14.22 From
The From request-header field, if given, SHOULD contain an Internet
e-mail address for the human user who controls the requesting user
agent. The address SHOULD be machine-usable, as defined by mailbox
in RFC 822 (as updated by RFC 1123 ):
From = "From" ":" mailbox
An example is:
From: webmaster@w3.org
This header field MAY be used for logging purposes and as a means for
identifying the source of invalid or unwanted requests. It SHOULD NOT
be used as an insecure form of access protection. The interpretation
of this field is that the request is being performed on behalf of the
person given, who accepts responsibility for the method performed. In
particular, robot agents SHOULD include this header so that the
person responsible for running the robot can be contacted if problems
occur on the receiving end.
Fielding, et. al. Standards Track [Page 118]
�
RFC 2068 HTTP/1.1 January 1997
The Internet e-mail address in this field MAY be separate from the
Internet host which issued the request. For example, when a request
is passed through a proxy the original issuer's address SHOULD be
used.
Note: The client SHOULD not send the From header field without the
user's approval, as it may conflict with the user's privacy
interests or their site's security policy. It is strongly
recommended that the user be able to disable, enable, and modify
the value of this field at any time prior to a request.
14.23 Host
The Host request-header field specifies the Internet host and port
number of the resource being requested, as obtained from the original
URL given by the user or referring resource (generally an HTTP URL,
as described in section 3.2.2). The Host field value MUST represent
the network location of the origin server or gateway given by the
original URL. This allows the origin server or gateway to
differentiate between internally-ambiguous URLs, such as the root "/"
URL of a server for multiple host names on a single IP address.
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
A "host" without any trailing port information implies the default
port for the service requested (e.g., "80" for an HTTP URL). For
example, a request on the origin server for
MUST include:
GET /pub/WWW/ HTTP/1.1
Host: www.w3.org
A client MUST include a Host header field in all HTTP/1.1 request
messages on the Internet (i.e., on any message corresponding to a
request for a URL which includes an Internet host address for the
service being requested). If the Host field is not already present,
an HTTP/1.1 proxy MUST add a Host field to the request message prior
to forwarding it on the Internet. All Internet-based HTTP/1.1 servers
MUST respond with a 400 status code to any HTTP/1.1 request message
which lacks a Host header field.
See sections 5.2 and 19.5.1 for other requirements relating to Host.