a previous request. > > [425 Too Early](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/425) > > Indicates that the server is unwilling to risk processing a request that might be replayed. > > [426 Upgrade Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/426) > > The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol. The server sends an [Upgrade](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade) header in a 426 response to indicate the required protocol(s). > > [428 Precondition Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/428) > > The origin server requires the request to be conditional. Intended to prevent the \'lost update\' problem, where a client GETs a resource\'s state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict. > > [429 Too Many Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429) > > The user has sent too many requests in a given amount of time (\"rate limiting\"). > > [431 Request Header Fields Too Large](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/431) > > The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields. > > [451 Unavailable For Legal Reasons](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/451) > > The user requests an illegal resource, such as a web page censored by a government. **Server error responses[Section](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#Server_error_responses)** > [500 Internal Server Error](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/500) > > The server has encountered a situation it doesn\'t know how to handle. > > [501 Not Implemented](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/501) > > The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD. > > [502 Bad Gateway](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502) > > This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response. > > [503 Service Unavailable](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/503) > > The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached. > > [504 Gateway Timeout](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/504) > > This error response is given when the server is acting as a gateway and cannot get a response in time. > > [505 HTTP Version Not Supported](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/505) > > The HTTP version used in the request is not supported by the server. > > [506 Variant Also Negotiates](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/506) > > The server has an internal configuration error: transparent content negotiation for the request results in a circular reference. > > [507 Insufficient Storage](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/507) > > The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process. > > [508 Loop Detected](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/508) ([WebDAV](https://developer.mozilla.org/en-US/docs/Glossary/WebDAV)) > > The server detected an infinite loop while processing the request. > > [510 Not Extended](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/510) > > Further extensions to the request are required for the server to fulfill it. > > [511 Network Authentication Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/511) > > The 511 status code indicates that the client needs to authenticate to gain network access.   Aus \<\> **SharePoint headers** Additionally, each technology adds its own headers. Most of these headers are pure informational and have no additional value as to ease hackers work. In the screenshot of the HTTP response headers you can clearly see that the requested page is a SharePoint page.
Key Description Possible values(s)
Server This response header indicates the type of server that is used to host the web application. Microsoft-IIS/7.5
X-Powered-By This response header indicates the web technology that is used to develop the web site. ASP.NET
MicrosoftSharePointTeamServices This response header indicates the version of SharePoint installed on the servers. 14.0.0.6029
ResourceTag This response header contains a guid that references to a document. In fact, it is the ETag prefixed with RT:. It is of no use at all. RT:{F20AB0ED-A8A7-4BEC-B281-22E283EFCD97}
SPRequestGuid In general, you’ll find this response header on the first request where the page is requested. This GUID is the Log Correlation Id that you can use to go through the SharePoint log files to look for errors with that same GUID. f525a4a5-cd1a-4f9d-8c35-cba0089e3e60
X-SharePointHealthScore

This response header returns the health score of the server. It is calculated based on a number of performance counters. It is also related with the throthling mechanism in SharePoint 2010. A value higher than zero is an indication for the load balancer to redirect requests to other web front-ends or to queue GET requests.

You can read more about this header in a post of Michel Barneveld.

 0
As most of these headers are informational, you  can also remove them. This technique is discussed in more detail in part 12. BUT be aware that it is not a good idea to remove these ones: - **SPRequesetGuid**: this Guid is the correleation ID used in the SharePoint logs - **MicrosoftSharePointTeamServices**: removing this header will prevent search crawls from working correctly (It wouldn't be able to use sitedata.asmx to efficiently gather changes, and wouldn't have access to security information) - **X-SharePointHealtScore**   Aus \<\>